3

I am trying to create oauth signature. But I dont know what I am doing wrong because the site giving unauthorize error. I am using oauth version 1.0. Method is HMAC-SHA1 and it is google based oauth. My base string is correct because it checked it with sample output. My code :

string oauthSig = "";
        string baseString = HttpUtility.UrlEncode(httpMethod.ToUpper()) + "&" +
                            HttpUtility.UrlEncode(url) + "&" +
                            HttpUtility.UrlEncode("oauth_callback="+callback+"&"+
                                                  "oauth_consumer_key="+consumerKey+"&"+
                                                  "oauth_nonce="+nounce+"&"+
                                                  "oauth_signature_method="+sigMethod+"&"+
                                                  "oauth_timestamp=" + timestamp + "&" +
                                                  "oauth_version=" + version
                                                  );
        HMACSHA1 myhmacsha1 = new HMACSHA1(Encoding.UTF8.GetBytes(HttpUtility.UrlEncode(consumeSecret)),true);
        byte[] hashValue = myhmacsha1.ComputeHash(Encoding.UTF8.GetBytes(baseString));
        oauthSig = Convert.ToBase64String(hashValue);

Please tell me if I am doing anything wrong.

Thanks

Improve this question

1 Answer 1

Reset to default
4

The key to the signature should be:

CONSUMER_SECRET + '&' + TOKEN_SECRET

And since you do not have a token secret yet, you should use CONSUMER_SECRET and an ampersand (&) as the key to the signature.

Edit, further clarification:

HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? "" : UrlEncode(tokenSecret)));

byte[] dataBuffer = System.Text.Encoding.ASCII.GetBytes(data);
byte[] hashBytes  = hmacsha1.ComputeHash(dataBuffer);

return Convert.ToBase64String(hashBytes);

I've not tested the code but i've taken it from from oauth.googlecode.com - OAuthBase.cs. I highly recommend checking it out, it should do everything you want.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi I did as you told me. But still no luck. Is HMACSHA1 and hashed HMACSHA1 same thing ?
I was wrong about the URL-encoding. I've edited my answer for further clarification.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.