artstalker / devdefined-tools Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/devdefined-tools
Automatically exported from code.google.com/p/devdefined-tools
What steps will reproduce the problem?
1. use oauth with header based authentication
2. characters at the provider side are not urldecoded
3.
What is the expected output? What do you see instead?
exception that the oauth_verifier is rejected, while the different is because
of the missing decoding
What version of the product are you using? On what operating system?
Please provide any additional information below.
See the attachment which is a patch to fix this issue.
Original issue reported on code.google.com by [email protected]
on 30 Jul 2010 at 11:25
Attachments:
Hi,
I'm using DevDefined.OAuth .Net APIs for authorization. I went thru few forums
and understand that if content-type = "application/x-www-form-urlencoded", then
request body should be passed for signing. My request body will have current
system time.
CreateTime :BEFORE: 2012-02-09T00:00:00-08:00
While signing, this is encrypted as
"CreateTime%20%3ABEFORE%3A%202012-02-09T00%3A00%3A00-08%3A00", and my service
request is working perfectly. However when I try to use any timezone which have
"+" symbol [ ex : UTC + 05:00 ] i'm getting "signature_invalid" exception
message.
The reason behind is "+" sign is encrypted as "%2B", but "-" is NOT encrypted.
Original Request Body : CreateTime :BEFORE: 2012-02-09T00:00:00-08:00
Encrypted string :CreateTime%20%3ABEFORE%3A%202012-02-09T00%3A00%3A00-08%3A00
Result : Working fine.
Original Request Body : CreateTime :BEFORE: 2012-02-09T00:00:00+05:00
Encrypted string :CreateTime%20%3ABEFORE%3A%202012-02-09T00%3A00%3A00%2B05%3A00
Result : "signature_invalid" exception.
Any help?
Original issue reported on code.google.com by [email protected]
on 9 Feb 2012 at 11:37
What steps will reproduce the problem?
1. use the SignatureMethod.HmacSha1 method
What is the expected output? What do you see instead?
class DevDefined.OAuth.Framework.UriUtility
static QueryParameter ParseAuthorizationHeaderKeyValuePair(string value)
{
if (value.IndexOf('=') > -1)
{
string[] temp = value.Split('=');
return new QueryParameter(temp[0].Trim(), StripQuotes(temp[1]));
}
return new QueryParameter(value.Trim(), string.Empty);
}
If there is "=" in signature ,for example
"auth_signature=\"uZF3aYQFtyK0F1FFHY+w7/Be+m4=\""
expect:
string[] temp ={"auth_signature","uZF3aYQFtyK0F1FFHY+w7/Be+m4="}
But I get
string[] temp ={"auth_signature","\"uZF3aYQFtyK0F1FFHY+w7/Be+m4"}
What version of the product are you using? On what operating system?
Last trunk
Original issue reported on code.google.com by [email protected]
on 1 Jun 2010 at 8:58
Using the latest source in TRUNK.
When accessing a protected resource the library sends the
oauth_token_secret in the URI, or in the case of header based
authentication its sends it in the header.
oauth_token_secret should not be included in any requests to the provider
[1], this data is sensitive, and in the case of desktop applications where
the consumer secret is not secure it would allow an attacker to obtain
access to protected resources.
--- OAuth HTTP Request with the library ---
GET /statuses/friends_timeline.xml?count=50&since_id=1 HTTP/1.1
Authorization: OAuth
oauth_token="10471832-XMtqq0fl5bpFI5aiJjeopon4QpL9jcwRBwspyf...",oauth_token_sec
ret="vAwMlDtkbtkjxjtZhz8x3ngw4Vk3ZmvpHDAhVuMw",oauth_nonce="ac4cdbe3-98db-4017-a
9b3-e62ceb5eaf17",oauth_consumer_key="OxuuZnHZuTr6ZxjrL3yzQ",oauth_signature_met
hod="HMAC-SHA1",oauth_timestamp="1237476772",oauth_version="1.0",oauth_signature
="j29o0oSQhwW5yel7Vb9L7AeI8ks%3D"
Host: twitter.com
Connection: Keep-Alive
--- End of Request ---
I worked around this by editing line 235 and line 291 of OAuthContext.cs to
exclude Parameters.OAuth_Token_Secret:
AuthorizationHeaderParameters.ToQueryParameters().Where(q => q.Key !=
Parameters.Realm && q.Key != Parameters.OAuth_Token_Secret)
1. http://oauth.net/core/1.0/#anchor13
Original issue reported on code.google.com by [email protected]
on 19 Mar 2009 at 7:55
What steps will reproduce the problem?
1. Do a HTTP Post with Authorization Header
2.
3.
What is the expected output? What do you see instead?
Signature should be valid. Exception thrown that the Consumer Key is null.
What version of the product are you using? On what operating system?
Can't recall the version number, Win 2K3
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 25 Nov 2009 at 10:41
Please make IToken serializable
Original issue reported on code.google.com by [email protected]
on 5 May 2009 at 5:34
The PlainTextSignatureImplementation does an UriUtility.UrlEncode(..) for
the signature.
But the UriEncode.UrlEncode(..) is also called when adding the information
to the header of the request.
Original issue reported on code.google.com by [email protected]
on 10 Dec 2009 at 1:16
For support for e.g. .net webservice using oAuth, i need to pass raw xml to the
body of the request. This is not yet supported by Devdefined.
The attachment shows the patch how you can easily include the possibility to
enable passing raw content and the content type.
Original issue reported on code.google.com by [email protected]
on 30 Jul 2010 at 11:27
Attachments:
What steps will reproduce the problem?
1. Use 2 way auth with X509 certificate
2. Make an invalid request to a server with valid credentials
3. Server returns error 400 with a response body (in my case xml describing
the error)
4. In the catch section, attempt to use the following code
if (ex.Response != null)
{
using (StreamReader streamReader = new
StreamReader(ex.Response.GetResponseStream()))
{
Response = streamReader.ReadToEnd();
}
if (ex.Response is HttpWebResponse)
{
StatusCode = ((HttpWebResponse)ex.Response).StatusCode;
}
}
What is the expected output? What do you see instead?
I expect the ability to read from the stream. I get an exception instead
What version of the product are you using? On what operating system?
Latest trunk
Please provide any additional information below.
This appears to be a bug from the implementation of WebExceptionHelper.cs.
The helper reads the content stream before the exception is re-thrown to
the caller. As a result, the stream has been read to the end, and I'm
unable to retrieve the data I need. I'll be modifying the exception helper
to resolve this issue.
Original issue reported on code.google.com by [email protected]
on 31 Mar 2010 at 9:35
The OAuth 1.0a advisory was made in April/June - we need to update the
implementation to (optionally) support these changes, while still remaining
backward compatible with OAuth 1.0 implementations as well.
Original issue reported on code.google.com by [email protected]
on 30 Jul 2009 at 11:50
Originally reported by a library user via email - details as follows:
Hi Alex,
Hope you don’t mind some random punter emailing you about the OAuth code
you created..
Thanks for the code by the way, I was trying to do something similar but
you saved me a load of time.
I just have a quick query.. I am trying to get the RSA Implementation to
work but the validation keeps failing.
I copied the way you outlined in the google groops
(http://code.google.com/p/devdefined-tools/wiki/OAuthSignatureValidation)
and this is what I ended up with..
(I must add that I am using a local certificate I got from friendster and I
don’t have a consumer secret.)
OAuthContext context = new OAuthContextBuilder().FromHttpRequest(Request);
OAuthContextSigner signer = new OAuthContextSigner();
SigningContext signingContext = new SigningContext();
X509Certificate2 x509 = new
X509Certificate2(Server.MapPath("/Certs/friendster.crt"));
signingContext.Algorithm = (RSACryptoServiceProvider)x509.PublicKey.Key;
// if a certificate is associated with the consumer (for RSA-SHA1 etc.)
signingContext.ConsumerSecret = ""; // if there is a consumer secret
if (!signer.ValidateSignature(context, signingContext))
{
.
.
.
It seems quite straight forward but I can’t seem to get the signature to
validate correctly.. I also don’t have the private key, which means (i
think) that I can’t recreate the signature to help me test and find out
where I’m going wrong.
Anyways, any suggestions would be very much appreciated.. thanks again for
the code.
Kind regards,
Eoin
PollDaddy.com
Original issue reported on code.google.com by [email protected]
on 21 Sep 2008 at 10:15
What steps will reproduce the problem?
1. Submit a post with form fields where one form field is named UserId and
another is named action. Case is important.
What is the expected output? What do you see instead?
When the signature is constructured, the UserId parameter and value must come
before the action parameter. This is not the case in the current
implementation.
What version of the product are you using? On what operating system?
Please provide any additional information below.
Change UriUtility.cs with the below:
/// <summary>
/// Normalizes a sequence of key/value pair parameters as per the OAuth core specification.
/// </summary>
/// <param name="parameters"></param>
/// <returns></returns>
public static string NormalizeRequestParameters(IEnumerable<QueryParameter> parameters)
{
List<QueryParameter> orderedParameters = parameters
.Select(
x => new QueryParameter(x.Key, UrlEncode(x.Value))).ToList();
orderedParameters.Sort(SignatureBaseStringParameterComparer);
var builder = new StringBuilder();
foreach (var parameter in orderedParameters)
{
if (builder.Length > 0) builder.Append("&");
builder.Append(parameter.Key).Append("=").Append(parameter.Value);
}
return builder.ToString();
}
private static int SignatureBaseStringParameterComparer(QueryParameter left, QueryParameter right)
{
int result = string.CompareOrdinal(left.Key, right.Key);
if (result != 0)
{
return result;
}
return string.CompareOrdinal(left.Value, right.Value);
}
Original issue reported on code.google.com by [email protected]
on 17 Nov 2011 at 2:53
There's an issue with HttpWebRequest, in some environments (misconfigured
environments?), the first request on a HttpWebRequest instance takes
disproportional long, up to 30 and more seconds.
The problem seems to be the automatic proxy detection that HttpWebRequest
implicitly does.
I attached a patch that completely disables the proxy detection (sets the
HttpWebRequest.Proxy property to NULL).
This does the trick and the first request doesn't take longer than any other
request anymore.
Hope someone saves some time with this :)
Best Regards,
André
Original issue reported on code.google.com by [email protected]
on 8 Jul 2012 at 10:43
Attachments:
Hi,
I'm new bee. started using OAuth for my website. After 1 minute my session is
expiring.
How to increase the access token Expiry to 30mins?
Please help..!
Thanks in Advance.
Original issue reported on code.google.com by [email protected]
on 23 Dec 2010 at 12:26
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.