We have some web services with OAuth on them.
I am required to run some tests against them, preferably in an automated environment without using a browser.
The problem is logging in.
Without using a browser, and with using DotNetOpenAuth and setting the HttpContext.Current manually, I seem able to do everything and get a request token and a verifier (I use a test username and password).
I believe the next stage is to get an authorising token. Unfortunatly, no matter how I construct the request, I cannot get it to work.
At the moment, using a WebConsumer (DotNetOpenAuth library) and calling consumer.ProcessUserAuthorization() results in an error:
DotNetOpenAuth.OAuth.Messages.AuthorizedTokenRequest message: oauth_verifier
Probably the whole approach is wrong, so any help/advice would be useful.
Thanks.
In the end, it was a problem with cookies not being stored properly.
I was losing cookies between the login page (where the user types their username and password), and the authorise page (where the user says it is okay to share details with the third party). The second page was doing an extra check to see if the user was who they say they were (reading a cookie value that the login page was meant to have written).
It was not really an OAuth issue, just something I did not understand in the Authorising page (which has since been removed anyway – c’est la vie).
I then had issues with the domains of the cookies (when the domain starts with a ‘.’). This post helped me:
CookieContainer bug?
I ended up copying cookies from one domain to another.