[twitter-dev] Re: /oauth/request_token - Can't get one
I need to know, is this corner dead cause i got a response in less
then a few hours in the bug department and i can't get any help with
this at all.
Am i missing some information? then please tell me, i'll feed you with
whatever you want, i'm a developer and i'm developing core functions
and API's so i can bring up whatever output data you need... urm yea,
i'm desperate!
On Jun 28, 10:30 pm, DoXiD anton.do...@gmail.com wrote:
And this is what my sign_key_base looks like:
POSThttp%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_tokenoauth_consumer_key%3Dp...8pw%26oauth_nonce
%3D1309289330%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1309289330%26oauth_version%3D1.0
On Jun 28, 8:40 pm, DoXiD anton.do...@gmail.com wrote:
After talking with a nice guy at the IRC channel he mentioned that i
needed to sort my headers and my POST data.
Sad and done, i sorted my things but still didn't help, any other
suggestions?
Here's a output (readable version) of my
HEAD+POST:http://pastebin.com/H8uSuEd0
On Jun 28, 5:31 pm, DoXiD anton.do...@gmail.com wrote:
First off, i'm uncertain which keys i can and can not post, so i'll
obscure them.
My main problem is that i don't know which keys to send to the
request_token.
Here is that i'm trying to send:
(Note: time matches the servers, i've made sure of that)
(Note: I have checked so that _all_ my keys are correct)
(Note: I've also made sure that the signature matches up to my content
of POST)
POST /oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce=1309272106, oauth_callback=,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106,
oauth_consumer_key=pk...8pw, oauth_token=,
oauth_signature=T5...5pQ%3D, oauth_version=1.0
User-Agent: InetCheck
Host: api.twitter.com
Keep-Alive: 115
Content-Length: 171
oauth_callback=oauth_consumer_key=pk...
8pwoauth_nonce=1309272106oauth_signature_method=HMAC-
SHA1oauth_timestamp=1309272106oauth_token=oauth_version=1.0
After tat i recive either Failed to validate oauth signature and
token or just a 401 return code.
I'm trying to get my hands dirty here by developing my own API for
Python.
I know there are some out there but i don't like em + i don't trust
other people.
So i'm running Python2.6.5
And i'm using the modules:
from socket import *
from time import time, gmtime
from random import randint
import base64
import hashlib
import hmac
import urllib
(i know, you're not supposed to do from m import * but i'm just
making some basic code for a skeleton atm).
The code to generate the header + POST data:
(again, just a skeleton, ugly code, will be fixed when i got a working
copy)
dstr = ''
if data:
dstr += ''
for k in ('oauth_callback', 'oauth_consumer_key',
'oauth_nonce',
'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
'oauth_version'):
if not k in data: raise KeyError(Missing
+ k + , please
specify it at the login)
dstr += k + '=' + data[k] + ''
dstr = dstr[:-1]
secr = self.keySet[1]
sign_key_base = 'POST' + '' + urllib.quote_plus('http://
api.twitter.com/oauth/request_token') + ''
sign_key_base += urllib.quote_plus(dstr)
print 'Using sign base:'
print '\t' + sign_key_base + '\n'
print '\t Key:'
print '\t\t', [data['consumer_secret'] + '']
print '\t\t', [hmac.new(data['consumer_secret'] + '',
sign_key_base, hashlib.sha1).digest()]
print '\t\t',
[base64.encodestring(hmac.new(data['consumer_secret']
+ '', sign_key_base, hashlib.sha1).digest())]
secr =
urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
'', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
print '\t\t', [secr], '\n'
ret = 'POST ' + URL + ' HTTP/1.1\r\n'
ret += 'Content-Type:
application/x-www-form-urlencoded\r\n'
ret += 'Authorization: OAuth oauth_nonce=' +
data['oauth_nonce'] +
', '
ret += 'oauth_callback=' + data['oauth_callback'] + ', '
ret += 'oauth_signature_method=HMAC-SHA1, '
ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', '
ret += 'oauth_consumer_key=' +
data['oauth_consumer_key'] + ', '
ret += 'oauth_token=' + data['oauth_token'] + ', '
ret += 'oauth_signature=' + secr + ', '
ret += 'oauth_version=1.0\r\n'
ret += 'User-Agent: InetCheck\r\n
[twitter-dev] /oauth/request_token - Can't get one
First off, i'm uncertain which keys i can and can not post, so i'll
obscure them.
My main problem is that i don't know which keys to send to the
request_token.
Here is that i'm trying to send:
(Note: time matches the servers, i've made sure of that)
(Note: I have checked so that _all_ my keys are correct)
(Note: I've also made sure that the signature matches up to my content
of POST)
POST /oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce=1309272106, oauth_callback=,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106,
oauth_consumer_key=pk...8pw, oauth_token=,
oauth_signature=T5...5pQ%3D, oauth_version=1.0
User-Agent: InetCheck
Host: api.twitter.com
Keep-Alive: 115
Content-Length: 171
oauth_callback=oauth_consumer_key=pk...
8pwoauth_nonce=1309272106oauth_signature_method=HMAC-
SHA1oauth_timestamp=1309272106oauth_token=oauth_version=1.0
After tat i recive either Failed to validate oauth signature and
token or just a 401 return code.
I'm trying to get my hands dirty here by developing my own API for
Python.
I know there are some out there but i don't like em + i don't trust
other people.
So i'm running Python2.6.5
And i'm using the modules:
from socket import *
from time import time, gmtime
from random import randint
import base64
import hashlib
import hmac
import urllib
(i know, you're not supposed to do from m import * but i'm just
making some basic code for a skeleton atm).
The code to generate the header + POST data:
(again, just a skeleton, ugly code, will be fixed when i got a working
copy)
dstr = ''
if data:
dstr += ''
for k in ('oauth_callback', 'oauth_consumer_key',
'oauth_nonce',
'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
'oauth_version'):
if not k in data: raise KeyError(Missing + k
+ , please
specify it at the login)
dstr += k + '=' + data[k] + ''
dstr = dstr[:-1]
secr = self.keySet[1]
sign_key_base = 'POST' + '' + urllib.quote_plus('http://
api.twitter.com/oauth/request_token') + ''
sign_key_base += urllib.quote_plus(dstr)
print 'Using sign base:'
print '\t' + sign_key_base + '\n'
print '\t Key:'
print '\t\t', [data['consumer_secret'] + '']
print '\t\t', [hmac.new(data['consumer_secret'] + '',
sign_key_base, hashlib.sha1).digest()]
print '\t\t',
[base64.encodestring(hmac.new(data['consumer_secret']
+ '', sign_key_base, hashlib.sha1).digest())]
secr =
urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
'', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
print '\t\t', [secr], '\n'
ret = 'POST ' + URL + ' HTTP/1.1\r\n'
ret += 'Content-Type: application/x-www-form-urlencoded\r\n'
ret += 'Authorization: OAuth oauth_nonce=' +
data['oauth_nonce'] +
', '
ret += 'oauth_callback=' + data['oauth_callback'] + ', '
ret += 'oauth_signature_method=HMAC-SHA1, '
ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', '
ret += 'oauth_consumer_key=' + data['oauth_consumer_key'] +
', '
ret += 'oauth_token=' + data['oauth_token'] + ', '
ret += 'oauth_signature=' + secr + ', '
ret += 'oauth_version=1.0\r\n'
ret += 'User-Agent: InetCheck\r\n'
ret += 'Host: ' + host + '\r\n'
ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr)) +
'\r\n
\r\n' + dstr
Please help me, it's getting on my nerves this oAuth stuff,
really never ever came in contact with it until Twitter, sure it looks
like a good security implementation but atm i don't like it :/
Any help is apritiated.
Also, validated my oauth_signature and content via:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
Everyting matches up against what i'm sending to the server.
So if Twitter follows that standard it should all be good.
I don't know tho if i should skip oauth_callback since it's an empty
string anyways, or if i should skip oauth_token because i don't have
one (also a empty string).
--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: /oauth/request_token - Can't get one
After talking with a nice guy at the IRC channel he mentioned that i
needed to sort my headers and my POST data.
Sad and done, i sorted my things but still didn't help, any other
suggestions?
Here's a output (readable version) of my HEAD+POST:
http://pastebin.com/H8uSuEd0
On Jun 28, 5:31 pm, DoXiD anton.do...@gmail.com wrote:
First off, i'm uncertain which keys i can and can not post, so i'll
obscure them.
My main problem is that i don't know which keys to send to the
request_token.
Here is that i'm trying to send:
(Note: time matches the servers, i've made sure of that)
(Note: I have checked so that _all_ my keys are correct)
(Note: I've also made sure that the signature matches up to my content
of POST)
POST /oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce=1309272106, oauth_callback=,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106,
oauth_consumer_key=pk...8pw, oauth_token=,
oauth_signature=T5...5pQ%3D, oauth_version=1.0
User-Agent: InetCheck
Host: api.twitter.com
Keep-Alive: 115
Content-Length: 171
oauth_callback=oauth_consumer_key=pk...
8pwoauth_nonce=1309272106oauth_signature_method=HMAC-
SHA1oauth_timestamp=1309272106oauth_token=oauth_version=1.0
After tat i recive either Failed to validate oauth signature and
token or just a 401 return code.
I'm trying to get my hands dirty here by developing my own API for
Python.
I know there are some out there but i don't like em + i don't trust
other people.
So i'm running Python2.6.5
And i'm using the modules:
from socket import *
from time import time, gmtime
from random import randint
import base64
import hashlib
import hmac
import urllib
(i know, you're not supposed to do from m import * but i'm just
making some basic code for a skeleton atm).
The code to generate the header + POST data:
(again, just a skeleton, ugly code, will be fixed when i got a working
copy)
dstr = ''
if data:
dstr += ''
for k in ('oauth_callback', 'oauth_consumer_key',
'oauth_nonce',
'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
'oauth_version'):
if not k in data: raise KeyError(Missing +
k + , please
specify it at the login)
dstr += k + '=' + data[k] + ''
dstr = dstr[:-1]
secr = self.keySet[1]
sign_key_base = 'POST' + '' + urllib.quote_plus('http://
api.twitter.com/oauth/request_token') + ''
sign_key_base += urllib.quote_plus(dstr)
print 'Using sign base:'
print '\t' + sign_key_base + '\n'
print '\t Key:'
print '\t\t', [data['consumer_secret'] + '']
print '\t\t', [hmac.new(data['consumer_secret'] + '',
sign_key_base, hashlib.sha1).digest()]
print '\t\t',
[base64.encodestring(hmac.new(data['consumer_secret']
+ '', sign_key_base, hashlib.sha1).digest())]
secr =
urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
'', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
print '\t\t', [secr], '\n'
ret = 'POST ' + URL + ' HTTP/1.1\r\n'
ret += 'Content-Type: application/x-www-form-urlencoded\r\n'
ret += 'Authorization: OAuth oauth_nonce=' +
data['oauth_nonce'] +
', '
ret += 'oauth_callback=' + data['oauth_callback'] + ', '
ret += 'oauth_signature_method=HMAC-SHA1, '
ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', '
ret += 'oauth_consumer_key=' + data['oauth_consumer_key'] +
', '
ret += 'oauth_token=' + data['oauth_token'] + ', '
ret += 'oauth_signature=' + secr + ', '
ret += 'oauth_version=1.0\r\n'
ret += 'User-Agent: InetCheck\r\n'
ret += 'Host: ' + host + '\r\n'
ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr))
+ '\r\n
\r\n' + dstr
Please help me, it's getting on my nerves this oAuth stuff,
really never ever came in contact with it until Twitter, sure it looks
like a good security implementation but atm i don't like it :/
Any help is apritiated.
Also, validated my oauth_signature and content
via:http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
Everyting matches up against what i'm sending to the server.
So if Twitter follows that standard it should all be good.
I don't know tho if i should skip oauth_callback since it's an empty
string anyways, or if i should skip oauth_token because i don't have
one (also a empty string).
--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues
