/*

Example showing how an OAuth 1.0a signed request to Scribo might be constructed.

​

References: 

https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature

https://tools.ietf.org/html/rfc5849#section-3.4

http://oauthbible.com/#signed-requests

*/

using System;

using System.Collections.Generic;

using System.Linq;

using System.Security.Cryptography;

using System.Text;

using System.Web;

using Newtonsoft.Json;

​

namespace ScriboExample

{

    class Program

    {

        static void Main(string[] args)

        {

            var parameters = new Dictionary<string, string>();

            // Request info

            var input = new

            {

                StudentEmail = "student100@school33.ep.com",

                AssignmentId = "123456",

                AssignmentTitle = "Book Report on Pride and Prejudice - 20/june 2019 - Mr Woser - Class 10A",

                AssignmentText = "abcd-> ",

                TeacherEmail = "teacher20@school33.ep.com"

            };

            parameters.Add("student_email", input.StudentEmail);

            parameters.Add("assignment_id", input.AssignmentId);

            parameters.Add("assignment_title", input.AssignmentTitle);

            parameters.Add("assignment_text", input.AssignmentText);

            parameters.Add("teacher_email", input.TeacherEmail);

            var requestMethod = "POST";

            var url = "https://www.example.org/";

            // OAuth parameters

            var consumerKey = "abc123";

            var consumerSecret = "123abc";

            var token = string.Empty; // Assuming one-legged, we don't need to deal with getting a token

            var nonce = Guid.NewGuid().ToString("N");

            var timeStamp = Math.Truncate((DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds).ToString();

            var oAuthVersion = "1.0";

            var signatureMethod = "HMAC-SHA256";

​

            // All the OAuth parameters except the secret are part of the signature

            parameters.Add("oauth_token", token);

            parameters.Add("oauth_consumer_key", consumerKey);

            parameters.Add("oauth_nonce", nonce);

            parameters.Add("oauth_timestamp", timeStamp);

            parameters.Add("oauth_version", oAuthVersion);

            parameters.Add("oauth_signature_method", signatureMethod);

            var parameterString = BuildParameterString(parameters);

            Console.WriteLine("Parameter string:");

            Console.WriteLine(parameterString);

            Console.WriteLine();

​

            var signatureBaseString = BuildSignatureBaseString(requestMethod, url, parameterString);

            Console.WriteLine("Signature Base String:");

            Console.WriteLine(signatureBaseString);

            Console.WriteLine();

​

            // Signing key is percent-encoded secret, followed by &, followed by the percent-encoded token

            var signingKey = $"{HttpUtility.UrlEncode(consumerSecret)}&{HttpUtility.UrlEncode(token)}";

​

            string signatureBase64 = GenerateSignature(signingKey, signatureBaseString);

​

            Console.WriteLine("Signature:");

            Console.WriteLine(signatureBase64);

            Console.WriteLine();

            parameters.Add("oauth_signature", signatureBase64);

            // oauth_* parameters could either be sent in the Authorization header or as part of the request body

            // Body could be sent as application/json or application/x-www-form-urlencoded.

            var requestJson = JsonConvert.SerializeObject(parameters, Formatting.Indented);

            Console.WriteLine("Request body:");

            Console.WriteLine(requestJson);

        }

​

        private static string GenerateSignature(string signingKey, string signatureBaseString)

        {

            // Using HMAC-SHA256 here but could be anything we agree on

            using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(signingKey)))

            {

                var signatureBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(signatureBaseString));

​

                return Convert.ToBase64String(signatureBytes);

            }

        }

        private static string BuildSignatureBaseString(string requestMethod, string requestUrl, string parameterString)

        {

            // See "Creating the signature base string" section in Twitter docs.

            requestMethod = requestMethod.ToUpperInvariant();

            var encodedUrl = HttpUtility.UrlEncode(requestUrl);

            var encodedParamString = HttpUtility.UrlEncode(parameterString);

​

            return $"{requestMethod}&{encodedUrl}&{encodedParamString}";

        }

​

        private static string BuildParameterString(Dictionary<string, string> parameters)

        {

            // See "Collecting parameters" section in Twitter docs.

            var encodedSorted = parameters.Select(kvp => (Key: HttpUtility.UrlEncode(kvp.Key), Value: HttpUtility.UrlEncode(kvp.Value)))

                .OrderBy(t => t.Key);

            var builder = new StringBuilder();

​

            var first = true;

​

            foreach (var (key, value) in encodedSorted)

            {

                if (!first)

                {

                    builder.Append("&");

                }

                else

                {

                    first = false;

                }

​

                builder.Append(key);

                builder.Append("=");

                builder.Append(value);

            }

​

            return builder.ToString();

        }

    } 

}