This forum is in read-only mode. The new forum is live at and registrations are open!

OAuth Verifier Generation Code (C#)

  • I saw on the GitHub a request for this added. I thought it was an interesting idea and i decided to add it.

    If anyone is interested this is all you have to do. To add it just add this to your blockfunction.cs inside of Rurilib.

    You will need Microsoft.IdentityModel.Tokens (Available on Nuget.) That package makes it easier to generate URL safe Base64 Encodes.

                    case Function.GenerateOAuthVerifier:
                        byte[] number = new byte[32];
                        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
                        string encodedStr = Base64UrlEncoder.Encode(number);
                        outputString = encodedStr;

    Anyone who wants to use this has my permission to do so, have fun with it.

    EDIT: I forgot you will need to add this to around line 147.

            /// <summary>Generates an OAuth Verfier.</summary>

    EDIT2: Revised some of the code

  • Admin

    Nice. What exactly is this for? Can you make an example of a use case?

  • 🤔
    a 32 Byte Random String encoded in Base64.

    Why not just Function Randomstring + Function Base64Encode ?

    @ruri I think It is meant generate the nonce for OAuth
    though I noticed that some implementations don't want totally random nonces but stuff like

    FUNCTION CurrentUnixTime -> VAR "TIME" 
    FUNCTION Base64Encode "<MD5NONCE>" -> VAR "BASENONCE" 
    FUNCTION Substring "0" "32" "<BASENONCE>" -> VAR "NONCE" 

    Seen this to be used in "real world"

  • Mod

    we love you meinname. what a cutie 😉

  • @Ruri OAuth requires a Code Verifer and Code Challenge to be sent in order to get an Auth Bearer token at times. I mainly just made this to cut down on the amount of blocks per config. You can do the same with the included functions or JS or IronPython. I just wanted to cut down on blocks. Also IronPython heavily degrades performance which is what I was using before.

  • Admin

    Ah okay. Wouldn't it be better to add a function that actually generates a full OAuth signature rather than just a part of it? Anyways thanks for the addition, I don't think I will add it to master as I was thinking to make a function that generates the full signature not just the nonce.

  • @Ruri the reason I don't have one that generates the full thing is because they are sometimes sent separately. EX: verifier is sent in url and challenge is sent in the post data. I originally had it generate the full signature but came across that issue

  • Admin

    Interesting, I see

Log in to reply