How to use client credentials with Hammock and Spring Security OAuth?

Tag: silverlight-4.0 , spring-security , oauth-2.0 Author: zhucongstc Date: 2011-02-24

I am trying to use client/password credentials with Hammock against Spring Security OAuth.

I set the Credentials property on my RestClient and then try to do the next request (a get call to a url that only people with ROLE_USER can access and that returns JSON).

When Hammock makes the call it adds all these headers and parameters but none of them are picked up by the Spring Security Filter and now I'm left wondering which technology I'm abusing. The documentation for both Hammock and Spring Security OAuth is very bad IMHO.

This is what Hammock sends to the server:

GET http://car-share.com/user/inbox.php?x_auth_mode=client_auth&x_auth_username=guest%40example.com&x_auth_password=guest HTTP/1.1
Accept: */*
Accept-Language: nl-BE
Referer: file:///C:/Users/Bloodsplatter/IdeaProjects/CarpoolWeb/Desktop/Carpool/Bin/Debug/Carpool.xap
Accept-Encoding: identity
Authorization: OAuth oauth_consumer_key="desktop_6d6f8ac1bb5720bb44a097e0bf403072fb5bf26423452be1ac99759898264189",oauth_nonce="cju5ktjvzhposyvj",oauth_signature="YtQgLqJmIO%2BBv5oBH7VV7ksvpyw%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1299925485",oauth_version="1.0",
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: car-share.com
Connection: Keep-Alive

I have come to the conclusion that Hammock is trying to use OAuth 1.0 but our service uses OAuth 2.0 . All the headers are different.

Question: How can I make Hammock use OAuth 2.0?

Other Answer1

Yes, you can, you just can't use the OAuthCredentials object. Instead you have to add the parameters individually, like this:

var client = new RestClient
{
    Authority = "https://test.salesforce.com"
};

var request = new RestRequest
{
    Path = "/services/oauth2/token",
    Method = Hammock.Web.WebMethod.Post
};

request.AddParameter("grant_type", "password");
request.AddParameter("client_id", _userKey);
request.AddParameter("client_secret", _userSecret);
request.AddParameter("username", _userName);
request.AddParameter("password", _password);

Also, don't forget to set the Content-Type tag:

request.AddHeader("Content-Type", "application/x-www-form-urlencoded");