DotNetOpenAuth的DesktopConsumer ProcessUserAuthorization中的验证者是什么?

时间:2012-06-13 18:18:25

标签: c# oauth dotnetopenauth

我是DotNetOpenAuth的新手,我找不到在ProcessUserAuthorization中用作验证者的值。

我想要实现的是使用我的用户凭据登录到使用OAuth的应用程序(称为UserVoice)。这是我的代码的样子:

string requestToken;
var authorizeUri = consumer.RequestUserAuthorization(new Dictionary<string, string>(), null, out requestToken).AbsoluteUri;
var verifier = "???";
var accessToken = consumer.ProcessUserAuthorization(requestToken, verifier).AccessToken;
consumer.PrepareAuthorizedRequest(endpoint, accessToken, data).GetResponse();

我尝试使用我的用户名,密码,我的消费者密钥,我的消费者秘密,但似乎没有任何效果。有人知道我应该使用哪个值作为验证者吗?

由于

3 个答案:

答案 0 :(得分:2)

我终于找到了一种使用DotNetOpenAuth登录UserVoice的方法。我认为UserVoice的OAuth实现不是标准的,但我能够在此期间完成:

var consumer = new DesktopConsumer(this.GetInitialServiceDescription(), this._manager)
string requestToken;
consumer.RequestUserAuthorization(null, null, out requestToken);

// get authentication token
var extraParameters = new Dictionary<string, string>
{
    { "email", this._email },
    { "password", this._password },
    { "request_token", requestToken },
};

consumer = new DesktopConsumer(this.GetSecondaryServiceDescription(), this._manager);
consumer.RequestUserAuthorization(extraParameters, null, out requestToken);

GetInitialServiceDescription返回良好请求描述,GetSecondaryServiceDescription是黑客版本,并返回授权端点代替请求令牌端点。以这种方式返回的“request_token”(这不是我对OAuth理解的正常request_token)可以用作PrepareAuthorizedRequest的访问令牌。

答案 1 :(得分:0)

验证程序是UserVoice在用户表示要授权您的应用程序后在屏幕上显示的代码。用户必须将此验证程序代码从网站复制并粘贴回应用程序的GUI,以便它可以将其传递到ProcessUserAuthorization方法。

这仅在OAuth 1.0a(不是1.0)中需要,并且可以缓解1.0中发现的某些可利用攻击。在ServiceProviderDescription中,请确保您指定该服务是1.0a版本(如果事实上Uservoice支持该版本),以便DNOA将与Uservoice通信它应该创建验证者代码。

顺便提一下,各种技巧,包括扫描流程标题或在您自己的应用程序中托管浏览器,可以通过让您的应用程序自动为他复制验证代码步骤来消除手动用户。

答案 2 :(得分:0)

当通过WebAPI完成授权并且您没有在浏览器中显示重定向时,也会使用验证程序。在这里,您只需通过代码发送AuthentificationRequest,并将验证程序作为json-string,无需任何用户交互。

在这种情况下,该过程(对于OAuth 1.0)如下所示:

    public void AccessAPI ()
    {
        InMemoryOAuthTokenManager tokenManager = InMemoryOAuthTokenManager(YOUR_CLIENT_KEY, YOUR_CLIENT_SECRET);
        var consumer = new DesktopConsumer(GetAuthServerDescription(), tokenManager);

            // Get Request token
            string requestToken;
            var parameters = new Dictionary<string, string>();
            parameters["email"] = "foo";
            parameters["password"] = "bar";
            Uri authorizationUrl = consumer.RequestUserAuthorization(null, parameters, out requestToken);

            // Authorize and get a verifier (No OAuth Header necessary for the API I wanted to access)
            var request = WebRequest.Create(authorizationUrl) as HttpWebRequest;
            request.Method = "Get";
            request.Accept = "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2";
            var response = request.GetResponse() as HttpWebResponse;
            string verifier = new StreamReader(response.GetResponseStream()).ReadToEnd().Split('=')[1]; //Irgendwie will Json nicht parsen

            // Use verifier to get the final AccessToken
            AuthorizedTokenResponse authorizationResponse = consumer.ProcessUserAuthorization(requestToken, verifier);
            string accessToken = authorizationResponse.AccessToken;

            // Access Ressources
            HttpDeliveryMethods resourceHttpMethod = HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest;
            var resourceEndpoint = new MessageReceivingEndpoint("https://api.discovergy.com/public/v1/meters", resourceHttpMethod);
            using (IncomingWebResponse resourceResponse = consumer.PrepareAuthorizedRequestAndSend(resourceEndpoint, accessToken))
            {
                string result = resourceResponse.GetResponseReader().ReadToEnd();
                dynamic content = JObject.Parse(result);
            }
    }

    private ServiceProviderDescription GetAuthServerDescription()
    {
        var authServerDescription = new ServiceProviderDescription();
        authServerDescription.RequestTokenEndpoint = new MessageReceivingEndpoint(YOUR_REQUEST_ENDPOINT, HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
        authServerDescription.UserAuthorizationEndpoint = new MessageReceivingEndpoint(YOUR_AUTHORIZATION_ENDPOINT, HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
        authServerDescription.AccessTokenEndpoint = new MessageReceivingEndpoint(YOUR_TOKEN_ENDPOINT, HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
        authServerDescription.ProtocolVersion = ProtocolVersion.V10;
        authServerDescription.TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() };
        return authServerDescription;
    }
相关问题
最新问题