Log in to server that use third-party OAuth service?

[ghostshadow189]

Hi guys,

I'm making an VB.NET application that allow user to log in to a server that use the third-party OAuth service from another server.

I got the log in packets like below:
1st packet:

POST [B]/1st_url_session_third-party_service[/B] HTTP/1.1
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Host: [B]{third-party.com}[/B]
Connection: Keep-Alive
User-Agent: {user_agent}
Accept-Encoding: gzip
Accept: application/json
Authorization: OAuth oauth_consumer_key="{key}",oauth_nonce="65L3uQ",oauth_signature="lHCIs%2Bs3Z7MVnm1FUfS6cqOmu0g%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1374631148",oauth_token="",oauth_version="1.0"

device_type=Android&gamertag={user_name}&os_version=Android%2F2.3.4&id=299460019936710&timezone=US%2FPacific+%28PDT%29+offset+-25200+%28Daylight%29&locale=en_US&password={password}

[B]RESPONSE:[/B]
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
ETag: "e020bab1c8fba99afa673e244dca99a6"
X-Runtime: 104
Set-Cookie: _gserver_session=87179e7e3d437fdec0a8ffbe6c70bcf6; domain=.mobage.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/1.0.4 + Phusion Passenger 3.0.7 (mod_rails/mod_rack)
Content-Encoding: gzip

2nd packet:

GET [B]{request_temporary_token_from_server}[/B] HTTP/1.1
Host: [B]{server_address.com}[/B]
Connection: Keep-Alive
User-Agent: android-async-http/1.3.1 (http://loopj.com/android-async-http)
Accept-Encoding: gzip


HTTP/1.1 200 OK
Server: Apache
Content-Length: 39
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Jul 2013 01:59:08 GMT
Connection: keep-alive
Set-Cookie: sid=1ec7e5c1e857485d3360efa211907408; expires=Thu, 24-Jul-2014 01:59:08 GMT; path=/

{"oauth_token":"opAofEAcrowlhRra5ZnEA"}

[B]this is from the this same packet, i don't understand this one?[/B]
POST [B]{confirm_the_token_to_server}[/B] HTTP/1.1
Content-Length: 176
Content-Type: application/x-www-form-urlencoded
Host: [B]{server_address.com}[/B]
Connection: Keep-Alive
User-Agent: android-async-http/1.3.1 (http://loopj.com/android-async-http)
Cookie: sid=1ec7e5c1e857485d3360efa211907408
Cookie2: $Version=1
Accept-Encoding: gzip

sdk_version=1.0&verifier=o0O2TuptfCCfs9s4wVMiXA&app_version=2.0&oauth_token=opAofEAcrowlhRra5ZnEA&platform_os_version=2.3.4&client_type=native-android&device_id=299460019936710

[B]RESPONSE:[/B]
HTTP/1.1 200 OK
Server: Apache
Content-Length: 64
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Jul 2013 01:59:09 GMT
Connection: keep-alive
Set-Cookie: sid=1ec7e5c1e857485d3360efa211907408; expires=Thu, 24-Jul-2014 01:59:09 GMT; path=/

{"success":true,"session_id":"1ec7e5c1e857485d3360efa211907408"}

3rd packet:

POST [B]{authorize_to_third-party_service}[/B] HTTP/1.1
Content-Length: 45
Content-Type: application/x-www-form-urlencoded
Host: [B]{third-party_service.com}[/B]
Connection: Keep-Alive
User-Agent: {user_agent}
Accept-Encoding: gzip
Accept: application/json
Authorization: OAuth oauth_consumer_key="{oauth_consumer_key}",oauth_nonce="w3B5Il",oauth_signature="fmaNFn0D6Q0noUx6ta8CLmWMMfc%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1374631150",oauth_token="KLNv6QGM3yauDy1eI37mKw",oauth_version="1.0"

authorize=1&oauth_token=opAofEAcrowlhRra5ZnEA
HTTP/1.1 200 OK
Content-Length: 58
Content-Type: application/json
Req-Id: 22ba3bdc64

{"success":true,"oauth_verifier":"o0O2TuptfCCfs9s4wVMiXA"}

Like you see above, I really don't understand the 2nd packet. Cus' you've to get oauth_verifier from the 3rd packet before you post request to confirm the token.
Is this something like Asynchronous request?
What should I do with this situation?

Thanks you for all your helps! I really appareciate it!

 

[ghostshadow189]

Hi guys,

I tried to do these below steps:

1- Make request to session of third-party server -> I got back many things, include oauth_token and oauth_token_secret
2- Make request to temporary token of the server -> I got back 1 more oauth_token
3- Make request to authorization of third-party server (with 2 oauth_token), but in this step, the third-party server always send back to me the "401 Unauthorized" error.

Thanks for your helps!