Archive for October, 2009

How to Sign oAuth requests

October 15, 2009 1 comment

In the development of Piculet, my new hobbie project, i’ve had to implement the oAuth Authorization process. The Twitter App documentation gives you a rough sketch of how to do this, and the services spec points you off to the official oAuth Specification.

Let’s just say it’s a bit confusing. After surfing the web i’ve found some example code and a class with oAuth utility methods which i used in the implementation see external links at the end.

I advise you read and examine the code mentioned in the article here. The small  application the author provides will give you some insight on how it all works and how you can achieve the oAuth calls. Unfortunally this isn’t explained in the article itself hence this post.

Authorization process

The authorization process, according to twitter is :

  1. The application uses oauth/request_token to obtain a request token from
  2. The application directs the user to oauth/authorize on
  3. After obtaining approval from the user, a prompt on will display a 7 digit PIN.
  4. The user is instructed to copy this PIN and return to the appliction.
  5. The application will prompt the user to enter the PIN from step 4.
  6. The application uses the PIN as the value for the oauth_verifier parameter in a call to
  7. oauth/access_token which will verify the PIN and exchange a request_token for an access_token.
  8. Twitter will return an access_token for the application to generate subsequent OAuth signatures.

Seems simple enough.

Signing oAuth Requests

When you register your application with twitter it gives you a consumer key that identifies your application and a consumer secret which will be used to generate your oAuth signature. This is where i bungled up, at first i thought the consumer key would be the signature to use, lets just say i should’ve read the oAuth Spec first.

Let’s take the request token call as an example. In order to obtain the request token for your application you will need to generate the following :

  1. Signature
  2. Nonce
  3. Timestamp

The oAuthBase class mentioned above will help you with this. All you need to do is provide it with your consumer key and secret, the url your calling in this case that would be : and the queryString – in this case this is empty
All you need to do is call the method  GenerateSignature to generate your signature and prepare your url.
The following code generates the url to call request_token :

    OAuth.OAuthBase oAuth = new OAuth.OAuthBase();
    string queryString="";
    string tstamp=oAuth.GenerateTimeStamp();
    string sig = oAuth.GenerateSignature(new Uri(,
                                     consumerKey, consumerSecret,,null, null,"GET",tstamp ,nonce,
                                     out url, out queryString);
    queryString += "&oauth_signature=" + HttpUtility.UrlEncode(sig);
    return url+"?"+queryString;

Now all you need to do is call that url and get your request_token.

All calls from here on end can be signed in the same manner. Only difference is that after the authorization procedure you get an access token, which you will need to provide  the GenerateSignature method in order to sign your urls.

Sidenote on Using oAuthBase

I ran into a problem when trying to use the oAuthBase class with mono and monodevelop.

Problem came from the compiler not finding the HttpUtility anywhere. This is a class that is inside the System.Web namespace. I solved this by adding System.Web to the project references.

External Links

FireFox keeps asking for Proxy Authentication

October 6, 2009 Leave a comment

I use firefox at work to do my browsing of the interwebz, for some stupid reason i recently ran into a problem where firefox kept asking me for the proxy authentication instead of saving the previous entered information. It would do this for every resource on a page. So when i opened a webpage i would have to click the damn ok button multiple times.
I smal search on google produce the following link :

If you don’t want to go reading the forums here is the TLDR solution – change network.negotiate-auth.allow-proxies property in about:config to false
This works for newer versions of firefox too.

Categories: web Tags: ,