我正在使用ApplicationBuilding Block示例提供的InMemoryToken Manager的a(略有变化)来使用DotNetOpenAuth对MySpace进行身份验证。
在我看来,在调用ProcessUserAuthorization时,身份验证后从MySpace返回的令牌没有正确地被解码。
为了让令牌的传递工作,我正在使用以下丑陋的黑客来让TokenManager找到匹配的秘密。 (Twitter认证不需要黑客攻击)
public string GetTokenSecret(string token)
{
// hack necessary for myspace :(
token = HttpUtility.UrlDecode(token);
string tokenSecret = tokensAndSecrets[token];
....
}
这是我的MySpaceConsumer类
public static class MySpaceConsumer
{
public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription
{
RequestTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/request_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
UserAuthorizationEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/authorize", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
AccessTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/access_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() },
};
/// <summary>
/// The description of Twitter's OAuth protocol URIs for use with their "Sign in with Twitter" feature.
/// </summary>
public static readonly ServiceProviderDescription SignInWithTwitterServiceDescription = new ServiceProviderDescription
{
RequestTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/request_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
UserAuthorizationEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/authorize", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
AccessTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/access_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() },
};
static MySpaceConsumer()
{
// Twitter can't handle the Expect 100 Continue HTTP header.
//ServicePointManager.FindServicePoint(GetFavoritesEndpoint.Location).Expect100Continue = false;
}
public static bool IsMySpaceConsumerConfigured
{
get
{
return !string.IsNullOrEmpty(Busker.MVC.Properties.Settings.Default.TwitterConsumerKey) &&
!string.IsNullOrEmpty(Busker.MVC.Properties.Settings.Default.TwitterConsumerSecret);
}
}
private static BuskerTokenManager ShortTermUserSessionTokenManager
{
get
{
var store = HttpContext.Current.Session;
var tokenManager = (BuskerTokenManager)store["MySpaceShortTermUserSessionTokenManager"];
if (tokenManager == null)
{
string consumerKey = Busker.MVC.Properties.Settings.Default.TwitterConsumerKey;
string consumerSecret = Busker.MVC.Properties.Settings.Default.TwitterConsumerSecret;
if (IsMySpaceConsumerConfigured)
{
tokenManager = new BuskerTokenManager(consumerKey, consumerSecret);
store["MySpaceShortTermUserSessionTokenManager"] = tokenManager;
}
else
{
throw new InvalidOperationException("No Twitter OAuth consumer key and secret could be found in web.config AppSettings.");
}
}
return tokenManager;
}
}
private static readonly MessageReceivingEndpoint GetMyProfile = new MessageReceivingEndpoint("http://api.myspace.com/1.0/people/@me/@self?format=xml", HttpDeliveryMethods.GetRequest);
public static XDocument GetProfile(ConsumerBase myspace, string accessToken)
{
IncomingWebResponse response = myspace.PrepareAuthorizedRequestAndSend(GetMyProfile, accessToken);
return XDocument.Load(XmlReader.Create(response.GetResponseReader()));
}
}