Support for LinkedIn Field-Selector Notation

[nariman-haghighi]

Trying to make calls like [1]:

http://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry)

I'm not sure RestSharp properly handles these scenarios as I receive a 401 unauthorized with either of these cases:

                    request = new RestRequest("v1/people/~{fields}", Method.GET);
                    request.AddParameter("fields", ":(id,first-name,last-name,industry)", ParameterType.UrlSegment);
                    request.AddParameter("format", "json");

Or

request = new RestRequest("v1/people/~:(id,first-name,last-name,industry)", Method.GET);

But have no trouble accessing:

request = new RestRequest("v1/people/~", Method.GET);

Which leads to me to believe that the 401 is not on the LinkedIn side but on how the request is formatted.

[1] - https://developer.linkedin.com/documents/field-selectors

[nariman-haghighi]

This is definitely tied to how RestSharp produces OAuth signatures for colons, commas. Issue is discussed here as well:

http://developer.linkedin.com/forum/linkedin-api-401-unauthorised-when-using-field-selectors
http://stackoverflow.com/questions/7428585/linkedin-api-401-unauthorised-when-using-field-selectors

[johnsheehan]

Can you provide a sample for what RestSharp is generating vs. what LinkedIn is expecting using Fiddler or something?

[nariman-haghighi]

Using {"test", "test1", "test2", "test3"} and the URL "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry)", this is what LinkedIn is expecting:

Signature Base StringGET&https%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~%3A%28id%2Cfirst-name%2Clast-name%2Cindustry%29&oauth_consumer_key%3Dtest%26oauth_nonce%3D3upexa5us22omios%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1332072190%26oauth_token%3Dtest2%26oauth_version%3D1.0

SignatureZ1tHqnUwnfltzBAi8mlTV02n+dY=

HTTP Authentication HeaderOAuth oauth_nonce="3upexa5us22omios" oauth_timestamp="1332072190" oauth_version="1.0" oauth_signature_method="HMAC-SHA1" oauth_consumer_key="test" oauth_token="test2" oauth_signature="Z1tHqnUwnfltzBAi8mlTV02n%2BdY%3D"

And this is what RestSharp is producing:

GET https://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry) HTTP/1.1
Authorization: OAuth oauth_consumer_key="test",
oauth_nonce="or0y18psk1ooau8l",
oauth_signature="zKQJ9c11BA3MX%2F4QWIgp0n%2FHe60%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1332072190",
oauth_token="test2",
oauth_version="1.0"
Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml
User-Agent: RestSharp 102.7.0.0
Host: api.linkedin.com
Accept-Encoding: gzip, deflate

[nariman-haghighi]

With a noonce set to 3upexa5us22omios, the singature should definitely be Z1tHqnUwnfltzBAi8mlTV02n+dY=.

I tested another oAuth library, and it produced this correctly.

I believe the oAuth implementation of RestSharp is not currently encoding the URL portion.

It should be applying something like:

    public string UrlEncode(string value)
    {
        StringBuilder result = new StringBuilder();

        foreach (char symbol in value)
        {
            if (unreservedChars.IndexOf(symbol) != -1)
            {
                result.Append(symbol);
            }
            else
            {
                result.Append('%' + String.Format("{0:X2}", (int)symbol));
            }
        }

        return result.ToString();
    }

Where:

protected string unreservedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~";

[devatwork]

I have located the bug. It is caused by the misunderstood implementation of Uri.EscapeDataString. The default implementation does only RFC 2396, not the required RFC 3986.

In the case of the LinkedIN field selector the charachters '(' and ')' are not reserved in RFC 2396 but are in RFC 3986. I have fixed this by implementing an upgrade as described in http://stackoverflow.com/questions/846487/how-to-get-uri-escapedatastring-to-comply-with-rfc-3986.

See pull request #250 for the fix.

[ayoung]

Done.