kjobson is correct, if you have a look at the examples you will see that for our end to end test we use WatiN to automate the browse during the period between getting a request token, and being able to exchange it for an access token.

Incidentally I've applied some updates to the trunk to support OAuth 1.0a - I'll finish updating the provider etc. examples tomorrow and make a new release, but in the mean time this may help with your problem as well.

First, thanks for producing this. I'm having an issue and am hoping you can confirm the behavior I'm seeing. I have secured a service call using the library and am just trying to hit the endpoint with a browser. I'm expecting to get a 401 with an Authentication header indicating OAuth is supported. However, what's happening is that an exception is being thrown on the service side because a token wasn't passed in. The exception happens on the GenerateSignatureBase?() call in OAuthContext. The token is null, and setting Token = string.Empty fails because the Collection behind the scenes is an HttpValueCollection?, which is read-only. Thoughts?

drb9633: You're correct, and this is an issue for me aswell. Not only does a null value for the token generate an error, but the & sign in the end of the string is only cleaned for the generation of the basesignature. My solution is probably not perfect but this is how i do it. When creating the new OauthContext? i pass a cleaned up namevaluecollection.

      var context = new OAuthContext
                      {
                        RawUri = CleanUri(request.Url),
                        Cookies = CollectCookies(request),
                        Headers = request.Headers,
                        RequestMethod = request.HttpMethod,
                        FormEncodedParameters = request.Form,
                        QueryParameters = CleanQueryStrings(request.QueryString),
                        
                      };

And the function:

    static NameValueCollection CleanQueryStrings(NameValueCollection requestQueryString)
    {
        NameValueCollection nvc = new NameValueCollection(requestQueryString);
        if (nvc.HasKeys())
        {
            nvc.Remove(null);
        }
        return nvc;
    }

Which basically creates a new namevaluecollection which isn't readonly, removes any keys that are null and returns it.

Hope it helps.

I had to change UriUtility?.cs to have this work properly. Borrowed an implementation I saw in another sample:

private static readonly string UriRfc3986CharsToEscape? = new { "!", "", "'", "(", ")" };

public static string UrlEncode?(string value) {

StringBuilder? escaped = new StringBuilder?(Uri.EscapeDataString?(value));

// Upgrade the escaping to RFC 3986, if necessary. for (int i = 0; i < UriRfc3986CharsToEscape?.Length; i++) {

escaped.Replace(UriRfc3986CharsToEscape?i?, Uri.HexEscape?(UriRfc3986CharsToEscape?i?0?));

}

return escaped.ToString?();

}

Without this change, the oauth signatures were invalid if URL contained cyrillic characters.

Thought this might help others.

A pointer to the source for the UrlEncode?() I found works http://stackoverflow.com/questions/846487/how-to-get-uri-escapedatastring-to-comply-with-rfc-3986