diff options
| -rw-r--r-- | samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs | 6 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs | 22 |
2 files changed, 26 insertions, 2 deletions
diff --git a/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs b/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs index f834a98..8244e3d 100644 --- a/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs +++ b/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs @@ -38,6 +38,7 @@ namespace DotNetOpenAuth.ApplicationBlock { /// A mapping between Google's applications and their URI scope values. /// </summary> private static readonly Dictionary<Applications, string> DataScopeUris = new Dictionary<Applications, string> { + { Applications.Analytics, "https://www.google.com/analytics/feeds/" }, { Applications.GoogleBase, "http://www.google.com/base/feeds/" }, { Applications.Blogger, "http://www.blogger.com/feeds" }, { Applications.BookSearch, "http://www.google.com/books/feeds/" }, @@ -133,6 +134,11 @@ namespace DotNetOpenAuth.ApplicationBlock { /// Google Base /// </summary> GoogleBase = 0x2000, + + /// <summary> + /// Analytics + /// </summary> + Analytics = 0x4000, } /// <summary> diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs index d5ba346..f0ac8fa 100644 --- a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs +++ b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs @@ -7,9 +7,11 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { using System; using System.Collections.Generic; + using System.Collections.Specialized; using System.Diagnostics.Contracts; using System.Globalization; using System.Text; + using System.Web; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.Messaging.Bindings; using DotNetOpenAuth.Messaging.Reflection; @@ -164,13 +166,29 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { signatureBaseStringElements.Add(message.HttpMethod.ToUpperInvariant()); + var encodedDictionary = OAuthChannel.GetUriEscapedParameters(messageDictionary); + encodedDictionary.Remove("oauth_signature"); + if (message.Recipient.Query != null) { + // It seeems to me a deviation from the OAuth 1.0 spec to be willing to scrape the query + // for parameters on anything but GET requests, but Google does it so to interop we must + // as well. Besides, it seems more secure to sign everything if it's there. + NameValueCollection nvc = HttpUtility.ParseQueryString(message.Recipient.Query); + foreach (string key in nvc) { + encodedDictionary.Add(key, nvc[key]); + } + } else if (message.HttpMethod == "POST") { + // If the HttpWebRequest that we're sending out has a content-type header + // of application/x-www-form-urlencoded, we should be parsing out those parameters + // and adding them to this dictionary as well. + // But at this point we don't have access to the HttpWebRequest (design flaw?) + // TODO: figure this out. + } + UriBuilder endpoint = new UriBuilder(message.Recipient); endpoint.Query = null; endpoint.Fragment = null; signatureBaseStringElements.Add(endpoint.Uri.AbsoluteUri); - var encodedDictionary = OAuthChannel.GetUriEscapedParameters(messageDictionary); - encodedDictionary.Remove("oauth_signature"); var sortedKeyValueList = new List<KeyValuePair<string, string>>(encodedDictionary); sortedKeyValueList.Sort(SignatureBaseStringParameterComparer); StringBuilder paramBuilder = new StringBuilder(); |