C# Class OAuth.Manager

Acquire an access token, from the given URI, using the given HTTP method.

To use this method, you must first set the oauth_token to the value of the request token. Eg, oauth["token"] = "whatever".

According to the OAuth spec, you need to do this only ONCE per application. In other words, the first time the application is run. The normal oauth workflow is: (1) get a request token, (2) use that to acquire an access token (which requires explicit user approval), then (3) using that access token, invoke protected services. The first two steps need to be done only once per application.

For Twitter, at least, you can cache the access tokens indefinitely; Twitter says they never expire. However, other oauth services may not do the same. Also: the user may at any time revoke his authorization for your app, in which case you need to perform the first 2 steps again.

Acquire a request token, from the given URI, using the given HTTP method.

To use this method, first instantiate a new Oauth.Manager object, then set the callback param (oauth["callback"]='oob'). After the call returns, you should direct the user to open a browser window to the authorization page for the OAuth-enabled service. Or, you can automatically open that page yourself. Do this with System.Diagnostics.Process.Start(), passing the URL of the page. There should be one query param: oauth_token with the value obtained from oauth["token"].

According to the OAuth spec, you need to do this only ONCE per application. In other words, the first time the application is run. The normal oauth workflow is: (1) get a request token, (2) use that to acquire an access token (which requires explicit user approval), then (3) using that access token, invoke protected services. The first two steps need to be done only once per application.

For Twitter, at least, you can cache the access tokens indefinitely; Twitter says they never expire. However, other oauth services may not do the same. Also: the user may at any time revoke his authorization for your app, in which case you need to perform the first 2 steps again.

Generate a string to be used in an Authorization header in an HTTP request.

This method assembles the available oauth_ parameters that have been set in the Dictionary in this instance, produces the signature base (As described by the OAuth spec, RFC 5849), signs it, then re-formats the oauth_ parameters into the appropriate form, including the oauth_signature value, and returns the result.

Generate a string to be used in an Authorization header in an HTTP request.

This method assembles the available oauth_ parameters that have been set in the Dictionary in this instance, produces the signature base (As described by the OAuth spec, RFC 5849), signs it, then re-formats the oauth_ parameters into the appropriate form, including the oauth_signature value, and returns the result.

If you pass in a non-null, non-empty realm, this method will include the realm='foo' clause in the Authorization header.

Return the oauth string that can be used in an Authorization header. All the oauth terms appear in the string, in alphabetical order.

The default public constructor.

Initializes various fields to default values.

The constructor to use when using OAuth when you already have an OAuth access token.

The parameters for this constructor all have the meaning you would expect. The token and tokenSecret are set in oauth_token, and oauth_token_secret. These are *Access* tokens, obtained after a call to AcquireAccessToken. The application can store those tokens and re-use them on successive runs. For twitter at least, the access tokens never expire.

This is an oauth-compliant Url Encoder. The default .NET encoder outputs the percent encoding in lower case. While this is not a problem with the percent encoding defined in RFC 3986, OAuth (RFC 5849) requires that the characters be upper case throughout OAuth.

string indexer to get or set oauth parameter values.

Use the parameter name *without* the oauth_ prefix. If you want to set the value for the oauth_token parameter field in an HTTP message, then use oauth["token"].

The set of oauth param names known by this indexer includes: callback, consumer_key, consumer_secret, timestamp, nonce, signature_method, signature, token, token_secret, and version.

If you try setting a parameter with a name that is not known, the setter will throw. You cannot add new oauth parameters using the setter on this indexer.

Formats the list of request parameters into string a according to the requirements of oauth. The resulting string could be used in the Authorization header of the request.

See http://dev.twitter.com/pages/auth#intro for some background. The output of this is not suitable for signing.

There are 2 formats for specifying the list of oauth parameters in the oauth spec: one suitable for signing, and the other suitable for use within Authorization HTTP Headers. This method emits a string suitable for the latter.

Internal function to extract from a URL all query string parameters that are not related to oauth - in other words all parameters not begining with "oauth_".

For example, given a url like http://foo?a=7&guff, the returned value will be a Dictionary of string-to-string relations. There will be 2 entries in the Dictionary: "a"=>7, and "guff"=>"".

Generate an oauth nonce.

According to RFC 5849, A nonce is a random string, uniquely generated by the client to allow the server to verify that a request has never been made before and helps prevent replay attacks when requests are made over a non-secure channel. The nonce value MUST be unique across all requests with the same timestamp, client credentials, and token combinations.

One way to implement the nonce is just to use a monotonically-increasing integer value. It starts at zero and increases by 1 for each new request or signature generated. Keep in mind the nonce needs to be unique only for a given timestamp! So if your app makes less than one request per second, then using a static nonce of "0" will work.

Most oauth nonce generation routines are waaaaay over-engineered, and this one is no exception.

Generate the timestamp for the signature.

Formats the list of request parameters into "signature base" string as defined by RFC 5849. This will then be MAC'd with a suitable hash.

Renews the nonce and timestamp on the oauth parameters.

Each new request should get a new, current timestamp, and a nonce. This helper method does both of those things. This gets called before generating an authorization header, as for example when the user of this class calls .