RestSharp: OAuth1 signature_invalid when adding query parameters

Expected Behavior

For requests to authenticate.

Actual Behavior

OAuth failure message: signature_invalid I don’t think it’s related to #1166

Steps to Reproduce the Problem

var _client = new RestClient(EtsyApiEndpoint) { Authenticator = OAuth1Authenticator.ForProtectedResource(appKey, appSecret, accessKey, accessSecret) };
var req = new RestRequest("/shops/{shopId}/listings/active");
req.AddParameter("includes", "Attributes,Inventory");
var result = _client.Execute(req);

Specifications

Version: 106.5.0
Platform: Windows
Subsystem: Console App?

Details

I think the problem is at OAuth1Authenticator.AddOAuthData (adding get or post params) and OAuthWorkflow.OAuthWebQueryInfo (adding querystring params), so request parameters that became part of the querystring are being doubled. Stepping over the second part during debugging seems to work.

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 22 (13 by maintainers)

Commits related to this issue

only include new query parameters, fixing #1188 — committed to zaus/RestSharp by zaus 6 years ago

Most upvoted comments

@artiomchi I got your comment by email, have you deleted it? I see our point, I wasn’t sure what you did exactly. I am not sure why do we need to parse parameters in the request URL since we offer enough options to add query parameters using AddParameter and AddQueryParameter. Notice that all those methods support fluent-style configuration so your code looks clean:

var client = new RestClient("https://whatever.com/api");

//

var request = new RestRequest("gimmethat").
    .AddQueryParameter("id", id)
    .AddQueryParameter("page", 10);

var result = await client.GetAsync<Result>(request);

If you think we need to parse the query that you specify in the request constructor, we need to move this logic to the constructor:

Build the full URL without query parameters that are added by AddParameter
Parse the query and get all parameters
Remove parameters from the query
Add parameters to the parameter list

That would be a proper solution, but it has some complexity like finding out the request part of the full URL when parsing.

Please don’t think I am criticising you for the PR, I love when the community contributes to solving issues. But right now I think we broke more than we solved and I must revert the change for the sake of being compatible with what we had before for the majority of users. And, since I added an exception to the OAuth workflow, people won’t spend as much time as you did, trying to figure out why the signature is eventually wrong when they use query parameters in both client or request URL. Do you think it makes sense?

alexeyzimarev on Oct 22, 2018

Hi there,

Don’t know why this issue has been closed, but the issue is still there.

Using RestSharp 106.5.4 the following code will fail:

var client =  new RestClient("https://api.xing.com")
            {
                Authenticator = OAuth1Authenticator.ForProtectedResource(<ConsumerKey>,<ConsumerSecret>,<AccessToken>,<AccessTokenSecret>)
            };
 var request = new RestRequest(XingEndpoints.UsersMeContacts);
request.Method = Method.GET;
request.AddQueryParameter("limit", "0"); // Same with request.AddParameter
var response = client.Execute(request);

Returning a signature error response.

While the following works as expected:

var client =  new RestClient("https://api.xing.com")
            {
                Authenticator = OAuth1Authenticator.ForProtectedResource(<ConsumerKey>,<ConsumerSecret>,<AccessToken>,<AccessTokenSecret>)
            };
 var request = new RestRequest(XingEndpoints.UsersMeContacts + "?limit=0");
request.Method = Method.GET;
var response = client.Execute(request);

Did I missed something (tried to follow all issues and PR about this subject but get lost 😄 )?

I know the AddParameter version was working on 106.2.1 (which is old I know 😃)

Thanks for your time,

sescandell on Nov 28, 2018