Automating login to our own OAuth application

Question

We have some web services with OAuth on them.

I am required to run some tests against them, preferably in an automated environment without using a browser.

The problem is logging in.

Without using a browser, and with using DotNetOpenAuth and setting the HttpContext.Current manually, I seem able to do everything and get a request token and a verifier (I use a test username and password).

I believe the next stage is to get an authorising token. Unfortunatly, no matter how I construct the request, I cannot get it to work.

At the moment, using a WebConsumer (DotNetOpenAuth library) and calling consumer.ProcessUserAuthorization() results in an error:

DotNetOpenAuth.OAuth.Messages.AuthorizedTokenRequest message: oauth_verifier

Probably the whole approach is wrong, so any help/advice would be useful.

Thanks.

Answer 1

I would recommend you skip the entire OAuth handshake and authorization step by having a test access token and access token secret that your web service's token manager always includes. Then wiring your test to also have that token pair included in its token manager, and always using that access token when authorizing your outbound calls.

Answer 2

In the end, it was a problem with cookies not being stored properly.

I was losing cookies between the login page (where the user types their username and password), and the authorise page (where the user says it is okay to share details with the third party). The second page was doing an extra check to see if the user was who they say they were (reading a cookie value that the login page was meant to have written).

It was not really an OAuth issue, just something I did not understand in the Authorising page (which has since been removed anyway - c'est la vie).

I then had issues with the domains of the cookies (when the domain starts with a ‘.’). This post helped me:

CookieContainer bug?

I ended up copying cookies from one domain to another.