I'm using .NET Could myspace provide the sample code for the OAuth testing tool, since it is written in .NET?
Currently, using the OAuth library in C# from OAuth.net I can't seem to create a valid digital signature.

Here is what I currently have implemented:

OAuthBase OAuth1 = new OAuthBase();
Uri url1 = new Uri("http://api.msappspace.com/v1/users/30344243.xml");

string gd1 = System.Guid.NewGuid().ToString();
string nonce = OAuth1.GenerateNonce();
string timestamp = OAuth1.GenerateTimeStamp();
string str1 = OAuth1.GenerateSignature(url1, "http://www.myspace.com/329303884", "SECRETKEYHIDDEN", "", "", "GET", timestamp, nonce, OAuthBase.SignatureTypes.HMACSHA1);

Response.Redirect("http://api.msappspace.com/v1/users/30344243.xml?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_nonce=" + nonce + "&oauth_signature=" + Server.UrlEncode(str1) + "&oauth_signature_method=HMAC-SHA1&oauth_timestamp=" + timestamp + "&oauth_token=&oauth_version=1.0");

Right before the signature is hashed this is the format of the base string:

GET&http%3A%2F%2Fapi.msappspace.com%2Fv1%2Fusers%2F30344243.xml&oauth_consumer_key%3Dhttp%3A%2F%2Fwww.myspace.com%2F329303884%26oauth_nonce%3D7156086%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1202388862%26oauth_version%3D1.0&HIDDENSECRETKEY&

 Can anyone tell me what I am doing wrong... or is it the implementation from the OAuth sample code in C#?

Thanks!
Joseph

 

Have you run the test data from http://oauth.net/core/1.0/#sig_base_example thru your digital signature creation routine? Just to make sure your routine conforms to the OAuth standard, you should get a signature value of 'tR3+Ty81lMeYAr/Fid0kMTYa/WM='.

Not that this will solve your problem... my signature routine (python-based) produces the correct signature value, but I am still failing the authentication check (getting "HTTP Error 401: Unauthorized" returns), but at least you can tell MySpace that your routine conforms to the OAuth standard.

 

Jonathan 

 

 The signature will be different each timeit is generated especially the fact that timestamp is based on UTC. This is totalseconds since Jan 1 1970 and varies each time the routine is run, so it will never be a constant. we have an OAuthTool to which I suppose you have an access. This will help you resort to all your problems. 

http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx

Thanks,

-Rajiv

 

 

1. In your case I see that "&HIDDENSECRETKEY&" is appended at the last. The secret key should be used only to sign the base string and shouldn't participate in the string itself
2. 
   
3. Thanks!
   ~Rajiv

    

Thanks for the information Rajiv. With your information I believe I am doing it correct now, but it's still not producing a valid signature according to the endpoint response.

I'm actually just using the base class library that is linked from the www.oauth.net code page where they have all of their examples. It appears the class library in .NET from there was actually appending the consumerSecret in the parameters. Not sure if this intended or a bug, but I have commented it out so that it now looks like this:

GET&http%3A%2F%2Fapi.msappspace.com%2Fv1%2Fusers%2F30344243.xml&oauth_consumer_key%3Dhttp%3A%2F%2Fwww.myspace.com%2F329303884%26oauth_nonce%3D2611759%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1202427900%26oauth_token%3D%26oauth_version%3D1.0

Now obviously due to the epoch timestamp it will always be different, but if you were to run this string above through your computation of the hash... it's static so it should return the same value. Just so that we can compare and make sure it's the same... if mine is different than yours then we would know that there is an issue with how the signature is generating on my side.

This is the signature I get back after computing the hash with the methods in the C# OAuthBaseClass from http://oauth.net/code/

dW1P6ggRJf4Fw/D2epW1hFkc7ts=


Let me know.

 

Thanks so much,

Joseph

 

 I need to get the ConsumerSecret in order to generate the signature. The pseudocode should look like this

 

            HashAlgorithm hashAlgorithm = null;
            key = UrlEncode(string.Format("{0}&{1}", UrlEncode(consumerSecret), UrlEncode(tokenSecret)));
            string str = @"GET&http%3A%2F%2Fapi.msappspace.com%2Fv1%2Fusers%2F30344243.xml&oauth_consumer_key%3Dhttp%3A%2F%2Fwww.myspace.com%2F329303884%26oauth_nonce%3D2611759%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1202427900%26oauth_token%3D%26oauth_version%3D1.0";
            hashAlgorithm = new HMACSHA1(Encoding.UTF8.GetBytes(key));
           return Convert.ToBase64String(hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(str))));

this should tell you the hashing mechanism. also note that we use UTF8 encoding as opposed to ASCII 

Ahh 

The pseudo code is exactly like mine... except for the text encoding. Again since OAuth is pretty knew I am sure there are some differences which is why the class library had it set to ASCII instead of UTF8. Making progress but still don't seem to be there yet, because it still doesn't generate.

Well since it's a test application here is the consumer secret:

0a8102bd0e3c424ba3eef5ef1e43cd96

Here is the actual code, it varies from your pseudo code only because they class library from oauth.net passes the values into helper functions:

HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.UTF8.GetBytes(UrlEncode(string.Format("{0}&{1}", UrlEncode(consumerSecret), UrlEncode(tokenSecret))));
return GenerateSignatureUsingHash(signatureBase, hmacsha1);

public string GenerateSignatureUsingHash(string signatureBase, HashAlgorithm hash)
{
return ComputeHash(hash, signatureBase);
}


private string ComputeHash(HashAlgorithm hashAlgorithm, string data)
{

if (hashAlgorithm == null)
{
throw new ArgumentNullException("hashAlgorithm");
}

if (string.IsNullOrEmpty(data))
{
throw new ArgumentNullException("data");
}

byte[ dataBuffer = System.Text.Encoding.UTF8.GetBytes(data);
byte[ hashBytes = hashAlgorithm.ComputeHash(dataBuffer);
return Convert.ToBase64String(hashBytes);
}

 I got the signature as

CFtlRpxNSbOhblpLrqvomOiAGZU=

 

I get the same exact signature on my side... and compose the URL as follows

http://api.msappspace.com/v1/users/30344243.xml?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_nonce=2611759&oauth_signature=CFtlRpxNSbOhblpLrqvomOiAGZU%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202427900&oauth_token=&oauth_version=1.0

 Any other ideas?

Thanks!

Joseph

Try this - http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx

You can select different attributes on the page and make a post. Let me know if you have trouble getting this.

 I can't deduce any reasons why it is not working for you. but if I get more details, I'll try to look up myself.

Thanks,

-Rajiv

 

 

Yeah I have tried that link. It works great.

Do you have the code for that page? Can you provide the example that is there so that I can compare what I am doing differently?

I'm still trying to figure out what is going wrong. We compared signature's and they are exactly the same, the URL contains the exact same nonce and timestamp that was used in the base string along with the exact same consumer secret to generate the signature.

I assume that the final URL has to have the same timestamp and nonce as well as the other parameters that were hashed into the signature? (It is in my example).

So I really am unable to figure out what is going wrong... I do feel it has to do with the final URL construction.

-Joseph

rbannur:

Try this - http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx

I used the OAuth Tool and it generated the following URL (which returned valid json data):

http://api.msappspace.com/v1/users/321144008.json?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329910273&oauth_nonce=7a0daa2b-5967-4417-a791-0409e9a2d182&oauth_signature=tQ%2Bx6LSsHwNkdH2PXneBwm5vavE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202436926&oauth_token=&oauth_version=1.0

Which is almost the same as the url my code puts out (which generates a 401 error):

http://api.msappspace.com/v1/users/321144008.json?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329910273&oauth_nonce=c141e3a7528fcd7ffcebfba34be55772d48f&oauth_signature=yYhsIUDrpEstRhvssbL1yxSM96U%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202437082&oauth_token=&oauth_version=1.0

So the input variables must be ok, so it must be something in the digital signature or some field in the URL is not being built correctly, but I am running out of ideas...

Jonathan

rbannur:

Try this - http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx

I used the OAuth Tool and it generated the following URL (which returned valid json data):

http://api.msappspace.com/v1/users/321144008.json?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329910273&oauth_nonce=7a0daa2b-5967-4417-a791-0409e9a2d182&oauth_signature=tQ%2Bx6LSsHwNkdH2PXneBwm5vavE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202436926&oauth_token=&oauth_version=1.0

Which is almost the same as the url my code puts out (which generates a 401 error):

http://api.msappspace.com/v1/users/321144008.json?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329910273&oauth_nonce=c141e3a7528fcd7ffcebfba34be55772d48f&oauth_signature=yYhsIUDrpEstRhvssbL1yxSM96U%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202437082&oauth_token=&oauth_version=1.0

So the input variables must be ok, so it must be something in the digital signature or some field in the URL is not being built correctly, but I am running out of ideas...

Jonathan

rbannur:

Try this - http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx

I used the OAuth Tool and it generated the following URL (which returned valid json data):

http://api.msappspace.com/v1/users/321144008.json?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329910273&oauth_nonce=7a0daa2b-5967-4417-a791-0409e9a2d182&oauth_signature=tQ%2Bx6LSsHwNkdH2PXneBwm5vavE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202436926&oauth_token=&oauth_version=1.0

Which is almost the same as the url my code puts out (which generates a 401 error):

http://api.msappspace.com/v1/users/321144008.json?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329910273&oauth_nonce=c141e3a7528fcd7ffcebfba34be55772d48f&oauth_signature=yYhsIUDrpEstRhvssbL1yxSM96U%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202437082&oauth_token=&oauth_version=1.0

So the input variables must be ok, so it must be something in the digital signature or some field in the URL is not being built correctly, but I am running out of ideas...

Jonathan

webphreak:

So I really am unable to figure out what is going wrong... I do feel it has to do with the final URL construction.

Have you tried urlencoding the signature before you add it to the URL?

Jonathan