Handle with OAuth1 Spec
We’ve been developing some Azure functions to create integrations services that have some specific requirements for a customer. What’s great about Azure functions is that it allows us to work with .net framework potential and we can put our mainstream “jedi magic” development knowledge into action.
In this particular case, we’re creating some specific HTTP connectors that must handle OAuth1 authentication on each request, no big deal right?
One HTTP request with OAuth1 authentication header should look like this:
We could go rogue and perform the necessary development to create the Authorization header param with the requested OAuth1 fields:
- oauth_consumer_key=”….”
- oauth_nonce=”…”
- oauth_signature=”…”
- oauth_signature_method=”HMAC-SHA1”
- oauth_timestamp=”…”
- oauth_version=”1.0”
And for each property we can compute the necessary steps to generate the right values on runtime and get some fuel into it.
Calling RestSharp onto the stage, please
By putting the RestSharp lib into action we can reduce this into a few lines of code such as:
So as you can see everything starts with the client declaration, where you put your specific configuration in place (authentication, properties, host, etc.), and then we configure the OAuth authentication properties to request a token that uses the OAuthSignatureMethod.HmacSha1 as default. The hard part is done, after is just a matter of headers configuration (in case you need to add your specific headers on the HTTP request) and the body params as well.
Execute the client’s request and look at your amazing work – voilá.
They say RestSharp is “probably, the most popular REST API client library for .NET” and for my personal experience this is true. I never like having too much backend code performing HTTP calls to other services, especially if we’re at a "RESTfull" scenario where the consumer apps should orchestrate the call their own. Of course, there are many exceptions to this example. We need to perform multiple calls from a backend function (server to server) and this library can help us in the effort to write every aspect and HTTP specification necessary instead of going down the road with the traditional System.Net.Http.HttpClient class one.
RestSharp offers capabilities of serialization, sync and async, authentication (basic, OAuth1, OAuth2, JWT, NTLM, and custom), parameters, forms, files, and extensive configuration that can help you to build your own specific C# HTTP client that is built around your custom integration scenario.
I’ve been using this particular library for almost four years and is proven to be strong and reliable. So turn your C# code more readable and maintainable when dealing with REST APIs with this little # on it.
Last but not least, please ensure that you avoid the OAuth1 authentication, there are some serious known issues regarding security (read it here and here), there are some other preferable methods or the current OAuth authentication protocol evolution for version 2, or if you must have at least the 1a (that was the version with the security fix). We were using this one, in a tight and enclosed context, so security concerns were other ones than the OAuth1 protocol.
Nevertheless, RestSharp lib can also help you out with the OAuth 2 usage on your serverless code or .net solutions and this is great – the lib is alive and well. 👍
Subscribe to our RSS feed