Over the weekend, I wrote an actionscript library for client implementations of OAuth. It’s currently untested, but I’d love to see a few people help me keep it up to date & bug free, if anyone’s interested.
Upcoming Events
Over the weekend, I wrote an actionscript library for client implementations of OAuth. It’s currently untested, but I’d love to see a few people help me keep it up to date & bug free, if anyone’s interested.
Very cool!!! I was hoping to work on this but never got to it, so thanks for posting it.
=Ryan
rstewart@adobe.com
Great stuff! I was dreading having to write one of these myself! If I run into any issues you can expect some patches…
Kiall
Great work. I found a couple issues and I would be happy to get involved with the project. I’m hanging out in #flex on efnet
Thanks for the effort.
Hi
Are there any examples of using this about?
Im new to OAuth and just brushing up on my as skills, having a bit of trouble working out how to get this working.
Thanks
Edd
Hi
I’m trying to use this great library with MySpace Open Social API, but i’m having a problem with getting the right ‘oauth_signature’.
MySpace provide developers with OAuth Testing Tool and when i request the request token from the tool page, it always works.
I tried to use the same value for all the required parameters(oauth_consumer_key, oauth_nonce, oauth_signature_method, oauth_timestamp) but ‘oauth_signature’ never matches with the one MySpace testing tool generates from those parameters. So my request always ends up with 401(“signature_invalid”).
I went through the library code and it all looks fine to me.
Is anyone having the same problem?
Thanks,
Takashi
Just a follow up on my previous post.
If i delegate the HMAC_SHA1 encoding part to OAuth JavaScript Library(http://oauth.googlecode.com/svn/code/javascript), using External Interface, everything works.
So I believe there is something wrong with the implementation of AS3 HMAC_SHA1 encoding.
Takashi:
as3crypto library works fine – tested versus PHP
I noticed someone asked about this but there’s no response. Does anyone have a working example or some instructions they can provide on how to use this set of classes?
I have no examples at the moment.
It would be really useful to have a simple working example to show… surely if you’ve tested it you could provide us with something? I’m running into problems with crypto… fails to generate the signature everytime and i cannot fathom why.
thanks
[...] to add OpenID to your Flex applications. And for those of you interested in OAuth, iotashan has an OAuth-AS3 library that works pretty [...]
Thanks for building this. I’m a little confused on doing POST methods.
for POST, do we only need to say:
var request:OAuthRequest = new OAuthRequest(“POST”, ….) ?
Do I need to modify anything here:
url = request.buildRequest
(new OAuthSignatureMethod_HMAC_SHA1(), OAuthRequest.RESULT_TYPE_URL_STRING);
Thanks!
Hey man thanks for this. However, are there examples anywhere? I’m trying to use this with the Twitter API because not of the Twitter Libraries for AS3 support OAuth yet
Any ideas? thanks
hey!, any good tutorial for this api?
This code doesn’t quite seem to work yet — at least not for POST updates. Maybe it’s the Crypto library, maybe not, but I haven’t had any luck against Twitter’s /statuses/update.xml yet, though GETs look fine so far. The culprit indeed looks like Crypto, but I’m not 100% sure yet.
If I come up with a solution, I’ll post back. Many thanks, though — there’s a lot of good work here nonetheless.
Aha! If anyone’s having issues with POSTing to Twitter with this library (specifically getting a 401 response accompanied by the message “Failed to validate oauth signature or token” on posting to /statuses/update.*), I’ve found a fix: getSignableParameters() neglects to URL-encode its parameter values, so the signatures don’t match.
Changing this line in OAuthRequest.as (my line 194):
aParams.push(param + “=” + _requestParams[param].toString());
… to this:
aParams.push(param + “=” + URLEncoding.encode(_requestParams[param].toString()));
… did the trick. Hope it helps! I lost a good several hours on this one.
@Chris:
I made & checked in your change. Thanks for contributing!
For anyone trying to POST to Twitter, or maybe any other oAuth application, make sure to use URLRequest and URLLoader to load your data. Also, make sure to set:
URLRequest.data = oAuth.buildRequest(new OAuthSignatureMethod_HMAC_SHA1(), “post”);
Do NOT use the urlVariables option and DO NOT use HTTPService if you are doing this in Flex as I was. The HTTPService incorrectly orders and encodes the POST data and I could not find a way around it. Hope this helps someone else!
@Daniel:
I’m going to look into this. I know that urlVariables does not encode strings according to the oAuth spec. I probably should just take that option out of the buildRequest() method.
@Shan: Thanks for incorporating my change! I’d like to join the Google Code project as well if possible. Could you contact me? I’m cnunciato on Twitter — just followed you as well. Thanks man. Cheers and thanks again for the good work!
I’ve been trying to use the package to perform a POST to the /statuses/update.xml function on Twitter. After banging my head for several hours, I found that the URLEncoding class is encoding spaces to pluses. So, “This is a test” ends up being “This+is+a+test”. While this is normally fine, that is not the URL encoding spec that Twitter uses and it causes a failure of the signature verification during the /status/update.xml. I changed my local copy to use “%20″ and it works perfectly now.
Thanks for all your hard work!!
@Vapor:
I’ve modified the URLEncoding class to allow for you to pick between + or %20, and it defaults now to %20.
Shan
I am trying to put together this oauth library with MySpace opensocial client. If someone has done that before, would you mind sharing some sample code? Thanks in advance.
Twitter just changed authentication for desktop clients. Now the user got a key which he has to put into your app and you have to add {oauth_verifier:THE_PIN} as requestParameter.
@Sönke: Yeah, it’s the new oAuth standard. Pretty much everyone will be doing it now. I’ll update when I get time.
Hi,
Thanks so much for this library, it’s been fantastic for my little twitter app I’m building in AIR. However there is one thing that is worrying me now. Do we have to go and get the user to log in EVERY time they open the local AIR app to get a new pin? I’ve done some testing and it appears that this is the case.
Is there anyway that we can save details locally so we can avoid this as this is a horrible user experience.
Sorry – I’m new to OAuth and I’m still getting my head around it.
Cheers in advance!
Tim
Hey all,
I have noticed a few requests for an example, but, at last, no example has been officially given. At the risk of sounding redundant, could you please post a example of the implementation library. This would really really really help.
Thanks,
Ryan
I have build a high level AS3/Flex library which uses your awesome library: http://github.com/srohde/OAuth/tree/master
I also have no public example yet but will blog something this week.
[...] a bit of research a came across the awesome open source library oauth-as3. There were no examples yet but I remembered an Email from my friend Claus with a link to this [...]
I played around with this library and came across a bug when using UTF-8 and extended characters. Using encodeURIComponent (http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/package.html) instead of the included URLEncoding library solved them for me.
Cheers.
Rob Linton, your solution is not completely good. Yes, we can use encodeURIComponent() instead of the URLEncoding library and we can use extended characters. But in this case, we can not use special characters, such as: “!”, “*”, possibly some others.
I understand the problem with extended UTF-8 chracters. I can offer a solution, which I posted in my blog:
http://blog.dborisenko.com/en/2009/09/04/extended-utf-8-in-oauth-actionscript-library/
[...] library of Iotashan doesn’t work correct with Extended UTF-8 characters. If you use this characters (for example, [...]
I just made Denis’s changes, and committed it to the project. Thanks again, Denis!
http://code.google.com/p/oauth-as3/source/detail?r=13
thanks for this great library. I’ve used it for my SoundCloud API wrapper
http://github.com/dasflash/Soundcloud-AS3-API/
But I had to make one change to get it to work with the SoundCloud API: The parameter names of the signed parameters need to be URL-encoded as well before signing them. That’s probably almost never a problem because almost nobody uses special characters in the parameter name, but SoundCloud does
e.g. playlist[title]=foo
You can simply change line 182 of OAuthRequest class to:
aParams.push( URLEncoding.encode(param) + “=” + URLEncoding.encode(_requestParams[param].toString()));
and everything works fine
hey! It’s me again
I didn’t draw attention the first time, but for some reason the character «\\» was not displayed in my post. To be exactly sure, it is better to copy the methods from this file.
Thanks,
Denis
As Denis noted, there is a serious problem with the recent UTF-8 fix in URLEncoding.as. Here’s the fix for anyone until it gets updated in the project source….
In URLEncoding.as, I believe….
string = string.replace(/rn/g,’n');
string = string.replace(/r/g,’n');
… is supposed to be …
string = string.replace(/\r\n/g,’\n’);
string = string.replace(/\r/g,’\n’);
This causes significant issues if you are encoding any string the has an
‘r’ in it.
Also… if you grab Denis’s original file linked in his post, you need to change…
package com.dborisenko.utils
{
public class URLUtil
… to …
package org.iotashan.utils
{
public class URLEncoding
{
.. in order to use it in oauth-as3 and save it to the src/org/iotashan/utils folder.
Rob
Rob thanks for your great fidings, I hope this helps me with Shan’s lib. If anyone needs OAuth debugging tools, check this out:
MySpace OAuth Debugging Tool:
http://wiki.developer.myspace.com/index.php?title=OAuth_Testing_Tool
Official OAuth libs with example services in many langs: http://code.google.com/p/oauth/
test ride here: http://term.ie/oauth/example/
Google are returning me a request token of “4%252FcMF4t6Bc0i_ojIjMtZ4l1tB3ut4x” which plays havoc with subsequent url encoding! Notice the “%” included in the token. Are Google at fault here?
More info on my issue here: http://code.google.com/p/oauth-as3/issues/detail?id=7