为什么我的DotNetOpenAuth消费者不尊重版本1.0a?

时间:2011-05-10 23:01:43

标签: dotnetopenauth

我正在使用DotNetOpenAuth构建OAuth服务提供程序,为了对其进行测试,我已经修改了示例wcf使用者以简单地调用普通的http端点。令牌请求工作正常,但是当我请求访问受保护资源时,我得到以下协议execption:

The following required parameters were missing from the DotNetOpenAuth.OAuth.Messages.AuthorizedTokenRequest message: oauth_verifier

当我查看服务提供商的日志输出时,我看到了:

Error while performing basic validation of AuthorizedTokenRequest with these message parts:
oauth_token: pgzjBIs0pKCeDIcaIinyrV5Jhi0=
oauth_consumer_key: sampleconsumer
oauth_nonce: TM0Rc8kg
oauth_signature_method: HMAC-SHA1
oauth_signature: zmpxK5c69n1VzTEEcrnnd4e+qYI=
oauth_version: 1.0
oauth_timestamp: 1305067751

注意oauth_version:1.0,即使我在创建消费者时指定了ProtocolVersion.V10a。

如果我在两边指定ProtocolVersion.V10,我会得到以下异常:

Expected message DotNetOpenAuth.OAuth.Messages.AccessProtectedResourceRequest but received DotNetOpenAuth.OAuth.Messages.AuthorizedTokenRequest instead.

以下是获取令牌的消费者代码(这直接来自示例代码):

WebConsumer consumer = this.CreateConsumer();
UriBuilder callback = new UriBuilder(Request.Url);
callback.Query = null;
string[] scopes = (from item in this.scopeList.Items.OfType<ListItem>()
                   where item.Selected
                   select item.Value).ToArray();
string scope = string.Join("|", scopes);
var requestParams = new Dictionary<string, string> { { "scope", scope } };
var response = consumer.PrepareRequestUserAuthorization(callback.Uri, requestParams, null);
consumer.Channel.Send(response);

这是我失败的消费者代码:

var accessToken = Session["WcfAccessToken"] as string;
var consumer = CreateConsumer();
var serviceEndpoint = new MessageReceivingEndpoint("https://mymachine/test/getUserName", HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.PostRequest);
var httpRequest = consumer.PrepareAuthorizedRequest(serviceEndpoint, accessToken);
var httpResponse = httpRequest.GetResponse();

在我的服务提供者中,我调用serviceProvider.ReadProtectedResourceAuthorization();它失败了,除了我上面提到的例外。

任何想法我做错了什么?

1 个答案:

答案 0 :(得分:0)

这是我的一个愚蠢的错误,我从我的IServiceProviderTokenManager返回错误的TokenType。服务提供者示例中显示了正确的逻辑,如下所示:

if (tokenObject.State == TokenAuthorizationState.AccessToken)
    return TokenType.AccessToken;
return TokenType.RequestToken;
相关问题
最新问题