We Keep Coding

OAuth1.0 authentication says "Invalid signature - provided signature does not match.\" Error 401

OAuth1.0 authentication says:
Invalid signature - provided signature does not match." Error 401
I wanted to get data from an API provided by GravityForm, it completely works in Postman, but I can't get it through my own C# app.
I have tried different solutions provided by friends on Stackoverflow, but unfortunately, none of them work.
Here's my ultimate code:
private void button2_Click(object sender, EventArgs e)
{
string sig = GetAuthorizationToken();
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
var client = new RestClient("https://kashfsho.com/wp-json/gf/v2/entries/");
var request = new RestRequest(Method.GET);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("Content-Type", "application/json");
request.AddHeader("authorization", sig);
IRestResponse response = client.Execute(request);
}
public string GetAuthorizationToken()
{
timeStamp = ((int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString();
nonce = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(timeStamp + timeStamp + timeStamp));
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create("https://kashfsho.com/wp-json/gf/v2/entries/");
httpWebRequest.Method = "Get";
string consumer_secret = Uri.EscapeDataString(conSumerSecret);
string signature_base_string = GetSignatureBaseString(timeStamp, nonce);
SHA1HASH = GetSha1Hash(signature_base_string, consumer_secret); //also tried with nonEscaped consumer!
string Header =
"OAuth oauth_consumer_key=" + '"' + consumerKey + '"' + "," +
"oauth_nonce=" + '"' + nonce + '"' + "," +
"oauth_signature=" + '"' + SHA1HASH + '"' + "," +
"oauth_signature_method=" + '"' + #"HMAC-SHA1" + '"' + "," +
"oauth_timestamp=" + '"' + timeStamp + '"' + "," +
"oauth_version=" + '"' + "1.0" + '"';
return Header;
}
private string GetSha1Hash(string key, string t)
{
var encoding = new System.Text.ASCIIEncoding();
byte[] keyBytes = encoding.GetBytes(key);
byte[] messageBytes = encoding.GetBytes(t);
string strSignature = string.Empty;
using (HMACSHA1 SHA1 = new HMACSHA1(keyBytes))
{
var Hashed = SHA1.ComputeHash(messageBytes);
SHA1HASH = Convert.ToBase64String(Hashed);
}
return SHA1HASH;
}
public string GetSignatureBaseString(string TimeStamp, string Nonce)
{
//1.Convert the HTTP Method to uppercase and set the output string equal to this value.
string Signature_Base_String = "Get";
Signature_Base_String = Signature_Base_String.ToUpper();
//2.Append the ‘&’ character to the output string.
Signature_Base_String = Signature_Base_String + "&";
//3.Percent encode the URL and append it to the output string.
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
string PercentEncodedURL = Uri.EscapeDataString("https://kashfsho.com/wp-json/gf/v2/entries/");
Signature_Base_String = Signature_Base_String + PercentEncodedURL;
//4.Append the ‘&’ character to the output string.
Signature_Base_String = Signature_Base_String + "&";
//5.append parameter string to the output string.
Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("oauth_consumer_key=" + consumerKey);
Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_nonce=" + Nonce);
Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_signature_method=" + "HMAC-SHA1");
Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_timestamp=" + TimeStamp);
Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_version=" + "1.0");
return Signature_Base_String;
}
Tried Solutions:
Generate OAuth1 signature in C#
Create OAuth Signature with HMAC-SHA1 Encryption returns HTTP 401
Using C# to create the Twitter authorization header for search

Oh, after about a month, I finally reached a solution. For authentication of GravityForm APIs, OAUTH 1.0 is not as stable as you may expect. Instead, you'd better use "BASIC AUTHENTICATION" like this:
USERNAME = consumerKey
Password = consumerSecret
Then you can use following solution:
RestSharp HttpBasicAuthentication - example

REST API authentication (OAuth 1.0) using C#

I'm trying to connect to the Bricklink REST API using OAuth (http://apidev.bricklink.com/redmine/projects/bricklink-api/wiki/Authorization).
It should be pretty straight forward. However, I'm currently stuck and keep getting a SIGNATURE_INVALID error. My current attempt is shown below. Any suggestions?
const string consumerKey = "";
const string consumerSecret = "";
const string tokenSecret = "";
const string tokenValue = "";
const string url = "https://api.bricklink.com/api/store/v1/items/part/3001";
var httpWebRequest = (HttpWebRequest) WebRequest.Create(url);
httpWebRequest.Method = "GET";
var timeStamp = ((int) (DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString();
var nonce = Convert.ToBase64String(Encoding.UTF8.GetBytes(timeStamp));
var signatureBaseString = httpWebRequest.Method.ToUpper() + "&";
signatureBaseString = signatureBaseString + url.ToLower() + "&";
signatureBaseString = signatureBaseString + "oauth_consumer_key=" + consumerKey + "&";
signatureBaseString = signatureBaseString + "oauth_nonce=" + nonce + "&";
signatureBaseString = signatureBaseString + "oauth_signature_method=" + "HMAC-SHA1" + "&";
signatureBaseString = signatureBaseString + "oauth_timestamp=" + timeStamp + "&";
signatureBaseString = signatureBaseString + "oauth_token=" + tokenValue + "&";
signatureBaseString = signatureBaseString + "oauth_version=" + "1.0";
signatureBaseString = Uri.EscapeDataString(signatureBaseString);
Console.WriteLine(signatureBaseString);
var signatureEncoding = new ASCIIEncoding();
var keyBytes = signatureEncoding.GetBytes(consumerSecret + "&" + tokenSecret);
var signatureBaseBytes = signatureEncoding.GetBytes(signatureBaseString);
string signatureString;
using (var hmacsha1 = new HMACSHA1(keyBytes))
{
var hashBytes = hmacsha1.ComputeHash(signatureBaseBytes);
signatureString = Convert.ToBase64String(hashBytes);
}
signatureString = Uri.EscapeDataString(signatureString);
Console.WriteLine(signatureString);
string SimpleQuote(string x) => '"' + x + '"';
var header =
"OAuth realm=" + SimpleQuote("") + "," +
"oauth_consumer_key=" + SimpleQuote(consumerKey) + "," +
"oauth_nonce=" + SimpleQuote(nonce) + "," +
"oauth_signature_method=" + SimpleQuote("HMAC-SHA1") + "," +
"oauth_timestamp=" + SimpleQuote(timeStamp) + "," +
"oauth_token=" + SimpleQuote(tokenValue) + "," +
"oauth_version=" + SimpleQuote("1.0") + "," +
"oauth_signature= " + SimpleQuote(signatureString);
Console.WriteLine(header);
httpWebRequest.Headers.Add(HttpRequestHeader.Authorization, header);
var response = httpWebRequest.GetResponse();
var characterSet = ((HttpWebResponse) response).CharacterSet;
var responseEncoding = characterSet == ""
? Encoding.UTF8
: Encoding.GetEncoding(characterSet ?? "utf-8");
var responsestream = response.GetResponseStream();
if (responsestream == null)
{
throw new ArgumentNullException(nameof(characterSet));
}
using (responsestream)
{
var reader = new StreamReader(responsestream, responseEncoding);
var result = reader.ReadToEnd();
Console.WriteLine(result);
}
I know that consumerKey, consumerSecret, tokenSecret, and tokenValue are correct as I can connect using the bricklink-api (https://www.npmjs.com/package/bricklink-api) using JavaScript.

After studying https://oauth.net/core/1.0/#signing_process again, I finally got it right. Note, the Escape function is not essential I just happened to stumble upon that one while trying to make things work.
const string consumerKey = "";
const string consumerSecret = "";
const string tokenSecret = "";
const string tokenValue = "";
const string url = "https://api.bricklink.com/api/store/v1/items/part/3001";
string Escape(string s)
{
// https://stackoverflow.com/questions/846487/how-to-get-uri-escapedatastring-to-comply-with-rfc-3986
var charsToEscape = new[] {"!", "*", "'", "(", ")"};
var escaped = new StringBuilder(Uri.EscapeDataString(s));
foreach (var t in charsToEscape)
{
escaped.Replace(t, Uri.HexEscape(t[0]));
}
return escaped.ToString();
}
var httpWebRequest = (HttpWebRequest) WebRequest.Create(url);
httpWebRequest.Method = "GET";
var timeStamp = ((int) (DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString();
var nonce = Convert.ToBase64String(Encoding.UTF8.GetBytes(timeStamp));
var signatureBaseString = Escape(httpWebRequest.Method.ToUpper()) + "&";
signatureBaseString += EscapeUriDataStringRfc3986(url.ToLower()) + "&";
signatureBaseString += EscapeUriDataStringRfc3986(
"oauth_consumer_key=" + EscapeUriDataStringRfc3986(consumerKey) + "&" +
"oauth_nonce=" + EscapeUriDataStringRfc3986(nonce) + "&" +
"oauth_signature_method=" + EscapeUriDataStringRfc3986("HMAC-SHA1") + "&" +
"oauth_timestamp=" + EscapeUriDataStringRfc3986(timeStamp) + "&" +
"oauth_token=" + EscapeUriDataStringRfc3986(tokenValue) + "&" +
"oauth_version=" + EscapeUriDataStringRfc3986("1.0"));
Console.WriteLine(#"signatureBaseString: " + signatureBaseString);
var key = EscapeUriDataStringRfc3986(consumerSecret) + "&" + EscapeUriDataStringRfc3986(tokenSecret);
Console.WriteLine(#"key: " + key);
var signatureEncoding = new ASCIIEncoding();
var keyBytes = signatureEncoding.GetBytes(key);
var signatureBaseBytes = signatureEncoding.GetBytes(signatureBaseString);
string signatureString;
using (var hmacsha1 = new HMACSHA1(keyBytes))
{
var hashBytes = hmacsha1.ComputeHash(signatureBaseBytes);
signatureString = Convert.ToBase64String(hashBytes);
}
signatureString = EscapeUriDataStringRfc3986(signatureString);
Console.WriteLine(#"signatureString: " + signatureString);
string SimpleQuote(string s) => '"' + s + '"';
var header =
"OAuth realm=" + SimpleQuote("") + "," +
"oauth_consumer_key=" + SimpleQuote(consumerKey) + "," +
"oauth_nonce=" + SimpleQuote(nonce) + "," +
"oauth_signature_method=" + SimpleQuote("HMAC-SHA1") + "," +
"oauth_timestamp=" + SimpleQuote(timeStamp) + "," +
"oauth_token=" + SimpleQuote(tokenValue) + "," +
"oauth_version=" + SimpleQuote("1.0") + "," +
"oauth_signature= " + SimpleQuote(signatureString);
Console.WriteLine(#"header: " + header);
httpWebRequest.Headers.Add(HttpRequestHeader.Authorization, header);
var response = httpWebRequest.GetResponse();
var characterSet = ((HttpWebResponse) response).CharacterSet;
var responseEncoding = characterSet == ""
? Encoding.UTF8
: Encoding.GetEncoding(characterSet ?? "utf-8");
var responsestream = response.GetResponseStream();
if (responsestream == null)
{
throw new ArgumentNullException(nameof(characterSet));
}
using (responsestream)
{
var reader = new StreamReader(responsestream, responseEncoding);
var result = reader.ReadToEnd();
Console.WriteLine(#"result: " + result);
}

For anyone who is looking for way simpler solution. This works with WooCommerce and probably with other services. For WooCommerce token/tokenSecret is null.
var client = new RestClient($"{StoreHttp}/wp-json/wc/v3/products")
{
Authenticator = OAuth1Authenticator.ForProtectedResource(ConsumerKey, ConsumerSecret, token, tokenSecret)
};
var request = new RestRequest(Method.GET);
RestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

Example with: RestSharp version: 108.0.3
Do not need to write code for signature creation. RestSharp does it all for you.
using System;
using RestSharp;
using RestSharp.Authenticators;
using RestSharp.Authenticators.OAuth;
using Newtonsoft.Json;
var client = new RestClient(URL);
var oAuth1 = OAuth1Authenticator.ForAccessToken(
consumerKey: ConsumerKey,
consumerSecret: ConsumerSecret,
token: Token,
tokenSecret: TokenSecret,
OAuthSignatureMethod.HmacSha256);
oAuth1.Realm = Realm; // if Realm has otherwise ignore
client.Authenticator = oAuth1;
var request = new RestRequest(URL, Method.Post);
request.AddHeader("Content-Type", "application/json");
string body = JsonConvert.SerializeObject(bodyObject);
request.AddParameter("application/json", body, ParameterType.RequestBody);
var response = client.Execute(request);

Json requests between c# and php file

I want to send json request from c# to php file and save data into text file but php file can not read data
this is my code
User user = new User { id = 1, name = "Bob", address = "password", phone = "0111111111", activation = true };
string json = "{\"id\":" + "\"" + user.id + "\""
+ ",\"name\":" + "\"" + user.name + "\""
+ ",\"address\":" + "\"" + user.address + "\""
+ ",\"activation\":" + "\"" + user.activation + "\"}";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://localhost:8080/test.php");
request.Method = "POST";
request.ContentType = "application/json";
request.ContentLength = json.Length;
using (var streamWriter = new StreamWriter(request.GetRequestStream()))
{
streamWriter.Write(json);
streamWriter.Close();
var httpResponse = (HttpWebResponse)request.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
var result = streamReader.ReadToEnd();
}
}
and php file id
<?php
$data = json_decode(file_get_contents('php://input'), true);
$file = "LogFile.txt";
$handle = fopen($file, 'a') or die('ERROR: Cannot write to file: ' . $file);
date_default_timezone_set('Europe/Amsterdam');
fwrite($handle, $data);
fclose($handle);
echo "SUCCESS";
?>
please what must i do in php file to read right? thank you

This minimal piece of code was all I needed to solve my own problem:
$_data = json_decode(file_get_contents('php://input'), true);
if (isset($_data)) {
$file = "users.txt";
file_put_contents($file, json_encode($_data));
}

Twitter OAuth request_token stopped working

Out of no where, my twitter API calls, specificly my first step in the 3-legged auth, stopped working. I've compared the timestamps, keys and everything with the OAuth signature generator tool, and they all match (execpt oauth_nonce but thats the point I guess). Here is my code. Any suggestions or small observations would be appreciated.
protected void RequestToken()
{
string oauthcallback = Request.Url.Host + "/TwitterCallback.aspx";
string oauthconsumerkey = "xxx-consumerkey";
string oauthconsumersecret = "xxx-consumerSecret";
string oauthtokensecret = string.Empty;
string oauthtoken = string.Empty;
string oauthsignaturemethod = "HMAC-SHA1";
string oauthversion = "1.0";
string oauthnonce = Convert.ToBase64String(new ASCIIEncoding().GetBytes(DateTime.Now.Ticks.ToString()));
TimeSpan timeSpan = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
string oauthtimestamp = Convert.ToInt64(timeSpan.TotalSeconds).ToString();
string url = "https://api.twitter.com/oauth/request_token?oauth_callback=" + oauthcallback;
SortedDictionary<string, string> basestringParameters = new SortedDictionary<string, string>();
basestringParameters.Add("oauth_version", oauthversion);
basestringParameters.Add("oauth_consumer_key", oauthconsumerkey);
basestringParameters.Add("oauth_nonce", oauthnonce);
basestringParameters.Add("oauth_signature_method", oauthsignaturemethod);
basestringParameters.Add("oauth_timestamp", oauthtimestamp);
basestringParameters.Add("oauth_callback", Uri.EscapeDataString(oauthcallback));
//Build the signature string
string baseString = String.Empty;
baseString += "POST" + "&";
baseString += Uri.EscapeDataString(url.Split('?')[0]) + "&";
foreach (KeyValuePair<string, string> entry in basestringParameters)
{
baseString += Uri.EscapeDataString(entry.Key + "=" + entry.Value + "&");
}
//Remove the trailing ambersand char last 3 chars - %26
//baseString = baseString.Substring(0, baseString.Length - 3);
//Build the signing key
string signingKey = Uri.EscapeDataString(oauthconsumersecret) +
"&" + Uri.EscapeDataString(oauthtokensecret);
//Sign the request
HMACSHA1 hasher = new HMACSHA1(new ASCIIEncoding().GetBytes(signingKey));
string oauthsignature = Convert.ToBase64String(
hasher.ComputeHash(new ASCIIEncoding().GetBytes(baseString)));
//Tell Twitter we don't do the 100 continue thing
ServicePointManager.Expect100Continue = false;
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(#url);
string authorizationHeaderParams = String.Empty;
authorizationHeaderParams += "OAuth ";
authorizationHeaderParams += "oauth_nonce=" + "\"" +
Uri.EscapeDataString(oauthnonce) + "\",";
authorizationHeaderParams += "oauth_signature_method=" + "\"" +
Uri.EscapeDataString(oauthsignaturemethod) + "\",";
authorizationHeaderParams += "oauth_timestamp=" + "\"" +
Uri.EscapeDataString(oauthtimestamp) + "\",";
authorizationHeaderParams += "oauth_consumer_key=" + "\"" +
Uri.EscapeDataString(oauthconsumerkey) + "\",";
authorizationHeaderParams += "oauth_signature=" + "\"" +
Uri.EscapeDataString(oauthsignature) + "\",";
authorizationHeaderParams += "oauth_version=" + "\"" +
Uri.EscapeDataString(oauthversion) + "\"";
webRequest.Headers.Add("Authorization", authorizationHeaderParams);
webRequest.Method = "POST";
webRequest.ContentType = "application/x-www-form-urlencoded";
//Allow us a reasonable timeout in case Twitter's busy
webRequest.Timeout = 3 * 60 * 1000;
try
{
HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse;
Stream dataStream = webResponse.GetResponseStream();
// Open the stream using a StreamReader for easy access.
StreamReader reader = new StreamReader(dataStream);
// Read the content.
string responseFromServer = reader.ReadToEnd();
var uri = new Uri("https://test.dk?" + responseFromServer);
var token = HttpUtility.ParseQueryString(uri.Query).Get("oauth_token"); ;
var tokensecret = HttpUtility.ParseQueryString(uri.Query).Get("oauth_token_secret");
Response.Write(responseFromServer);
Response.Redirect("https://api.twitter.com/oauth/authorize?force_login=true&oauth_token=" + token);
}
catch (Exception ex)
{
Response.Write(ex.GetBaseException());
}
}
The error obviously happens when I do the HTTP request webRequest.GetResponse()
It returns a 401 unauthorized

Apperently you have to include the oauth version number in the URL now, or else it will fall back to the oldest version (or maybe the newest, can't remember).
Providing /oath/1.0/ or /1.0/oauth/ or what ever solved my issue as i recall it (it's been a while).

C# - vBulletin new thread

i tried this:
public static void CreateNewThread(string url,string fId, string title, string message, string tag)
{
url += "newthread.php?do=postthread";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
//string result = "";
string values = "subject=" + title
+ "&message=" + message
+ "&tag=" + tag
+ "&do=postthread"
+ "&f=" + fId
+ "&s="
+ ""
;
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = values.Length;
ServicePointManager.Expect100Continue = false; // prevents 417 error
using (StreamWriter writer = new StreamWriter(req.GetRequestStream(), Encoding.UTF8))
{
writer.Write(values);
}
HttpWebResponse c = (HttpWebResponse)req.GetResponse();
}
But this is doesnt work!

Try encoding the subject and message paramaters:
HttpUtility.UrlEncode(
string values = "subject=" + HttpUtility.UrlEncode(title)
+ "&message=" + HttpUtility.UrlEncode(message)
+ "&tag=" + HttpUtility.UrlEncode(tag)
+ "&do=postthread"
+ "&f=" + fId
+ "&s="
+ ""
;