Authentication to FreshBooks via DotNetOpenAuth

Question

I'm trying to use OAuth for authentication for the FreshBooks API from my ASP.NET MVC C# app. Here is what I have so far:

I'm using DotNetOpenAuth here is the code I have in my controller action

if (TokenManager != null)
{
    ServiceProviderDescription provider = new ServiceProviderDescription();
    provider.ProtocolVersion = ProtocolVersion.V10a;
    provider.AccessTokenEndpoint = new MessageReceivingEndpoint     ("https://myfbid.freshbooks.com/oauth/oauth_access.php", DotNetOpenAuth.Messaging.HttpDeliveryMethods.PostRequest);
    provider.RequestTokenEndpoint = new DotNetOpenAuth.Messaging.MessageReceivingEndpoint("https://myfbid.freshbooks.com/oauth/oauth_request.php", DotNetOpenAuth.Messaging.HttpDeliveryMethods.PostRequest);
    provider.UserAuthorizationEndpoint = new DotNetOpenAuth.Messaging.MessageReceivingEndpoint("https://myfbid.freshbooks.com/oauth/oauth_authorize.php", DotNetOpenAuth.Messaging.HttpDeliveryMethods.GetRequest);
    provider.TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() };

    var consumer = new WebConsumer(provider, TokenManager);

    var response = consumer.ProcessUserAuthorization();
    if (response != null)
    {
        this.AccessToken = response.AccessToken;
    }
    else
    {
        // we need to request authorization
        consumer.Channel.Send(consumer.PrepareRequestUserAuthorization(
            new Uri("http://localhost:9876/home/testoauth/"), null, null));
    }
}

The TokenManager is the same class that is provided with the DotNetOpenAuth sample, I've set my consumer secret that FreshBooks gave me.

On the consumer.Channel.Send(consumer.PrepareRequestUserAuthorization(...)) I've got the following exception:

"The remote server returned an error: (400) Bad Request.".

Am I doing this correctly? Based on FreshBooks documentation and DotNetOpenAuth samples that should work correctly.

Is there a simpler way to authenticate with OAuth, as DotNetOpenAuth is a bit huge for simply using OAuth authentication?

Answer 1

if you want to use DotNetOpenAuth you need to make sure that:

• you use signature method "PLAINTEXT"
• and use PlaintextSigningBindingElement as TamperProtectionElements

something like this works for me:

public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription
{
    ProtocolVersion = ProtocolVersion.V10a,
    RequestTokenEndpoint = new MessageReceivingEndpoint(oAuthBase + "/oauth_request.php", HttpDeliveryMethods.PostRequest),
    UserAuthorizationEndpoint = new MessageReceivingEndpoint(oAuthBase + "/oauth_authorize.php", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
    AccessTokenEndpoint = new MessageReceivingEndpoint(oAuthBase + "/oauth_access.php", HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
    TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new PlaintextSigningBindingElement() }
};

public static void RequestAuthorization(WebConsumer consumer)
{
    if (consumer == null)
    {
        throw new ArgumentNullException("consumer");
    }

    var extraParameters = new Dictionary<string, string> {
        { "oauth_signature_method", "PLAINTEXT" },
    };
    Uri callback = Util.GetCallbackUrlFromContext();
    var request = consumer.PrepareRequestUserAuthorization(callback, extraParameters, null);
    consumer.Channel.Send(request);
}