The fact that Delicious has two sets of API authentications one with username and password and one with oAuth told me something about things I was going to experience and I wasn't wrong. Unfortunately I have to deal with both APIs now and am unsuccessful getting through the first hurdle of API v2 (Yahoo oAuth).
Here is a code snippet (I'm using OpenSocial in this example http://code.google.com/p/opensocial-net-client)
public static string GetRequestToken(string callbackUrl)
{
string normaluri;
string normaluriparam;
OAuthBase oAuth = new OAuthBase();
string nonce = oAuth.GenerateNonce();
string timeStamp = oAuth.GenerateTimeStamp();
string sig = oAuth.GenerateSignature(new Uri(TOKEN_URL), ConfigurationManager.AppSettings[CONSUMER_KEY],
ConfigurationManager.AppSettings[SECRET_KEY],
string.Empty,
string.Empty,
"GET",
timeStamp,
nonce,
OAuthBase.SignatureTypes.HMACSHA1,
out normaluri,
out normaluriparam);
sig = HttpUtility.UrlEncode(sig);
string result =
HttpClient.Get(TOKEN_URL, new
{
oauth_nonce = nonce,
oauth_timestamp = timeStamp,
oauth_consumer_key = ConfigurationManager.AppSettings[CONSUMER_KEY],
oauth_signature_method = "HMAC-SHA1",
oauth_signature = sig,
oauth_version = "1.0",
oauth_callback = callbackUrl
});
return result;
}
It seems it doesn't matter if I follow instructions at http://delicious.com/help/oauthapi myself of leave it to OpenSocial, I get an "401 Unauthorized" from the server with no further info.
I can see many people have the same issue but couldn't find any resolution.
The answer is "don't use HMAC-SHA1 for this stage. Also I forgot to include callbackUrl into my signature.