File Information
Library: Net
Package: OAuth
Header: Poco/Net/OAuth10Credentials.h
Description
This class implements OAuth 1.0A authentication for HTTP requests, according to RFC 5849.
Only PLAINTEXT and HMAC-SHA1 signature methods are supported. The RSA-SHA1 signature method is not supported.
The OAuth10Credentials can be used to sign a client request, as well as to verify the signature of a request on the server.
To sign a client request, using a known consumer (client) key, consumer (client) secret, OAuth token and token secret:
- Create an OAuth10Credentials object using all four credentials, either using the four argument constructor, or by using the default constructor and setting the credentials using the setter methods.
- Create a URI containing the full request URI.
- Create an appropriate HTTPRequest object.
- Optionally, create a HTMLForm object containing additional parameters to sign.
- Sign the request by calling authenticate(). This will add an OAuth Authorization header to the request.
- Send the request using a HTTPClientSession.
To request the OAuth request token from a server, using only the consumer (client) key and consumer (client) secret:
- Create an OAuth10Credentials object using the two consumer credentials, either using the two argument constructor, or by using the default constructor and setting the credentials using the setter methods.
- Specify the callback URI using setCallback().
- Create a URI containing the full request URI to obtain the token.
- Create an appropriate HTTPRequest object.
- Sign the request by calling authenticate(). This will add an OAuth Authorization header to the request.
- Send the request using a HTTPClientSession.
- The response will contain the request token and request token secret. These can be extracted from the response body using a HTMLForm object.
Requesting the access token and secret (temporary credentials) from the server is analogous to signing a client request using consumer key, consumer secret, request token and request token secret. The server response will contain the access token and access token secret, which can again be extracted from the response body using a HTMLForm object.
To verify a request on the server:
- Create an OAuth10Credentials object using the constructor taking a HTTPRequest object. This will extract the consumer key and token (if provided).
- Provide the consumer secret and token secret (if required) matching the consumer key and token to the OAuth10Credentials object using the setter methods.
- Create an URI object containing the full request URI.
- Call verify() to verify the signature.
- If verification was successful, and the request was a request for a request (temporary) token, call getCallback() to obtain the callback URI provided by the client.
Member Summary
Member Functions: authenticate, createNonce, createSignature, getCallback, getConsumerKey, getConsumerSecret, getRealm, getToken, getTokenSecret, nonceAndTimestampForTesting, percentEncode, setCallback, setConsumerKey, setConsumerSecret, setRealm, setToken, setTokenSecret, signHMACSHA1, signPlaintext, verify
Enumerations
SignatureMethod
OAuth 1.0A Signature Method.
OAuth 1.0A PLAINTEXT signature method
OAuth 1.0A HMAC-SHA1 signature method
Constructors
OAuth10Credentials
Creates an empty OAuth10Credentials object.
OAuth10Credentials
explicit OAuth10Credentials(
const HTTPRequest & request
);
Creates an OAuth10Credentials object from a HTTPRequest object.
Extracts consumer key and token (if available) from the Authorization header.
Throws a NotAuthenticatedException if the request does not contain OAuth 1.0 credentials.
OAuth10Credentials
OAuth10Credentials(
const std::string & consumerKey,
const std::string & consumerSecret
);
Creates an OAuth10Credentials object with the given consumer key and consumer secret.
The token and tokenSecret will be left empty.
OAuth10Credentials
OAuth10Credentials(
const std::string & consumerKey,
const std::string & consumerSecret,
const std::string & token,
const std::string & tokenSecret
);
Creates an OAuth10Credentials object with the given consumer key and consumer secret, as well as token and token secret.
Destructor
~OAuth10Credentials
Destroys the OAuth10Credentials.
Member Functions
authenticate
void authenticate(
HTTPRequest & request,
const Poco::URI & uri,
SignatureMethod method = SIGN_HMAC_SHA1
);
Adds an OAuth 1.0A Authentication header to the given request, using the given signature method.
authenticate
void authenticate(
HTTPRequest & request,
const Poco::URI & uri,
const Poco::Net::HTMLForm & params,
SignatureMethod method = SIGN_HMAC_SHA1
);
Adds an OAuth 1.0A Authentication header to the given request, using the given signature method.
getCallback
const std::string & getCallback() const;
Returns the callback URI.
getConsumerKey
const std::string & getConsumerKey() const;
Returns the consumer key.
getConsumerSecret
const std::string & getConsumerSecret() const;
Returns the consumer secret.
getRealm
const std::string & getRealm() const;
Returns the optional realm to be included in the Authorization header.
getToken
const std::string & getToken() const;
Returns the token.
getTokenSecret
const std::string & getTokenSecret() const;
Returns the token secret.
nonceAndTimestampForTesting
void nonceAndTimestampForTesting(
const std::string & nonce,
const std::string & timestamp
);
Sets the nonce and timestamp to a wellknown value.
For use by testsuite only, to test the signature algorithm with wellknown inputs.
In normal operation, the nonce is a random value computed by createNonce() and the timestamp is taken from the system time.
setCallback
void setCallback(
const std::string & uri
);
Sets the callback URI.
setConsumerKey
void setConsumerKey(
const std::string & consumerKey
);
Sets the consumer key.
setConsumerSecret
void setConsumerSecret(
const std::string & consumerSecret
);
Sets the consumer secret.
setRealm
void setRealm(
const std::string & realm
);
Sets the optional realm to be included in the Authorization header.
setToken
void setToken(
const std::string & token
);
Sets the token.
setTokenSecret
void setTokenSecret(
const std::string & tokenSecret
);
Sets the token.
verify
bool verify(
const HTTPRequest & request,
const Poco::URI & uri
);
Verifies the signature of the given request.
The consumer key, consumer secret, token and token secret must have been set.
Returns true if the signature is valid, otherwise false.
Throws a NotAuthenticatedException if the request does not contain OAuth credentials, or in case of an unsupported OAuth version or signature method.
verify
bool verify(
const HTTPRequest & request,
const Poco::URI & uri,
const Poco::Net::HTMLForm & params
);
Verifies the signature of the given request.
The consumer key, consumer secret, token and token secret must have been set.
Returns true if the signature is valid, otherwise false.
Throws a NotAuthenticatedException if the request does not contain OAuth credentials, or in case of an unsupported OAuth version or signature method.
createNonce
std::string createNonce() const;
Creates a nonce, which is basically a Base64-encoded 32 character random string, with non-alphanumeric characters removed.
createSignature
std::string createSignature(
const Poco::Net::HTTPRequest & request,
const std::string & uri,
const Poco::Net::HTMLForm & params,
const std::string & nonce,
const std::string & timestamp
) const;
Creates a OAuth signature for the given request and its parameters, according to <https://dev.twitter.com/docs/auth/creating-signature>.
percentEncode
static std::string percentEncode(
const std::string & str
);
Percent-encodes the given string according to Twitter API's rules, given in <https://dev.twitter.com/docs/auth/percent-encoding-parameters>.
signHMACSHA1
void signHMACSHA1(
Poco::Net::HTTPRequest & request,
const std::string & uri,
const Poco::Net::HTMLForm & params
) const;
Signs the given HTTP request according to OAuth 1.0A HMAC-SHA1 signature method.
signPlaintext
void signPlaintext(
Poco::Net::HTTPRequest & request
) const;
Signs the given HTTP request according to OAuth 1.0A PLAINTEXT signature method.
Variables
SCHEME
static const std::string SCHEME;