我正在使用 ApplicationBuilding Block 示例提供的 InMemoryToken Manager 的一个(轻微变体)来使用 DotNetOpenAuth 对 MySpace 进行身份验证。
在我看来,身份验证后从 MySpace 返回的令牌在调用 ProcessUserAuthorization 时未正确进行 urldecode。
为了让令牌通过工作,我目前正在使用以下丑陋的黑客来让 TokenManager 找到匹配的秘密。(Twitter 身份验证不需要 hack)
public string GetTokenSecret(string token)
{
// hack necessary for myspace :(
token = HttpUtility.UrlDecode(token);
string tokenSecret = tokensAndSecrets[token];
....
}
这是我的 MySpaceConsumer 课程
public static class MySpaceConsumer
{
public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription
{
RequestTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/request_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
UserAuthorizationEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/authorize", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
AccessTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/access_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() },
};
/// <summary>
/// The description of Twitter's OAuth protocol URIs for use with their "Sign in with Twitter" feature.
/// </summary>
public static readonly ServiceProviderDescription SignInWithTwitterServiceDescription = new ServiceProviderDescription
{
RequestTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/request_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
UserAuthorizationEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/authorize", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
AccessTokenEndpoint = new MessageReceivingEndpoint("http://api.myspace.com/access_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() },
};
static MySpaceConsumer()
{
// Twitter can't handle the Expect 100 Continue HTTP header.
//ServicePointManager.FindServicePoint(GetFavoritesEndpoint.Location).Expect100Continue = false;
}
public static bool IsMySpaceConsumerConfigured
{
get
{
return !string.IsNullOrEmpty(Busker.MVC.Properties.Settings.Default.TwitterConsumerKey) &&
!string.IsNullOrEmpty(Busker.MVC.Properties.Settings.Default.TwitterConsumerSecret);
}
}
private static BuskerTokenManager ShortTermUserSessionTokenManager
{
get
{
var store = HttpContext.Current.Session;
var tokenManager = (BuskerTokenManager)store["MySpaceShortTermUserSessionTokenManager"];
if (tokenManager == null)
{
string consumerKey = Busker.MVC.Properties.Settings.Default.TwitterConsumerKey;
string consumerSecret = Busker.MVC.Properties.Settings.Default.TwitterConsumerSecret;
if (IsMySpaceConsumerConfigured)
{
tokenManager = new BuskerTokenManager(consumerKey, consumerSecret);
store["MySpaceShortTermUserSessionTokenManager"] = tokenManager;
}
else
{
throw new InvalidOperationException("No Twitter OAuth consumer key and secret could be found in web.config AppSettings.");
}
}
return tokenManager;
}
}
private static readonly MessageReceivingEndpoint GetMyProfile = new MessageReceivingEndpoint("http://api.myspace.com/1.0/people/@me/@self?format=xml", HttpDeliveryMethods.GetRequest);
public static XDocument GetProfile(ConsumerBase myspace, string accessToken)
{
IncomingWebResponse response = myspace.PrepareAuthorizedRequestAndSend(GetMyProfile, accessToken);
return XDocument.Load(XmlReader.Create(response.GetResponseReader()));
}
}