Thanks, Eric. Here is the C# code:
protected override string
GetSignature(ITamperResistantOAuthMessage
message) {
string key = GetConsumerAndTokenSecretString(message);
HashAlgorithm hasher = new
HMACSHA1(Encoding.ASCII.GetBytes(key));
string baseString =
ConstructSignatureBaseString(message);
Logger.DebugFormat("Signing message with signature base
string:
{0}", baseString);
byte[] digest =
hasher.ComputeHash(Encoding.ASCII.GetBytes(baseString));
return
Uri.EscapeDataString(Convert.ToBase64String(digest));
}
Note that ConstructSignatureBaseString can and does generate the same
string that Google generates, so I think we can assume that works.
The GetConsumerAndTokenSecretString is defined here:
protected string
GetConsumerAndTokenSecretString(ITamperResistantOAuthMessage message)
{
StringBuilder builder = new StringBuilder();
if (!string.IsNullOrEmpty(message.ConsumerSecret)) {
builder.Append(Uri.EscapeDataString(message.ConsumerSecret));
}
builder.Append("&");
if (!string.IsNullOrEmpty(message.TokenSecret)) {
builder.Append(Uri.EscapeDataString(message.TokenSecret));
}
return builder.ToString();
}
Does this give you any ideas?
Thanks again
On Sep 29, 2:50 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
> Then it looks like you're not creating the oauth_signature correctly,
> because everything else is in place.
>
> Feel free to post the snippet of code that signs the base string
> (with dummy values) and I'll take a look.
>
> Thanks,
> Eric
>
> On Sep 29, 1:55 pm, Andrew Arnott <[EMAIL PROTECTED]> wrote:
>
> > The same consumer key and secret, when plugged into googlecodesamples,
> > works. I left that part out of my last email although I'd seen that
> > behavior and was puzzled by why it works there and not in my own
> > client.
>
> > On Sep 29, 11:04 am, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > Hi Andrew,
>
> > > What happens if you use your own oauth_consumer_key and secret in the
> > > OAuth Playground:http://googlecodesamples.com/oauth_playground/
>
> > > (make sure to switch the oauth_signature_method to HMAC-SHA1)
>
> > > Eric
>
> > > On Sep 29, 8:10 am, "Andrew Arnott" <[EMAIL PROTECTED]> wrote:
>
> > > > My signature base string: GET&https%3A%2F%2Fwww.google.com
> > > > %2Faccounts%2FOAuthGetRequestToken&oauth_consumer_key%3Dnerdbank.org%26oauth_nonce%3DScayJb8F%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1222700601%26oauth_version%3D1.0%26scope%3Dhttp%253A%252F%
> > > > 252Fwww.google.com%252Fm8%252Ffeeds%252F
>
> > > > My signature: Vfj3%2FteRSd4gvDV2mQelo%2BsNcFI%3D
>
> > > > The actual HTTP request:
> > > > GEThttps://www.google.com/accounts/OAuthGetRequestToken?scope=http://www...
> > > > Using Authorization header with these fields and values in it:
>
> > > > oauth_signature_method: HMAC-SHA1
> > > > oauth_consumer_key: nerdbank.org
> > > > oauth_signature: Vfj3%2FteRSd4gvDV2mQelo%2BsNcFI%3D
> > > > oauth_nonce: ScayJb8F
> > > > oauth_version: 1.0
> > > > oauth_timestamp: 1222700601
>
> > > > Google seems to be reading all the parameters just fine, because it
> > > > constructs an identical signature base string, which it sends back to me
> > > > with a "signature invalid" message. If our signature base strings
> > > > agree,
> > > > and assuming the consumer key and secret are correct (which I've
> > > > triple-checked), what else can go wrong here to result in Google saying
> > > > the
> > > > signature is invalid?
>
> > > > Thanks.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Data Protocol" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/google-help-dataapi?hl=en
-~----------~----~----~----~------~----~------~--~---
