Bug in Telldus Live! OAuth implementation?

Moderator: Telldus

Post Reply
sverkerf
Posts: 4
Joined: Thu Jan 18, 2018 11:08 am

Bug in Telldus Live! OAuth implementation?

Post by sverkerf » Thu Jan 18, 2018 11:08 am

I have tried to create an application to experiment with accessing Telldus Live! Unfortunately this has been unsuccessful.

I'm developing in Dot Net, using the DotNetOpenAuth library. Using Fiddler2, I've been able to capture the communication between my application and Telldus Live!. It seems the response I get is not according to standard.

This is my request:
GET http://api.telldus.com/oauth/requestTok ... sumer_key=...actual data removed...&oauth_nonce=voRmRh4V&oauth_signature_method=HMAC-SHA1&oauth_signature=...actual data removed...&oauth_version=1.0&oauth_timestamp=1347795428 HTTP/1.1
User-Agent: DotNetOpenAuth.Core/4.0.0.0
Host: api.telldus.com
Connection: Keep-Alive
This is the response:
HTTP/1.1 200 OK
Date: Sun, 16 Sep 2012 11:33:28 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze1
Set-Cookie: PHPSESSID=4egjobtr0e42cbbikthms1ej35; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 154
Content-Type: application/x-www-form-urlencoded

oauth_callback_confirmed=1&oauth_token=...actual data removed...&oauth_token_secret=...actual data removed...&xoauth_token_ttl=3600
Upon this response, I get an exception from DotNetOpenAuth:
Error while reading message 'DotNetOpenAuth.OAuth.Messages.UnauthorizedTokenResponse' parameter 'oauth_callback_confirmed' with value '1'.
I've checked the OAuth RFC, and found this:
oauth_callback_confirmed
MUST be present and set to "true". The parameter is used to
differentiate from previous versions of the protocol.
When I intercept and edit the response using Fiddler and change the value to 'true' instead of '1', my application continues.
oauth_callback_confirmed=true&oauth_token=...actual data removed...&oauth_token_secret=...actual data removed...&xoauth_token_ttl=3600
My conclusion is that the response does not comply with the standard. Please fix!

PerM
Posts: 58
Joined: Thu Jan 18, 2018 11:08 am
Contact:

Re: Bug in Telldus Live! OAuth implementation?

Post by PerM » Thu Jan 18, 2018 11:08 am

You should probably file a support ticket here: http://telldus.com/support/index

Telldus responds to those quicker than questions asked on the forum.
Beyond Measure - mer än bara mätning: Rita regler grafiskt, styr enheter, skapa grafer, skicka/ta emot SMS, E-mail, 1-Wire, RFXtrx, Tellstick....

micke.prag
Site Admin
Posts: 2242
Joined: Thu Jan 18, 2018 11:08 am
Location: Lund
Contact:

Re: Bug in Telldus Live! OAuth implementation?

Post by micke.prag » Thu Jan 18, 2018 11:08 am

Micke Prag
Software
Telldus Technologies

brewman
Posts: 3
Joined: Thu Jan 18, 2018 11:08 am

Re: Bug in Telldus Live! OAuth implementation?

Post by brewman » Thu Jan 18, 2018 11:08 am

Sverkerf do you think you could post a code example how you implemented openauth? I know it doesn't work just now but I am curious if I implemented it right and this is the bug that does it to not work.
Kind regards / Brewman

sverkerf
Posts: 4
Joined: Thu Jan 18, 2018 11:08 am

Re: Bug in Telldus Live! OAuth implementation?

Post by sverkerf » Thu Jan 18, 2018 11:08 am

Sure.

It's a desktop app, one Button called button1 and one TextBox called resultsBox.
I have run it only as far as to get that error message about an unexpected reply from Telldus' server. I intended to extend it successively, eventually writing code to actually do something, but since the communication still isn't working, I'm stuck.

Sverker


using System;
using System.Diagnostics;
using System.Windows.Forms;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth;
using DotNetOpenAuth.OAuth.ChannelElements;
using DotNetOpenAuth.OAuth.Messages;

namespace TelldusDesktopTestApplication
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}

private void button1_Click(object sender, EventArgs e)
{
try
{
var accessTokenEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/accessToken/", HttpDeliveryMethods.GetRequest);
var requestTokenEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/requestToken/", HttpDeliveryMethods.GetRequest);
var userAuthorizationEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/authorize/", HttpDeliveryMethods.GetRequest);
var serviceProviderDescription = new ServiceProviderDescription
{
AccessTokenEndpoint = accessTokenEndpoint,
RequestTokenEndpoint = requestTokenEndpoint,
UserAuthorizationEndpoint = userAuthorizationEndpoint,
ProtocolVersion = ProtocolVersion.V10,
TamperProtectionElements = new ITamperProtectionChannelBindingElement[] {new HmacSha1SigningBindingElement()}
};
var tokenManager = new InMemoryTokenManager();
tokenManager.ConsumerKey = "<my public key from Telldus>";
tokenManager.ConsumerSecret = "<my private key from Telldus>";

var desktopConsumer = new DesktopConsumer(serviceProviderDescription, tokenManager);

// protocol version 1.0
string requestToken;
Uri authorizeUrl = desktopConsumer.RequestUserAuthorization(null, null, out requestToken);
Process.Start(authorizeUrl.AbsoluteUri);
MessageBox.Show(this, "Click OK when you've authorized the app.");
AuthorizedTokenResponse authorizationResponse = desktopConsumer.ProcessUserAuthorization(requestToken, null);
string accessToken = authorizationResponse.AccessToken;

var resourceEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/accessToken", HttpDeliveryMethods.GetRequest);
using (
IncomingWebResponse resourceResponse = desktopConsumer.PrepareAuthorizedRequestAndSend(resourceEndpoint, accessToken))
{
resultsBox.Text = resourceResponse.GetResponseReader().ReadToEnd();
}
}
catch (Exception exp)
{
resultsBox.Text = string.Format("{0}\n{1}", exp.Message, exp.StackTrace);
}
}
}
}

Jotar
Posts: 5
Joined: Thu Jan 18, 2018 11:08 am

Re: Bug in Telldus Live! OAuth implementation?

Post by Jotar » Thu Jan 18, 2018 11:08 am

Hi,
my first post here :)

I have just downloaded OAuth, built a little test application, and of course got the same error.
It's fine to use the privately created keys while testing, but I would like to have the possibility to share a working app or functioning code.

When I look at the ticket created and follow the link to oauth-php, they have posted a patch for this.
Clearly that is an admission to a miss in implementing the standard?!
So why havent Telldus patched their system yet?
I'ts a little frustrating that they dont seem to have been willing/able to fix the problem in months.

Has anyone tried any other libraries that actually works with .Net and Telldus Live?

Post Reply