Re: [twitter-dev] Getting Failed to validate oauth signature and token after adding an explicit oauth_callback in the request token phase

2011-08-01 Thread Ciaran 
Hi Nathan,


On Sun, Jul 31, 2011 at 5:43 AM, Nathan Rajlich nat...@tootallnate.net wrote:
 Hello all. I am using nodejs, and specifically ciranj's node-oauth[0]
 module, attempting to override the default callback URL with an
 explicit one as per the 1.0A specification changes. I'm not entirely
 sure if it's a bug with the module or just me being dumb, but after I
 changing the code from:

    request_token_url  // is set to: 'https://www.twitter.com/oauth/
 request_token'

 as the URL posting to (which works) to:

    request_token_url + '?oauth_callback=' + encode(callback)

 where 'callback' could be something like 'http://www.google.com', I
 get a 401 response code with a Failed to validate oauth signature and
 token error message.

 Any hints in the right direction would be much appreciated. Thanks in
 advance!

Just had a check through my code, and it should work just fine.  I've
placed an example working solution inline to this response :)


var  http = require('http')
   , OAuth= require('./index').OAuth
   , url = require('url')
   , consumerKey= YOUR_KEY
   , consumerSecret= YOUR_SECRET
   , callbackURL= YOUR_CALLBACK;

var oAuth= new OAuth(http://twitter.com/oauth/request_token;,
http://twitter.com/oauth/access_token;,
consumerKey,  consumerSecret,
1.0a, callbackURL, HMAC-SHA1);

http.createServer(function (req, res) {
   var urlp= url.parse(req.url, true);
   if( urlp.query  urlp.query.oauth_verifier ) {
 res.writeHead(200, {'Content-Type': 'text/plain'});
 res.end('Verification callback: ' + urlp.query.oauth_verifier +'\n');
   }
   else {
 oAuth.getOAuthRequestToken(function(error, oauth_token,
oauth_token_secret, oauth_authorize_url, additionalParameters ) {
   console.log( error );
   res.writeHead(301, {
 'Location':
http://twitter.com/oauth/authenticate?oauth_token=; + oauth_token
   });
   res.end();
 });
   }
}).listen(80, 127.0.0.1);

Hope this helps :)

- Cj.

-- 
Have you visited the Developer Discussions feature on 
https://dev.twitter.com/discussions yet?

Twitter developer links:
Documentation and resources: https://dev.twitter.com/docs
API updates via Twitter: https://twitter.com/twitterapi

Unsubscribe or change your group membership settings: 
http://groups.google.com/group/twitter-development-talk/subscribe

Re: [twitter-dev] 401 error what am i doing wrong here (user search)

2010-12-25 Thread Ciaran 
Just out of interest does your searchbterm contain commas? If so when
using twitter you'll need to encode this parameter first before
passing the URL to the client (it seems :( )
-cj

On Thursday, December 23, 2010, Cujo deko...@gmail.com wrote:
 For the last call i rewrote my code to set the Authorization
 RequestHeader to:
 OAuth realm=http%3A%2F%2Fapi.twitter.com,
 oauth_consumer_key=[mykey], oauth_signature_method=HMAC-SHA1,
 oauth_token=[accesstoken], oauth_version=1.0,
 oauth_timestamp=1293101327, oauth_nonce=b37Zm8,
 oauth_signature=[signature]

 With result:
 ?xml version=1.0 encoding=UTF-8?
 errors
   error code=32Could not authenticate you/error
 /errors
 And with responseHeaders :
 Via: 1.0 SMTTMG
 Connection: Keep-Alive
 Proxy-Support: Session-Based-Authentication
 Connection: Proxy-Support
 Transfer-Encoding: chunked
 Expires: Thu, 23 Dec 2010 08:30:06 GMT
 Date: Thu, 23 Dec 2010 08:00:06 GMT
 Content-Type: application/xml; charset=utf-8
 Server: hi
 Status: 401 Unauthorized
 WWW-Authenticate: Basic realm=Twitter API
 X-Runtime: 0.01106
 Cache-Control: no-cache, max-age=1800
 Set-Cookie: _twitter_sess=VERYLONGSIGNATUREacbd; domain=.twitter.com;
 path=/

 Does that mean the the Authorization did not come through, since the
 WWW-Authenticate says Basic?

 On 22 dec, 14:50, Cujo deko...@gmail.com wrote:
 I followed the whole oAuth chain to aquire an accesstoken for my
 application:
 Call 1:
 sent:https://api.twitter.com/oauth/request_token?oauth_consumer_key=[mykey]oauth_signature_method=HMAC-SHA1oauth_timestamp=1293014232oauth_n­once=OgIwk4oauth_signature=[signature]

 result:
 oauth_token=[token]oauth_token_secret=[tokensecret]oauth_callback_confirm­ed=true

 Call 2: (after receiving a pincode)
 sent:https://api.twitter.com/oauth/access_token?oauth_consumer_key=[mykey]oauth_token=[token]oauth_signature_method=HMAC-SHA1oauth_verifier­=[pincode]oauth_timestamp=1293014245oauth_nonce=UZN6pWoauth_signature=[s­ignature]

 result:
 oauth_token=[accesstoken]oauth_token_secret=[accesstokensecret]user_id=42­198282screen_name=kooijtje

  Call 3: (i should be able to do a search since i have an access
 token)
 sent:http://api.twitter.com/1/users/search.xml?q=[searchterm]oauth_consumer_key=[mykey]oauth_token=[accesstoken]oauth_sig­nature_method=HMAC-SHA1oauth_timestamp=1293014246oauth_nonce=nV8zJ7oauth­_signature=[signature]

 sent:http://api.twitter.com/1/users/search.xml?oauth_consumer_key=[mykey]oauth_nonce=wwQs4poauth_signature_method=HMAC-SHA1oauth_timestamp­=1293024508oauth_token=[accesstoken]oauth_version=1.0q=[Searchterm]oaut­h_signature=[signature]

 Both are giving the following 401 error with this response:
 xml version=1.0 encoding=UTF-8?
 hash
   request/1/users/search.xml?
 oauth_consumer_key=[mykey]amp;oauth_nonce=dD7PvNamp;oauth_signature_metho­d=HMAC-
 SHA1amp;oauth_timestamp=[timestamp]amp;oauth_token=[accesstoken]amp;oaut­h_version=1.0amp;q=[Searchterm]amp;oauth_signature=[signature]/
 request
   errorIncorrect signature/error
 /hash

 Currently through the lib i am using all parameters (including the q)
 are used to calculate the oauth_signature, is this wrong? Should only
 the oauth_* parameters be used? I tried this but still incorrect
 signature error.
 The algorithm for calculating seems to be signature correct since i am
 able to succesfull get an accesstoken?

 Any idea's?

 --
 Twitter developer documentation and resources: http://dev.twitter.com/doc
 API updates via Twitter: http://twitter.com/twitterapi
 Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
 Change your membership to this group: 
 http://groups.google.com/group/twitter-development-talk


-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Twitter streaming API using oauth with tracks that have spaces?

2010-11-13 Thread Ciaran 
On Fri, Nov 12, 2010 at 11:31 PM, dan dfran...@gmail.com wrote:
 By ui-encoding you mean percent-encoding?
I did mean uri-encoding ;) iphone's suck :)
-cj.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Twitter streaming API using oauth with tracks that have spaces?

2010-11-10 Thread Ciaran 
Try ui-encoding them first, my understanding of the Twitter OAuth
signature validation is that it is non-standard (although there
appears to be debate about this) I suspect if you encode them first
before signing the url it will start to work
-cj.


On Tue, Nov 9, 2010 at 6:11 PM, dan dfran...@gmail.com wrote:
 I've been having trouble connecting to the streaming API using oauth
 if my tracks have spaces. I get 401s (unauthorized). In all cases, the
 same code works if the tracks don't have spaces.

 In Java: tried twitter4j (http://twitter4j.org/jira/browse/TFJ-420)
 and tweetstream4j (http://stackoverflow.com/questions/4129622/
 connecting-to-twitter-streaming-api-with-tracks-with-spaces-using-
 apache-httpclie)

 In Python: tried tweepy (https://github.com/joshthecoder/tweepy/
 issues#issue/64)

 The Twitter example using curl (http://dev.twitter.com/pages/
 streaming_api_methods#track) works with tracks that have spaces, but
 it's basic auth.

 I am wondering if some oauth encoding versus POST param encoding is
 not working out.

 Can someone point me to a code example in Java or Python that is known
 to work connecting to the Twitter streaming API using oauth that has
 spaces in its tracks?

 Thanks in advance.

 --
 Twitter developer documentation and resources: http://dev.twitter.com/doc
 API updates via Twitter: http://twitter.com/twitterapi
 Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
 Change your membership to this group: 
 http://groups.google.com/group/twitter-development-talk


-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Streaming API, Basic Auth Ok, OAuth Unauthorized?

2010-10-25 Thread Ciaran 
Hey Bradley,

This is another instance of the the ongoing (and as yet un-answered
sadly) question I have in the mailing list about  my client (which
iirc you're using)

See :
   http://github.com/ciaranj/node-oauth/issues#issue/7
and
   
http://groups.google.co.uk/group/twitter-development-talk/browse_thread/thread/fe6e50d60d1e95fa/f06e93e761183bf1?hl=enlnk=gstq=javajunky#f06e93e761183bf1
oh and also ( :( )
   
http://groups.google.co.uk/group/twitter-development-talk/browse_thread/thread/4aedc185cee34d81?hl=en#

The bad news is twitter don't seem to want to tell me if I'm wrong, or
they're wrong (I don't care, just want to know what to fix ! :( ) ..
the good news is the work around is to url encode your parameters
before you pass them off to my client ( you won't need to do this with
any other OAuth provider I've yet come across fwiw, but if they come
back and say yes, thats deliberate, yes its different, I'll hardcode
it into the client so you don't need to worry about it *sigh* (or even
better, the client is wrong, we're right and we do it the same as
everyone else..which would be an ideal outcome) )

Take Care
- cj.


On Mon, Oct 25, 2010 at 10:20 PM, bradley.meck bradley.m...@gmail.com wrote:
 I have a simple oauth client that I use to post status updates
 currently, however, when I added the ability to track statuses with
 the Stream api using OAuth I noticed I could not connect, with
 Unauthorized 401 being the reply to anything I sent it. I looked into
 the documentation and it seems to be a simple request using the same
 OAuth style as the normal api. After searching threads I noticed the
 rate limiting and so I have left my app alone for extended periods of
 time and still I get 401s. I tested against basic auth, and the code
 worked! M, that was odd. So unless I am mistaken I am doing
 something wrong, but I am posting to the right url and mirroring my
 basic auth test to no avail. The code is at:

 http://github.com/bmeck/Simple-Bot/blob/master/modules/twitter.js
 the track() function is the boilerplate that is in question
 oa.post is a simple rest wrapper for oauth POST.

 Any help or directions as to where to go from here is much
 appreciated.

 Cheers,
 Bradley

 --
 Twitter developer documentation and resources: http://dev.twitter.com/doc
 API updates via Twitter: http://twitter.com/twitterapi
 Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
 Change your membership to this group: 
 http://groups.google.com/group/twitter-development-talk


-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Streaming API, Basic Auth Ok, OAuth Unauthorized?

2010-10-25 Thread Ciaran 
On Mon, Oct 25, 2010 at 10:53 PM, bradley.meck bradley.m...@gmail.com wrote:
 So in my case i just encodeURIComponent somewhere? I tried on the POST
 params and it did not work, nor did the 4 permutations of api-key/
 secret and access-token-key/secret.

Odd, Escaping track=+tracking.join(,)+count=0 should work ?
-cj.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Streaming API, Basic Auth Ok, OAuth Unauthorized?

2010-10-25 Thread Ciaran 
On Mon, Oct 25, 2010 at 11:28 PM, themattharris
thematthar...@twitter.com wrote:
 Hey everyone,

 So OAuth encoding can get confusing and lead to situations like this
 so i'll go through a very verbose walkthrough to hopefully explain how
 it all works.

First, thank you for taking the time to post this, I agree OAuth can
be /  is  confusing ;)


 The key section of the specification explaining this part is
 3.4.1.3.2:
    http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2

 Assuming my parameters are POST parameters and are as follows:

 key | value
 
 track | twitter
 follow | 1528912,9512582
 oauth_consumer_key | Oauth_Consumer_Key
 oauth_nonce | nonce123
 oauth_signature_method | HMAC-SHA1
 oauth_timestamp | 1288042714
 oauth_token | My_tokeN
 oauth_version | 1.0

 Now following 3.4.1.3.2
 1. Parameter names and values are encoded according to Section 3.6.
 Section 3.6 of the spec says:
 The values are then escaped using the [RFC3986] percent-encoding
 (%XX) mechanism as follows:
  *  Characters in the unreserved character set as defined by
 [RFC3986], Section 2.3 (ALPHA, DIGIT, -, ., _, ~) MUST NOT be
 encoded.
  *  All other characters MUST be encoded.
  *  The two hexadecimal characters used to represent encoded
 characters MUST be uppercase.

 Knowing this our parameters therefore become:
 key | value
 
 track | twitter
 follow | 11528912%2C9512582
 oauth_consumer_key | OauthConsumerKey
 oauth_nonce | nonce123
 oauth_signature_method | HMAC-SHA1
 oauth_timestamp | 1288042714
 oauth_token | My_tokeN
 oauth_version | 1.0

 2. The parameters are sorted by name, using ascending byte value
 ordering.  If two or more parameters share the same name, they are
 sorted by their value.

 key | value
 
 follow | 11528912%2C9512582
 oauth_consumer_key | OauthConsumerKey
 oauth_nonce | nonce123
 oauth_signature_method | HMAC-SHA1
 oauth_timestamp | 1288042714
 oauth_token | My_tokeN
 oauth_version | 1.0
 track | twitter

 3. The name of each parameter is concatenated to its corresponding
 value using an = character (ASCII code 61) as a separator, even if
 the value is empty.

 key=value
 
 follow=11528912%2C9512582
 oauth_consumer_key=OauthConsumerKey
 oauth_nonce=nonce123
 oauth_signature_method=HMAC-SHA1
 oauth_timestamp=1288042714
 oauth_token=My_tokeN
 oauth_version=1.0
 track=twitter

 4. The sorted name/value pairs are concatenated together into a single
 string by using an  character (ASCII code 38) as separator.

Indeed, Steps 1,2, 3 + 4 as described above are the ones I know from
the Spec, however on this page: http://dev.twitter.com/pages/auth %3d
and %26 are used during the concatenation process, and ...


 follow=11528912%2C9512582oauth_consumer_key=OauthConsumerKeyoauth_nonce=nonce123oauth_signature_method=HMAC-
 SHA1oauth_timestamp=1288042714oauth_token=My_tokeNoauth_version=1.0track=twitter


 This concatenated string of parameters is the result of the
 normalization part of 3.4.1.1.5. We still have to complete stage 5
 which says to encode that string.

... This step apparently does not occur ? (again according to that
web-page)... it appears that it is considered equivalent to escape the
'' and the '=' during the loop, rather than escape the whole string
at once (which will re-escape the individually escaped keys and values
as per [I believe] the spec)


 Doing this gives:
 follow%3D11528912%252C9512582%26oauth_consumer_key%3DOauthConsumerKey
 %26oauth_nonce%3Dnonce123%26oauth_signature_method%3DHMAC-
 SHA1%26oauth_timestamp%3D1288042714%26oauth_token%3DMy_tokeN
 %26oauth_version%3D1.0%26track%3Dtwitter

 In this example, assuming we are POSTing to 
 http://stream.twitter.com/1/statuses/filter.json
 with the parameters already processed - our basestring becomes:

 POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
 %2Ffilter.jsonfollow%3D11528912%252C9512582%26oauth_consumer_key
 %3DOauthConsumerKey%26oauth_nonce%3Dnonce123%26oauth_signature_method
 %3DHMAC-SHA1%26oauth_timestamp%3D1288042714%26oauth_token%3DMy_tokeN
 %26oauth_version%3D1.0%26track%3Dtwitter

 I hope that helps,
 @themattharris

It will do, if what you say is happening is what *really* happens on
the server (and that web page is wrong / or I mis-understand it) ..
then I'll have to find some other reason why escaping the url
parameters fixes things ;)

Cheery-bye, and again, thank you for taking the time to talk this through :)

-cj

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Repeat request for clarification on signing specifics of Twitter OAuth (and possible deviations from the RFC/Specs)

2010-10-21 Thread Ciaran 
Hi Folks,

Apologies for re-posting this question, but I asked (in what I though
was a fairly detailed and accurate manner :( ) a week or so ago this
question: 
http://groups.google.co.uk/group/twitter-development-talk/msg/4d858cc2d48b63aa?hl=en

Is there any chance someone is here that understands my question?
I've open bugs on my client library that I would rather like to close
or fix (depending on the outcome of this conversation!)

Many thanks

  -Cj.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Trying to use Streaming API with OAuth but times out - Suggestions?

2010-10-12 Thread Ciaran 
On Tue, Oct 12, 2010 at 3:16 AM, Bartek bart.ci...@gmail.com wrote:
 Hi there,

 I'm new to the Twitter API so forgive me if I'm missing something
 blatant.

 I just wrote a small node.js script that connects to Twitter and
 fetches the specified timeline. The library I am using for OAuth is:
 http://github.com/ciaranj/node-oauth

 If I specify a timeline outside of the Streaming API I get a full
 result - Works great!

 However, if I specify one in the Streaming API, e.g.:

 oa.getProtectedResource(http://stream.twitter.com/1/statuses/
 sample.json, GET, oauth_access_token, oauth_access_token_secret,
 function(error, data
    , response)  { ... }

 I simply get a Timed out error. If I access that same page directly
 it works fine. Tried a few times and checked the Status of Twitter,
 but no luck.

 Any advice as to what I am doing wrong?

Hiyah, this page:
http://github.com/ciaranj/node-oauth/wiki/Interacting-with-Twitter
should explain your issue.  You're using the non-streaming
method/approach to access a streaming resource :)

Cheers.
-cj

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Trying to use Streaming API with OAuth but times out - Suggestions?

2010-10-12 Thread Ciaran 
np ;)
-cj.

On Tue, Oct 12, 2010 at 12:22 PM, Bartek bart.ci...@gmail.com wrote:
 Thanks a bunch!

 On Oct 12, 5:39 am, Ciaran ciar...@gmail.com wrote:
 On Tue, Oct 12, 2010 at 3:16 AM, Bartek bart.ci...@gmail.com wrote:
  Hi there,

  I'm new to the Twitter API so forgive me if I'm missing something
  blatant.

  I just wrote a small node.js script that connects to Twitter and
  fetches the specified timeline. The library I am using for OAuth is:
 http://github.com/ciaranj/node-oauth

  If I specify a timeline outside of the Streaming API I get a full
  result - Works great!

  However, if I specify one in the Streaming API, e.g.:

  oa.getProtectedResource(http://stream.twitter.com/1/statuses/
  sample.json, GET, oauth_access_token, oauth_access_token_secret,
  function(error, data
     , response)  { ... }

  I simply get a Timed out error. If I access that same page directly
  it works fine. Tried a few times and checked the Status of Twitter,
  but no luck.

  Any advice as to what I am doing wrong?

 Hiyah, this 
 page:http://github.com/ciaranj/node-oauth/wiki/Interacting-with-Twitter
 should explain your issue.  You're using the non-streaming
 method/approach to access a streaming resource :)

 Cheers.
 -cj

 --
 Twitter developer documentation and resources: http://dev.twitter.com/doc
 API updates via Twitter: http://twitter.com/twitterapi
 Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
 Change your membership to this group: 
 http://groups.google.com/group/twitter-development-talk


-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: can't follow more than one user

2010-10-07 Thread Ciaran 
On Thu, Oct 7, 2010 at 10:04 PM, Malte malte@gmail.com wrote:
 Hi,

 because I'm using the same library and was not finding the same
 problems when connecting to site streams I looked for what I was doing
 differently: Turns out, if one URL encodes the komma in the follow
 list the OAuth connection works

 Bye
 Malte

Hi,

Yes, another user reported this as a workaround too, I'd still like
some clarification from t'twitter as to whether the client is wrong
(my current plan will be to 'if-twitter' around the signing code ;) )

Thanks for the heads up though!

-cj


 On 6 Oct, 23:38, JavaJunky ciar...@gmail.com wrote:
 Hi,

 The library in question is mine and not unreasonably Ruben has
 submitted a pull-request with his fix over on github.  Unfortunately
 this fix seems to break existing (working) OAuth consumer
 relationships :(

 I'm actually at a bit of a loss how to progress it, I've 
 read:http://dev.twitter.com/pages/auth(Signing Requests) a few times.
 I've cross-referenced againsthttp://oauth.net/core/1.0a/Sec. 9.1.1
 and even double checked 
 againsthttp://tools.ietf.org/html/rfc5849#section-3.4.1
 Sec. 3.4.1.3.2

 The last two resources appear to agree with each other, that the '='
 and the '' that join the parameter name-value pairs should appear in
 the 'plain' but then get encoded as a whole [which would re-encode any
 existing '%', hence a crucial difference in the twitter listed
 strategy]

 The important bit seems to be in the OAuth 1.0 RFC Section 3.4.1.1.
 String Construction, point 5:

    5.  The request parameters as normalized in Section 3.4.1.3.2,
 after
        being encoded (Section 3.6).

 Crucially this suggests to me that that the encoding is applied to the
 entire normalized string, which the documentation 
 athttp://dev.twitter.com/pages/auth
 seems to suggest isn't happening on the Twitter side :(

 It is (more than likely) entirely possible that I'm doing something
 incredibly stupid and obvious but is there anyone on the twitter side
 that can confirm that this deviation from the 'spec' is deliberate (or
 even better for consistency, a minor issue?)

 Many Thanks (and sorry if I'm wasting your time!)
  - Cj.

 On Oct 6, 6:31 pm, Ruben Fonseca fons...@gmail.com wrote:







  Hi John!

  On Oct 6, 5:54 pm, John Kalucki j...@twitter.com wrote:

   It might be an OAuth encoding error with the ','. Which OAuth library
   are you using?

  That was exactly the problem! I was using node-oauth (from 
  herehttp://github.com/ciaranj/node-oauth/) and realized the signature was
  being generated wrong.

  Patched the library and it now works great!! Thank you!!!

 --
 Twitter developer documentation and resources: http://dev.twitter.com/doc
 API updates via Twitter: http://twitter.com/twitterapi
 Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
 Change your membership to this group: 
 http://groups.google.com/group/twitter-development-talk


-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: can't follow more than one user

2010-10-07 Thread Ciaran 
Ah you *are* that other user! Doh :)
- cj

On Thursday, October 7, 2010, Ciaran ciar...@gmail.com wrote:
 On Thu, Oct 7, 2010 at 10:04 PM, Malte malte@gmail.com wrote:
 Hi,

 because I'm using the same library and was not finding the same
 problems when connecting to site streams I looked for what I was doing
 differently: Turns out, if one URL encodes the komma in the follow
 list the OAuth connection works

 Bye
 Malte

 Hi,

 Yes, another user reported this as a workaround too, I'd still like
 some clarification from t'twitter as to whether the client is wrong
 (my current plan will be to 'if-twitter' around the signing code ;) )

 Thanks for the heads up though!

 -cj


 On 6 Oct, 23:38, JavaJunky ciar...@gmail.com wrote:
 Hi,

 The library in question is mine and not unreasonably Ruben has
 submitted a pull-request with his fix over on github.  Unfortunately
 this fix seems to break existing (working) OAuth consumer
 relationships :(

 I'm actually at a bit of a loss how to progress it, I've 
 read:http://dev.twitter.com/pages/auth(Signing Requests) a few times.
 I've cross-referenced againsthttp://oauth.net/core/1.0a/Sec. 9.1.1
 and even double checked 
 againsthttp://tools.ietf.org/html/rfc5849#section-3.4.1
 Sec. 3.4.1.3.2

 The last two resources appear to agree with each other, that the '='
 and the '' that join the parameter name-value pairs should appear in
 the 'plain' but then get encoded as a whole [which would re-encode any
 existing '%', hence a crucial difference in the twitter listed
 strategy]

 The important bit seems to be in the OAuth 1.0 RFC Section 3.4.1.1.
 String Construction, point 5:

    5.  The request parameters as normalized in Section 3.4.1.3.2,
 after
        being encoded (Section 3.6).

 Crucially this suggests to me that that the encoding is applied to the
 entire normalized string, which the documentation 
 athttp://dev.twitter.com/pages/auth
 seems to suggest isn't happening on the Twitter side :(

 It is (more than likely) entirely possible that I'm doing something
 incredibly stupid and obvious but is there anyone on the twitter side
 that can confirm that this deviation from the 'spec' is deliberate (or
 even better for consistency, a minor issue?)

 Many Thanks (and sorry if I'm wasting your time!)
  - Cj.

 On Oct 6, 6:31 pm, Ruben Fonseca fons...@gmail.com wrote:







  Hi John!

  On Oct 6, 5:54 pm, John Kalucki j...@twitter.com wrote:

   It might be an OAuth encoding error with the ','. Which OAuth library
   are you using?

  That was exactly the problem! I was using node-oauth (from 
  herehttp://github.com/ciaranj/node-oauth/) and realized the signature was
  being generated wrong.

  Patched the library and it now works great!! Thank you!!!

 --
 Twitter developer documentation and resources: http://dev.twitter.com/doc
 API updates via Twitter: http://twitter.com/twitterapi
 Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
 Change your membership to this group: 
 http://groups.google.com/group/twitter-development-talk



-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk