Getting information with Token. OAuth

I am creating an app to get information from Fitbit.com using OAuth.

protected void btnConnect_Click(object sender, EventArgs e)
    {
        // Create OAuthService object, containing oauth consumer configuration
        OAuthService service = OAuthService.Create(
            new EndPoint(RequestTokenUrl, "POST"),         // requestTokenEndPoint
            new Uri(AuthorizationUrl),                     // authorizationUri
            new EndPoint(AccessTokenUrl, "POST"),          // accessTokenEndPoint
            true,                                          // useAuthorizationHeader
            "http://app.fitbit.com",                       // realm
            "HMAC-SHA1",                                   // signatureMethod
            "1.0",                                         // oauthVersion
            new OAuthConsumer(ConsumerKey, ConsumerSecret) // consumer
            );

        try
        {
            var personRepository = new PersonRepository();

            var person = personRepository.GetPersonById(int.Parse(personSelect.SelectedItem.Value));



            OAuthRequest request = OAuthRequest.Create(
                new EndPoint(ProfileUrl, "GET"),
                service,
                this.Context.Request.Url,
                //this.Context.Session.SessionID);
                person.FitbitAuthAccessToken,
                );

            request.VerificationHandler = AspNetOAuthRequest.HandleVerification;

            OAuthResponse response = request.GetResource();

            // Check if OAuthResponse object has protected resource
            if (!response.HasProtectedResource)
            {
        开发者_如何学JAVA        var token = new OAuthToken(TokenType.Request, person.FitbitAuthAccessToken,
                    person.FitbitAuthSecret, ConsumerKey);
                // If not we are not authorized yet, build authorization URL and redirect to it
                string authorizationUrl = service.BuildAuthorizationUrl(response.Token).AbsoluteUri;
                Response.Redirect(authorizationUrl);
            }


            person.FitbitAuthAccessToken = response.Token.Token;
            person.FitbitAuthSecret = response.Token.Secret;
            person.PersonEncodedId = Doc["result"]["user"]["encodedId"].InnerText;
            personRepository.Update(person);

            // Store the access token in session variable
            Session["access_token"] = response.Token;
        }
        catch (WebException ex)
        {
            Response.Write(ex.Message);
            Response.Close();
        }
        catch (OAuthRequestException ex)
        {
            Response.Write(ex.Message);
            Response.Close();
        }
    }

I save Fitbit Access Token and Secret in database.

How can I get information using just Access token and secret, without authorizing every time?

This would assume that the FitBit api was robust enough to not quire authentication every single time. I have seen API's implementing OAuth where you have an authentication process, then from there most of your calls simply require the AccessToken or secret. I would look at the method signatures for the service and see what types of parameters they are requiring.

If you look at the FitBit API about authentication and accessing resources, you will see that you just need to request the data you are interested in and add in the oAuth header with the access token. Here is what it should look like (from the API page):

GET /1/user/-/activities/date/2010-04-02.json HTTP/1.1
Host: api.fitbit.com
Authorization: OAuth realm="api.fitbit.com",
oauth_consumer_key="fitbit-example-client-application",
oauth_token="8d3221fb072f31b5ef1b3bcfc5d8a27a",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1270248088",
oauth_nonce="515379974",
oauth_signature="Gf5NUq1Pvg3DrtxHJyVaMXq4Foo%3D"
oauth_version="1.0"`

The base signature string will look like:

GET&http%3A%2F%2Fapi.fitbit.com%2F1%2Fuser%2F-%2Factivities%2Fdate%2F2010-04-02.json&oauth_consumer_key%3Dfitbit-example-client-application%26oauth_nonce%3D515379974%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1270248088%26oauth_token%3D8d3221fb072f31b5ef1b3bcfc5d8a27a%26oauth_version%3D1.0

I figured I'd offer my VerifyAuthenticationCore that is part of my FitbitClient that inherits from OAuthClient. It took me a while to get this working but I found that I was missing HttpDeliveryMethods.AuthorizationHeaderRequest when I was creating the web request. Adding this allowed the call to stop returning bad request (400) error messages.

The code below is basically using the user id and the access token to get the user profile information. All calls should basically work this way. All you would need to do is change the url and provide the id and token.

protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response)
    {
        string username;
        var accessToken = response.AccessToken;
        var userId = response.ExtraData["encoded_user_id"];
        var httpWebRequest = WebWorker.PrepareAuthorizedRequest(new MessageReceivingEndpoint(new Uri("http://api.fitbit.com/1/user/" + userId + "/profile.json"), HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.GetRequest), accessToken);
        var dictionary = new Dictionary<string, string>();
        dictionary.Add("accesstoken", accessToken);
        dictionary.Add("link", "http://www.fitbit.com/user/" + userId);

        using (var webResponse = httpWebRequest.GetResponse())
        {
            using (var stream = webResponse.GetResponseStream())
            using (var reader = new StreamReader(stream))
            {
                var profile = JObject.Parse(reader.ReadToEnd())["user"];
                dictionary.AddItemIfNotEmpty("name", profile["displayName"]);
                dictionary.AddItemIfNotEmpty("pictureUrl", profile["avatar"]);
                username = dictionary["name"];
            }
        }

        return new AuthenticationResult(true, ProviderName, userId, username, dictionary);
    }