How to use OAuth2 in RestSharp

c# rest curl oauth-2.0 restsharp
Dimitris picture Dimitris · May 9, 2015 · Viewed 41.9k times · Source

After a couple of days sorting out OAuth2 at the server-end (Spring java) I started working on the client written in C#. I am using RestSharp to call my web API but I am having real difficulty with the OAuth2. There is hardly any documentation and the few examples I found online do not work. Can someone provide me a code sample that is up to date and that I can use?

So far I have the following:

var client = new RestClient("http://example.com/myapi/oauth/token");
RestRequest request = new RestRequest() { Method = Method.POST };

request.AddHeader("Content-Type", "application/json");
request.AddParameter("grant_type", "client_credentials");
request.AddParameter("client_id", "client-app");
request.AddParameter("client_secret", "secret");

var response = client.Execute(request);

I am simply running this code in debug mode and when I look into the response I get unauthorized.

When I do curl on the console with the same parameters it works fine but it seems I can't make this to work in C#. Here is the curl command:

curl -H "Accept: application/json" client-app:[email protected]/myapi/oauth/token -d grant_type=client_credentials

By the way, I have replaced my true API urls and other information with placeholders.

Answer

Paul Samsotha picture Paul Samsotha · May 9, 2015

See RFC 6749 - 4.4.2. Client Credentials - Access Token Request

Here is the basic format of the request

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

Your cURL request

curl -H "Accept: application/json" \
     -d grant_type=client_credentials \
     client-app:[email protected]/myapi/oauth/token

The reason your cURL command works

  1. Default Content-Type (if not specified) with POST (default when you use -d switch) is application/x-www-form-urlencoded

  2. Default authentication type, if not specified, is Basic. The username and password are passed either through the -u option or in the URL

    -u username:password (client-app:secret)

-- or put it in the url --

client-app:[email protected]/myapi/oauth/token

    You could also specify the auth type with --basic or --digest

You can use the -v switch in your cURL command to see all the headers involved in the request.

RestSharp fix:

  1. Set the Content-Type to application/x-www-form-urlencoded

  2. Add the Basic authentication

    client.Authenticator = new HttpBasicAuthenticator("client-app", "secret");

  3. Get rid of

    request.AddParameter("client_id", "client-app");
request.AddParameter("client_secret", "secret");

  4. Set the Accept header to application/json

Related questions

How do I make calls to a REST API using C#?

This is the code I have so far: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System; using System.Net.Http; using System.Web; using System.Net; using System.IO; namespace ConsoleProgram { public class Class1 { …

Read More
How do you set the Content-Type header for an HttpClient request?

I'm trying to set the Content-Type header of an HttpClient object as required by an API I am calling. I tried setting the Content-Type like below: using (var httpClient = new HttpClient()) { httpClient.BaseAddress = new Uri("http://example.com/"); httpClient.DefaultRequestHeaders.…

Read More
Setting Authorization Header of HttpClient

I have an HttpClient that I am using for a REST API. However I am having trouble setting up the Authorization header. I need to set the header to the token I received from doing my OAuth request. I saw …

Read More