Bug in Telldus Live! OAuth implementation?

[sverkerf]

I have tried to create an application to experiment with accessing Telldus Live! Unfortunately this has been unsuccessful.

I'm developing in Dot Net, using the DotNetOpenAuth library. Using Fiddler2, I've been able to capture the communication between my application and Telldus Live!. It seems the response I get is not according to standard.

This is my request:

GET http://api.telldus.com/oauth/requestTok ... sumer_key=...actual data removed...&oauth_nonce=voRmRh4V&oauth_signature_method=HMAC-SHA1&oauth_signature=...actual data removed...&oauth_version=1.0&oauth_timestamp=1347795428 HTTP/1.1
User-Agent: DotNetOpenAuth.Core/4.0.0.0
Host: api.telldus.com
Connection: Keep-Alive

This is the response:

HTTP/1.1 200 OK
Date: Sun, 16 Sep 2012 11:33:28 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze1
Set-Cookie: PHPSESSID=4egjobtr0e42cbbikthms1ej35; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 154
Content-Type: application/x-www-form-urlencoded

oauth_callback_confirmed=1&oauth_token=...actual data removed...&oauth_token_secret=...actual data removed...&xoauth_token_ttl=3600

Upon this response, I get an exception from DotNetOpenAuth:

Error while reading message 'DotNetOpenAuth.OAuth.Messages.UnauthorizedTokenResponse' parameter 'oauth_callback_confirmed' with value '1'.

I've checked the OAuth RFC, and found this:

oauth_callback_confirmed
MUST be present and set to "true". The parameter is used to
differentiate from previous versions of the protocol.

When I intercept and edit the response using Fiddler and change the value to 'true' instead of '1', my application continues.

oauth_callback_confirmed=true&oauth_token=...actual data removed...&oauth_token_secret=...actual data removed...&xoauth_token_ttl=3600

My conclusion is that the response does not comply with the standard. Please fix!

[PerM]

You should probably file a support ticket here: http://telldus.com/support/index

Telldus responds to those quicker than questions asked on the forum.

[micke.prag]

http://developer.telldus.com/ticket/244

[brewman]

Sverkerf do you think you could post a code example how you implemented openauth? I know it doesn't work just now but I am curious if I implemented it right and this is the bug that does it to not work.
Kind regards / Brewman

[sverkerf]

Sure.

It's a desktop app, one Button called button1 and one TextBox called resultsBox.
I have run it only as far as to get that error message about an unexpected reply from Telldus' server. I intended to extend it successively, eventually writing code to actually do something, but since the communication still isn't working, I'm stuck.

Sverker


using System;
using System.Diagnostics;
using System.Windows.Forms;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth;
using DotNetOpenAuth.OAuth.ChannelElements;
using DotNetOpenAuth.OAuth.Messages;

namespace TelldusDesktopTestApplication
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}

private void button1_Click(object sender, EventArgs e)
{
try
{
var accessTokenEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/accessToken/", HttpDeliveryMethods.GetRequest);
var requestTokenEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/requestToken/", HttpDeliveryMethods.GetRequest);
var userAuthorizationEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/authorize/", HttpDeliveryMethods.GetRequest);
var serviceProviderDescription = new ServiceProviderDescription
{
AccessTokenEndpoint = accessTokenEndpoint,
RequestTokenEndpoint = requestTokenEndpoint,
UserAuthorizationEndpoint = userAuthorizationEndpoint,
ProtocolVersion = ProtocolVersion.V10,
TamperProtectionElements = new ITamperProtectionChannelBindingElement[] {new HmacSha1SigningBindingElement()}
};
var tokenManager = new InMemoryTokenManager();
tokenManager.ConsumerKey = "<my public key from Telldus>";
tokenManager.ConsumerSecret = "<my private key from Telldus>";

var desktopConsumer = new DesktopConsumer(serviceProviderDescription, tokenManager);

// protocol version 1.0
string requestToken;
Uri authorizeUrl = desktopConsumer.RequestUserAuthorization(null, null, out requestToken);
Process.Start(authorizeUrl.AbsoluteUri);
MessageBox.Show(this, "Click OK when you've authorized the app.");
AuthorizedTokenResponse authorizationResponse = desktopConsumer.ProcessUserAuthorization(requestToken, null);
string accessToken = authorizationResponse.AccessToken;

var resourceEndpoint = new MessageReceivingEndpoint("http://api.telldus.com/oauth/accessToken", HttpDeliveryMethods.GetRequest);
using (
IncomingWebResponse resourceResponse = desktopConsumer.PrepareAuthorizedRequestAndSend(resourceEndpoint, accessToken))
{
resultsBox.Text = resourceResponse.GetResponseReader().ReadToEnd();
}
}
catch (Exception exp)
{
resultsBox.Text = string.Format("{0}\n{1}", exp.Message, exp.StackTrace);
}
}
}
}

[Jotar]

Hi,
my first post here

I have just downloaded OAuth, built a little test application, and of course got the same error.
It's fine to use the privately created keys while testing, but I would like to have the possibility to share a working app or functioning code.

When I look at the ticket created and follow the link to oauth-php, they have posted a patch for this.
Clearly that is an admission to a miss in implementing the standard?!
So why havent Telldus patched their system yet?
I'ts a little frustrating that they dont seem to have been willing/able to fix the problem in months.

Has anyone tried any other libraries that actually works with .Net and Telldus Live?