search

WP-API / OAuth1

OAuth server implementation for WP API
http://oauth1.wp-api.org/
327 stars 109 forks source link

Post to wordpress via rest #213

Open lfoliveira opened 6 years ago

lfoliveira commented 6 years ago

I was able to authenticate with wordpress with oauth 1.0a. Now when i try to post i always get the error. i tried to post with postman with the client id/secret, token/tokensecret with success.

{"code":"json_oauth1_signature_mismatch",
"message":"OAuth signature does not match",
"data":{"status":401}}

Here is header i am send it

Authorization: OAuth oauth_consumer_key="XXXXXX",
 oauth_token="XXXXXXXXX", 
oauth_signature_method="HMAC-SHA1", 
oauth_timestamp="1510921763", 
oauth_nonce="5800303", 
oauth_version="1.0",
oauth_signature="0qRr9VhjSrXmWRr%2B%2B8HmUmvvGrU%3D"

To build the signature i'm doing:

public void MssGenerate_oAuthSignatureValues(string ssConsumerKey, string ssConsumerSecret, string ssOAuthToken, string ssOAuthTokenSecret, string ssrequest_Method, string ssURL, string ssauth_callback, string ssoAuth_verifier, out string ssoAuth_Signature)
    {
        // TODO: Write implementation for action

        ssoAuth_Signature = "";
        oAuthBase oaBase = new oAuthBase();

        string oauth_signature_method = "HMAC-SHA1";
        string oauth_nonce = oaBase.GenerateNonce();
        string oauth_version = "1.0";
        string oauth_timestamp = oaBase.GenerateTimeStamp();

        SortedDictionary<string, string> sd = new SortedDictionary<string, string>();
        sd.Add("oauth_version", oauth_version);
        if(ssauth_callback !="")
            sd.Add("oauth_callback", PercentEncode(ssauth_callback));
        sd.Add("oauth_consumer_key", ssConsumerKey);
        sd.Add("oauth_nonce", oauth_nonce);
        sd.Add("oauth_signature_method", oauth_signature_method);
        sd.Add("oauth_timestamp", oauth_timestamp);
        sd.Add("oauth_token", ssOAuthToken);
        if (ssoAuth_verifier != "")
        {
            sd.Add("oauth_verifier", ssoAuth_verifier);
        }

        Uri url = new Uri(ssURL);
        StringBuilder baseString = new StringBuilder(ssrequest_Method + "&" + PercentEncode(NormalizeUrl(url)) + "&");

        foreach (var keyValuePair in sd)
        {
            baseString.Append(PercentEncode(string.Format("{0}={1}&", keyValuePair.Key, keyValuePair.Value)));
        }
        string signatureBaseString = baseString.ToString().Substring(0, baseString.Length - 3);

        string signingKey =
            PercentEncode(ssConsumerSecret) + "&" +
            PercentEncode(ssOAuthTokenSecret);

        string signatureString = ComputeSignature(signingKey, signatureBaseString);

        string authorizationHeaderParams = "OAuth ";
        authorizationHeaderParams += "oauth_consumer_key=" + "\"" + PercentEncode(ssConsumerKey) + "\", ";
        authorizationHeaderParams += "oauth_token=" + "\"" + PercentEncode(ssOAuthToken) + "\", ";
        authorizationHeaderParams += "oauth_signature_method=" + "\"" + PercentEncode(oauth_signature_method) + "\", ";
        authorizationHeaderParams += "oauth_timestamp=" + "\"" + PercentEncode(oauth_timestamp) + "\", ";
        authorizationHeaderParams += "oauth_nonce=" + "\"" + PercentEncode(oauth_nonce) + "\", ";
        authorizationHeaderParams += "oauth_version=" + "\"" + PercentEncode(oauth_version) + "\", ";
        authorizationHeaderParams += "oauth_signature=" + "\"" + PercentEncode(signatureString) + "\"";

        if (ssauth_callback != ""){
            authorizationHeaderParams += ", oauth_callback =" + "\"" + PercentEncode(ssauth_callback) + "\"";
        }
        if (sd.ContainsKey("oauth_verifier")){
            authorizationHeaderParams += "\", oauth_verifier =" + "\"" + PercentEncode(sd["oauth_verifier"]) + "\"";
        }

        ssoAuth_Signature = authorizationHeaderParams;
    }

public virtual string GenerateTimeStamp()
        {
            // Default implementation of UNIX time of the current UTC time
            TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
            return Convert.ToInt64(ts.TotalSeconds).ToString();
        }

        public virtual string GenerateNonce()
        {
            // Just a simple implementation of a random number between 123400 and 9999999
            return random.Next(123400, 9999999).ToString();
        }
    }

private static string ComputeSignature(string signingKey, string text)
        {
            // Sign the request
            HMACSHA1 hasher = new HMACSHA1(new ASCIIEncoding().GetBytes(signingKey));
            return Convert.ToBase64String(hasher.ComputeHash(new ASCIIEncoding().GetBytes(text)));
        }

        private static string NormalizeUrl(Uri url)
        {
            string normalizedUrl = string.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}://{1}", url.Scheme, url.Host);
            if (!((url.Scheme == "http" && url.Port == 80) || (url.Scheme == "https" && url.Port == 443)))
            {
                normalizedUrl += ":" + url.Port;
            }

            normalizedUrl += url.AbsolutePath;
            return normalizedUrl;
        }

I'm out of ideas what i'm doing wrong

salviof commented 5 years ago

Do you solved that? @lfoliveira