ghostshadow189

Hi guys, I tried to do these below steps: 1- Make request to session of third-party server -> I got back many things, include oauth_token and oauth_token_secret 2- Make request to temporary token of the server -> I got back 1 more oauth_token 3- Make request to authorization of third-party server (with 2 oauth_token), but in this step, the third-party server always send back to me the "401 Unauthorized" error. Thanks for your helps!

Hi guys, I'm making an VB.NET application that allow user to log in to a server that use the third-party OAuth service from another server. I got the log in packets like below: 1st packet: POST [b]/1st_url_session_third-party_service[/b] HTTP/1.1 Content-Length: 175 Content-Type: application/x-www-form-urlencoded Host: [b]{third-party.com}[/b] Connection: Keep-Alive User-Agent: {user_agent} Accept-Encoding: gzip Accept: application/json Authorization: OAuth oauth_consumer_key="{key}",oauth_nonce="65L3uQ",oauth_signature="lHCIs%2Bs3Z7MVnm1FUfS6cqOmu0g%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1374631148",oauth_token="",oauth_version="1.0" device_type=Android&gamertag={user_name}&os_version=Android%2F2.3.4&id=299460019936710&timezone=US%2FPacific+%28PDT%29+offset+-25200+%28Daylight%29&locale=en_US&password={password} [b]RESPONSE:[/b] HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Status: 200 X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7 ETag: "e020bab1c8fba99afa673e244dca99a6" X-Runtime: 104 Set-Cookie: _gserver_session=87179e7e3d437fdec0a8ffbe6c70bcf6; domain=.mobage.com; path=/; HttpOnly Cache-Control: private, max-age=0, must-revalidate Server: nginx/1.0.4 + Phusion Passenger 3.0.7 (mod_rails/mod_rack) Content-Encoding: gzip 2nd packet: GET [b]{request_temporary_token_from_server}[/b] HTTP/1.1 Host: [b]{server_address.com}[/b] Connection: Keep-Alive User-Agent: android-async-http/1.3.1 (http://loopj.com/android-async-http) Accept-Encoding: gzip HTTP/1.1 200 OK Server: Apache Content-Length: 39 Content-Type: text/html; charset=UTF-8 Date: Wed, 24 Jul 2013 01:59:08 GMT Connection: keep-alive Set-Cookie: sid=1ec7e5c1e857485d3360efa211907408; expires=Thu, 24-Jul-2014 01:59:08 GMT; path=/ {"oauth_token":"opAofEAcrowlhRra5ZnEA"} [b]this is from the this same packet, i don't understand this one?[/b] POST [b]{confirm_the_token_to_server}[/b] HTTP/1.1 Content-Length: 176 Content-Type: application/x-www-form-urlencoded Host: [b]{server_address.com}[/b] Connection: Keep-Alive User-Agent: android-async-http/1.3.1 (http://loopj.com/android-async-http) Cookie: sid=1ec7e5c1e857485d3360efa211907408 Cookie2: $Version=1 Accept-Encoding: gzip sdk_version=1.0&verifier=o0O2TuptfCCfs9s4wVMiXA&app_version=2.0&oauth_token=opAofEAcrowlhRra5ZnEA&platform_os_version=2.3.4&client_type=native-android&device_id=299460019936710 [b]RESPONSE:[/b] HTTP/1.1 200 OK Server: Apache Content-Length: 64 Content-Type: text/html; charset=UTF-8 Date: Wed, 24 Jul 2013 01:59:09 GMT Connection: keep-alive Set-Cookie: sid=1ec7e5c1e857485d3360efa211907408; expires=Thu, 24-Jul-2014 01:59:09 GMT; path=/ {"success":true,"session_id":"1ec7e5c1e857485d3360efa211907408"} 3rd packet: POST [b]{authorize_to_third-party_service}[/b] HTTP/1.1 Content-Length: 45 Content-Type: application/x-www-form-urlencoded Host: [b]{third-party_service.com}[/b] Connection: Keep-Alive User-Agent: {user_agent} Accept-Encoding: gzip Accept: application/json Authorization: OAuth oauth_consumer_key="{oauth_consumer_key}",oauth_nonce="w3B5Il",oauth_signature="fmaNFn0D6Q0noUx6ta8CLmWMMfc%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1374631150",oauth_token="KLNv6QGM3yauDy1eI37mKw",oauth_version="1.0" authorize=1&oauth_token=opAofEAcrowlhRra5ZnEA HTTP/1.1 200 OK Content-Length: 58 Content-Type: application/json Req-Id: 22ba3bdc64 {"success":true,"oauth_verifier":"o0O2TuptfCCfs9s4wVMiXA"} Like you see above, I really don't understand the 2nd packet. Cus' you've to get oauth_verifier from the 3rd packet before you post request to confirm the token. Is this something like Asynchronous request? What should I do with this situation? Thanks you for all your helps! I really appareciate it!