Home/ Questions/Q 6607951
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T19:33:29+00:00

I need to implement an OAuth 1.0 client in C# for the Micro Framework.

  • 0

I need to implement an OAuth 1.0 client in C# for the Micro Framework. This is on an application that is talking to AppEngine, and there is post data. I’m running over http (no SSL), so I need to sign using HMAC-SHA1. I’ve implemented HMAC and SHA-1 and my results match every reference example I could find. I have a working client using a Python OAuth client, but it’s a huge pain to pull information out, so all I can essentially do is inspect the headers that it sends (using the super helpful page at http://www.ericgiguere.com/tools/http-header-viewer.html )

So here’s what I know:

1.)  Url = http://www.ericgiguere.com/tools/http-header-viewer.html
2.)  Method = POST
3.)  Body = Hello [Hex: 48 65 6c 6c 6f]

4.)  Timestamp = 1316541449
5.)  Nonce = 83950705

6.)  Consumer Key = www.paulhounshell.com
7.)  OAuth Token = 1/8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo
8.)  Consumer Secret = [It's a secret]
9.)  OAuth Secret = [Also a secret]

Here’s what I’ve derived:

10.) Body SHA1 Hash = 9/+ei3uy4Jtwk1pdeF4MxdnQq/A= (From 3)
11.) Signature Base String = POST&http://www.ericgiguere.com/tools/http-header-viewer.html&oauth_body_hash%3D9%2F%2Bei3uy4Jtwk1pdeF4MxdnQq%2FA%3D%26oauth_consumer_key%3Dwww.paulhounshell.com%26oauth_nonce%3D83950705%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1316541449%26oauth_token%3D1%2F8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo%26oauth_version%3D1.0
     (From 1, 2, 4, 5, 6, 7, 10 - Probably Wrong)
12.) Key = [ConsumerSecret]&[OAuthSecret] (From 8, 9)
13.) Signature = VjIwjKwmvFMe6ewBNwfiPscIPo0= (From 11, 12, Definitely Wrong)
14.) Authorization = OAuth realm="http://www.ericgiguere.com", oauth_body_hash="9%2F%2Bei3uy4Jtwk1pdeF4MxdnQq%2FA%3D", oauth_consumer_key="www.paulhounshell.com", oauth_token="1%2F8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo", oauth_signature_method="HMAC-SHA1", oauth_signature="VjIwjKwmvFMe6ewBNwfiPscIPo0%3D", oauth_timestamp="1316541449", oauth_nonce="83950705", oauth_version="1.0"

In my working client I get:

15.) Authorization = OAuth realm="http://www.ericgiguere.com", oauth_body_hash="9%2F%2Bei3uy4Jtwk1pdeF4MxdnQq%2FA%3D", oauth_nonce="83950705", oauth_timestamp="1316541449", oauth_consumer_key="www.paulhounshell.com", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_token="1%2F8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo", oauth_signature="4GNDFN2%2FQoJxa2fzVq7sAN9NDxE%3D"
16.) Signature = 4GNDFN2/QoJxa2fzVq7sAN9NDxE= (From 15, Proves 13 Wrong)

I suspect the problem is in building my Signature Base String, probably in my encoding, but I’m not sure. Anyone with OAuth experience have any idea where I’m broken?

If you have a Signature Base String for me to test I can give quick turnaround to verify whether it’s correct, but I don’t want to post my secrets (that’s why they’re secret).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the Signature Base String, the data needed to be URL Encoded twice. Once to be a url parameter, and then a second time when the parameters are concatenated together.

    • 0