I found the problem. I was doubly-URL-encoding the signature. You
see the Uri.EscapeDataString at the end of my GetSignature method?
Well the method that calls GetSignature does its own escaping as
well. So it was corrupting the signature. All is well now. Thanks
for your fast responses!
On Sep 29, 3:34 pm, Andrew Arnott <[EMAIL PROTECTED]> wrote:
> Thanks, Eric. Here is the C# code:
>
> protected override string
> GetSignature(ITamperResistantOAuthMessage
> message) {
> string key = GetConsumerAndTokenSecretString(message);
> HashAlgorithm hasher = new
> HMACSHA1(Encoding.ASCII.GetBytes(key));
> string baseString =
> ConstructSignatureBaseString(message);
> Logger.DebugFormat("Signing message with signature
> base string:
> {0}", baseString);
> byte[] digest =
> hasher.ComputeHash(Encoding.ASCII.GetBytes(baseString));
> return
> Uri.EscapeDataString(Convert.ToBase64String(digest));
> }
>
> Note that ConstructSignatureBaseString can and does generate the same
> string that Google generates, so I think we can assume that works.
> The GetConsumerAndTokenSecretString is defined here:
>
> protected string
> GetConsumerAndTokenSecretString(ITamperResistantOAuthMessage message)
> {
> StringBuilder builder = new StringBuilder();
> if (!string.IsNullOrEmpty(message.ConsumerSecret)) {
>
> builder.Append(Uri.EscapeDataString(message.ConsumerSecret));
> }
> builder.Append("&");
> if (!string.IsNullOrEmpty(message.TokenSecret)) {
>
> builder.Append(Uri.EscapeDataString(message.TokenSecret));
> }
> return builder.ToString();
> }
>
> Does this give you any ideas?
>
> Thanks again
>
> On Sep 29, 2:50 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > Then it looks like you're not creating the oauth_signature correctly,
> > because everything else is in place.
>
> > Feel free to post the snippet of code that signs the base string
> > (with dummy values) and I'll take a look.
>
> > Thanks,
> > Eric
>
> > On Sep 29, 1:55 pm, Andrew Arnott <[EMAIL PROTECTED]> wrote:
>
> > > The same consumer key and secret, when plugged into googlecodesamples,
> > > works. I left that part out of my last email although I'd seen that
> > > behavior and was puzzled by why it works there and not in my own
> > > client.
>
> > > On Sep 29, 11:04 am, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > > Hi Andrew,
>
> > > > What happens if you use your own oauth_consumer_key and secret in the
> > > > OAuth Playground:http://googlecodesamples.com/oauth_playground/
>
> > > > (make sure to switch the oauth_signature_method to HMAC-SHA1)
>
> > > > Eric
>
> > > > On Sep 29, 8:10 am, "Andrew Arnott" <[EMAIL PROTECTED]> wrote:
>
> > > > > My signature base string: GET&https%3A%2F%2Fwww.google.com
> > > > > %2Faccounts%2FOAuthGetRequestToken&oauth_consumer_key%3Dnerdbank.org%26oauth_nonce%3DScayJb8F%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1222700601%26oauth_version%3D1.0%26scope%3Dhttp%253A%252F%
> > > > > 252Fwww.google.com%252Fm8%252Ffeeds%252F
>
> > > > > My signature: Vfj3%2FteRSd4gvDV2mQelo%2BsNcFI%3D
>
> > > > > The actual HTTP request:
> > > > > GEThttps://www.google.com/accounts/OAuthGetRequestToken?scope=http://www...
> > > > > Using Authorization header with these fields and values in it:
>
> > > > > oauth_signature_method: HMAC-SHA1
> > > > > oauth_consumer_key: nerdbank.org
> > > > > oauth_signature: Vfj3%2FteRSd4gvDV2mQelo%2BsNcFI%3D
> > > > > oauth_nonce: ScayJb8F
> > > > > oauth_version: 1.0
> > > > > oauth_timestamp: 1222700601
>
> > > > > Google seems to be reading all the parameters just fine, because it
> > > > > constructs an identical signature base string, which it sends back to
> > > > > me
> > > > > with a "signature invalid" message. If our signature base strings
> > > > > agree,
> > > > > and assuming the consumer key and secret are correct (which I've
> > > > > triple-checked), what else can go wrong here to result in Google
> > > > > saying the
> > > > > signature is invalid?
>
> > > > > Thanks.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Data Protocol" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/google-help-dataapi?hl=en
-~----------~----~----~----~------~----~------~--~---
