1

我从服务器收到了一个好的 oauth_verifier 值,但它没有通过对ProcessUserAuthorizationaccess_token 端点的调用传递。

我正在使用 DotNetOpenAuth 3.3.1 和 WebConsumer 实现。我正在使用的服务器使用的是 OAuth 1.0a 而不是 1.0.1。

我是否需要强制 DotNetOpenAuth 使用 1.0a?

2010-01-16 13:19:44,343 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - After binding element processing, the received UserAuthorizationResponse (1.0.1) message is: 
    oauth_verifier: dEz9lE9AA1gcdr6oCbmD
    oauth_token: vauHNVOCITlbGCuqycWn

2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Preparing to send AuthorizedTokenRequest (1.0) message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement applied to message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement applied to message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
2010-01-16 13:19:44,346 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Applying secrets to message to prepare for signing or signature verification.
2010-01-16 13:19:44,348 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Signing AuthorizedTokenRequest message using HMAC-SHA1.
2010-01-16 13:19:44,349 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Constructed signature base string: GET&http%3A%2F%2Fx-staging.indivo.org%3A8000%2Foauth%2Faccess_token&oauth_consumer_key%3Doak%26oauth_nonce%3DgPersiZV%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1263676784%26oauth_token%3DvauHNVOCITlbGCuqycWn%26oauth_version%3D1.0
2010-01-16 13:19:44,349 [5] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] <(null)> - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain applied to message.
2010-01-16 13:19:44,351 [5] INFO  DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Prepared outgoing AuthorizedTokenRequest (1.0) message for http://x-staging.indivo.org:8000/oauth/access_token: 
    oauth_token: vauHNVOCITlbGCuqycWn
    oauth_consumer_key: XXXXXXmyComsumerKeyXXXXXX
    oauth_nonce: gPersiZV
    oauth_signature_method: HMAC-SHA1
    oauth_signature: xNynvr2oFlqtdoOKOl2ETiiTLGY=
    oauth_version: 1.0
    oauth_timestamp: 1263676784

2010-01-16 13:19:44,351 [5] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] <(null)> - Sending AuthorizedTokenRequest request.
2010-01-16 13:19:44,351 [5] DEBUG DotNetOpenAuth.Http [(null)] <(null)> - HTTP GET http://x-staging.indivo.org:8000/oauth/access_token
2010-01-16 13:20:34,657 [5] ERROR DotNetOpenAuth.Http [(null)] <(null)> - WebException from http://x-staging.indivo.org:8000/oauth/access_token: 
<h4>Internal Server Error</h4>

指向 log4net 日志的 pastebin 链接

4

1 回答 1

1

如果您查看日志,您会看到 DotNetOpenAuth 收到了验证消息并将其识别为 1.0a 消息,其中日志显示“已收到 UserAuthorizationResponse (1.0.1)”(因为 1.0.1 是 DNOA 表示 1.0a 的方式)。

您还会从日志中注意到 DNOA 发送了“AuthorizedTokenRequest (1.0)”消息。这强烈表明ServiceProviderDescription您传递给WebConsumer实例的对象的ProtocolVersion属性设置为V10而不是V10a.

当您第一次将用户发送到服务提供者时,您可能正在ServiceProviderDescription正确初始化,但在第二次调用时初始化它而不设置其版本号WebConsumer.ProcessAuthorization

另一种可能性是服务提供者违反了 OAuth 1.0a 规范,DotNetOpenAuth 检测到这一点并覆盖您的设置并决定将服务提供者仅视为 OAuth 1.0 服务提供者。如果发生这种情况,您会看到自己ServiceProviderDescription对象的ProtocolVersion属性从 1.0.1 更改为 1.0,并且您的日志将包含此子字符串“端点处的预期 OAuth 服务提供者”...

于 2010-01-17T01:27:27.893 回答