OAuth1Authenticator does not encode ConsumerKey in the authorization header

[TrendCare-Alex]

Read this first!

Important

• Please do not use GitHub issues to ask question about using RestSharp.
• Ensure to read the Get help docs page at https://restsharp.dev/get-help/ before opening an issue/
• Issues not following our contribution guidelines will be marked as invalid and closed in three days.

Expected Behavior

Client.Authenticator = OAuth1Authenticator.ForRequestToken("Consumer+Key/Containing+Reserved+Characters",
                                                            "************",
                                                            OAuthSignatureMethod.HmacSha256);

//  After Client.Authenticator.Authenticate  - Normally performed by Client.Execute(request)

var authHeaderIndex = _request.Parameters.FindIndex(p => p.Name == "Authorization");

_request.Parameters[authHeaderIndex].Value = OAuth Oauth_consumer_key="Consumer%2bKey%2fContaining%2bReserved%2bCharacters",oauth_nonce="i15e67he0d8ycww8",oauth_signature="****************************",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1637878986",oauth_version="1.0"

Actual Behavior

Client.Authenticator = OAuth1Authenticator.ForRequestToken("Consumer+Key/Containing+Reserved+Characters",
                                                            "ConsumerSecret",
                                                            OAuthSignatureMethod.HmacSha256);

//  After Client.Authenticator.Authenticate  - Normally performed by Client.Execute(request)

var authHeaderIndex = _request.Parameters.FindIndex(p => p.Name == "Authorization");

_request.Parameters[authHeaderIndex].Value = OAuth Oauth_consumer_key="Consumer+Key/Containing+Reserved+Characters",oauth_nonce="i15e67he0d8ycww8",oauth_signature="OAuthSignature",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1637878986",oauth_version="1.0"

Steps to Reproduce the Problem

1. Create an Authenticator on the RestClient Authenticator with a Consumer Key containing reserved characters.
2. Invoke the Authenticate method on the Authenticator
3. Check the value of the Authorization Header produced by the Authenticate method.

I have been able to get around this problem by doing the following:

Client.Authenticator = OAuth1Authenticator.ForRequestToken("Consumer+Key/Containing+Reserved+Characters",
                                                            "ConsumerSecret",
                                                            OAuthSignatureMethod.HmacSha256);

Client.Authenticator.Authenticate(Client, _request);
Client.Authenticator = null;

var authHeaderIndex = _request.Parameters.FindIndex(p => p.Name == "Authorization");

_request.Parameters[authHeaderIndex].Value = _request.Parameters[authHeaderIndex].Value.ToString().Replace("Consumer+Key/Containing+Reserved+Characters",
    HttpUtility.UrlEncode(Consumer+Key/Containing+Reserved+Characters));

Client.Execute(_request);

Specifications

• Version: RestSharp 106.12.0
• Platform: .NET Framework 4.7 Console application
• Subsystem:

StackTrace

[alexeyzimarev]

If you made it work, please submit a PR to fix it.

[TrendCare-Alex]

The way I got it working is a bit of a hack. I don't have the time right now to dive into the source code and submit a proper fix.

Maybe during the Christmas break, but I can't promise anything.

[alexeyzimarev]

Please note that _request.Parameters[authHeaderIndex].Value would never return an encoded value as encoding happens when the actual request is formed. RestSharp doesn't change parameter values, which should never be encoded.

[alexeyzimarev]

I think v107 latest preview should work. I added encoding to the consumer key, which wasn't there before.

[alexeyzimarev]

I am now not even sure it's a valid issue. Header values normally aren't encoded. When I started to encode header values by default, lots of things got broken. Nevertheless, it doesn't seem to be important enough as there's no follow up.