我从服务器收到一个好的oauth_verifier值,但它没有通过ProcessUserAuthorization调用传递给access_token端点。
我正在使用DotNetOpenAuth 3.3.1和WebConsumer实现。 我正在使用的服务器使用OAuth 1.0a而不是1.0.1。
我是否需要强制DotNetOpenAuth使用1.0a?
2010-01-16 13:19:44,343 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - After binding element processing, the received UserAuthorizationResponse (1.0.1) message is:
oauth_verifier: dEz9lE9AA1gcdr6oCbmD
oauth_token: vauHNVOCITlbGCuqycWn
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Preparing to send AuthorizedTokenRequest (1.0) message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement applied to message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement applied to message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Applying secrets to message to prepare for signing or signature verification.
2010-01-16 13:19:44,348 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Signing AuthorizedTokenRequest message using HMAC-SHA1.
2010-01-16 13:19:44,349 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Constructed signature base string: GET&http%3A%2F%2Fx-staging.indivo.org%3A8000%2Foauth%2Faccess_token&oauth_consumer_key%3Doak%26oauth_nonce%3DgPersiZV%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1263676784%26oauth_token%3DvauHNVOCITlbGCuqycWn%26oauth_version%3D1.0
2010-01-16 13:19:44,349 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain applied to message.
2010-01-16 13:19:44,351 [5] INFO DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Prepared outgoing AuthorizedTokenRequest (1.0) message for http://x-staging.indivo.org:8000/oauth/access_token:
oauth_token: vauHNVOCITlbGCuqycWn
oauth_consumer_key: XXXXXXmyComsumerKeyXXXXXX
oauth_nonce: gPersiZV
oauth_signature_method: HMAC-SHA1
oauth_signature: xNynvr2oFlqtdoOKOl2ETiiTLGY=
oauth_version: 1.0
oauth_timestamp: 1263676784
2010-01-16 13:19:44,351 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Sending AuthorizedTokenRequest request.
2010-01-16 13:19:44,351 [5] DEBUG DotNetOpenAuth.Http [(null)] <(null)> - HTTP GET http://x-staging.indivo.org:8000/oauth/access_token
2010-01-16 13:20:34,657 [5] ERROR DotNetOpenAuth.Http [(null)] <(null)> - WebException from http://x-staging.indivo.org:8000/oauth/access_token:
<h4>Internal Server Error</h4>
答案 0 :(得分:1)
如果查看日志,您会看到DotNetOpenAuth收到验证者消息并将其识别为1.0a消息,其中日志显示“已收到UserAuthorizationResponse(1.0.1)”(因为1.0.1是DNOA的方式)说1.0a)。
您还会在日志中注意到DNOA发送“AuthorizedTokenRequest(1.0)”消息。这强烈建议您传递给ServiceProviderDescription实例的WebConsumer对象,ProtocolVersion属性设置为V10而不是V10a。
当您第一次将用户发送给服务提供商时,可能正确初始化ServiceProviderDescription,但是在您拨打{{1}时第二次初始化它时却没有设置其版本号}。
另一种可能性是服务提供商违反了OAuth 1.0a规范,DotNetOpenAuth会检测到这一点并覆盖您的设置,并决定将服务提供商视为仅仅是OAuth 1.0服务提供商。如果发生这种情况,您会看到自己的WebConsumer.ProcessAuthorization对象的ServiceProviderDescription属性从1.0.1更改为1.0,并且您的日志将包含此子字符串“端点上的预期OAuth服务提供程序”...