Thanks for reporting back Andrew. I'm sure this
code will help others.
Cheers,
Eric.
On Sep 29, 8:40 pm, Andrew Arnott <[EMAIL PROTECTED]> wrote:
> I found the problem. I was doubly-URL-encoding the signature. You
> see the Uri.EscapeDataString at the end of my GetSignature method?
> Well the method that calls GetSignature does its own escaping as
> well. So it was corrupting the signature. All is well now. Thanks
> for your fast responses!
>
> On Sep 29, 3:34 pm, Andrew Arnott <[EMAIL PROTECTED]> wrote:
>
> > Thanks, Eric. Here is the C# code:
>
> > protected override string
> > GetSignature(ITamperResistantOAuthMessage
> > message) {
> > string key =
> > GetConsumerAndTokenSecretString(message);
> > HashAlgorithm hasher = new
> > HMACSHA1(Encoding.ASCII.GetBytes(key));
> > string baseString =
> > ConstructSignatureBaseString(message);
> > Logger.DebugFormat("Signing message with signature
> > base string:
> > {0}", baseString);
> > byte[] digest =
> > hasher.ComputeHash(Encoding.ASCII.GetBytes(baseString));
> > return
> > Uri.EscapeDataString(Convert.ToBase64String(digest));
> > }
>
> > Note that ConstructSignatureBaseString can and does generate the same
> > string that Google generates, so I think we can assume that works.
> > The GetConsumerAndTokenSecretString is defined here:
>
> > protected string
> > GetConsumerAndTokenSecretString(ITamperResistantOAuthMessage message)
> > {
> > StringBuilder builder = new StringBuilder();
> > if (!string.IsNullOrEmpty(message.ConsumerSecret)) {
> >
> > builder.Append(Uri.EscapeDataString(message.ConsumerSecret));
> > }
> > builder.Append("&");
> > if (!string.IsNullOrEmpty(message.TokenSecret)) {
> >
> > builder.Append(Uri.EscapeDataString(message.TokenSecret));
> > }
> > return builder.ToString();
> > }
>
> > Does this give you any ideas?
>
> > Thanks again
>
> > On Sep 29, 2:50 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > Then it looks like you're not creating the oauth_signature correctly,
> > > because everything else is in place.
>
> > > Feel free to post the snippet of code that signs the base string
> > > (with dummy values) and I'll take a look.
>
> > > Thanks,
> > > Eric
>
> > > On Sep 29, 1:55 pm, Andrew Arnott <[EMAIL PROTECTED]> wrote:
>
> > > > The same consumer key and secret, when plugged into googlecodesamples,
> > > > works. I left that part out of my last email although I'd seen that
> > > > behavior and was puzzled by why it works there and not in my own
> > > > client.
>
> > > > On Sep 29, 11:04 am, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > > > Hi Andrew,
>
> > > > > What happens if you use your own oauth_consumer_key and secret in the
> > > > > OAuth Playground:http://googlecodesamples.com/oauth_playground/
>
> > > > > (make sure to switch the oauth_signature_method to HMAC-SHA1)
>
> > > > > Eric
>
> > > > > On Sep 29, 8:10 am, "Andrew Arnott" <[EMAIL PROTECTED]> wrote:
>
> > > > > > My signature base string: GET&https%3A%2F%2Fwww.google.com
> > > > > > %2Faccounts%2FOAuthGetRequestToken&oauth_consumer_key%3Dnerdbank.org%26oauth_nonce%3DScayJb8F%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1222700601%26oauth_version%3D1.0%26scope%3Dhttp%253A%252F%
> > > > > > 252Fwww.google.com%252Fm8%252Ffeeds%252F
>
> > > > > > My signature: Vfj3%2FteRSd4gvDV2mQelo%2BsNcFI%3D
>
> > > > > > The actual HTTP request:
> > > > > > GEThttps://www.google.com/accounts/OAuthGetRequestToken?scope=http://www...
> > > > > > Using Authorization header with these fields and values in it:
>
> > > > > > oauth_signature_method: HMAC-SHA1
> > > > > > oauth_consumer_key: nerdbank.org
> > > > > > oauth_signature: Vfj3%2FteRSd4gvDV2mQelo%2BsNcFI%3D
> > > > > > oauth_nonce: ScayJb8F
> > > > > > oauth_version: 1.0
> > > > > > oauth_timestamp: 1222700601
>
> > > > > > Google seems to be reading all the parameters just fine, because it
> > > > > > constructs an identical signature base string, which it sends back
> > > > > > to me
> > > > > > with a "signature invalid" message. If our signature base strings
> > > > > > agree,
> > > > > > and assuming the consumer key and secret are correct (which I've
> > > > > > triple-checked), what else can go wrong here to result in Google
> > > > > > saying the
> > > > > > signature is invalid?
>
> > > > > > Thanks.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Data Protocol" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/google-help-dataapi?hl=en
-~----------~----~----~----~------~----~------~--~---
