Re: [twitter-dev] 401 Unauthorized in Python/Twisted app
Hi Taylor, Thank you for your response. Originally, I did forget to add an oauth_timestamp field. I've since included one, but still have the same problem. I modified my app to dump out the base string. Here's what I got: GEThttps%3A%2F%2Fuserstream.twitter.com%2F2%2Fuser.jsondelimited%3Dlength%26oauth_nonce%3D05963995484855701581311629784779%26oauth_timestamp%3D1309276024%26oauth_version%3D1.0 Does that look right? Eryn On 2011-06-27, at 08:10, Taylor Singletary wrote: Hi Eryn, I'm not too familiar with the Twisted framework or its implementation of OAuth, so take what I recommend with a grain of salt. * Access tokens generated through the OAuth flow on Twitter, regardless of the technique used (PIN code, xAuth, vanilla OAuth) are long-lived and do not expire until the end-user makes an explicit effort to revoke the access. You store the access token and access token secret. * While OAuth in theory should just work when it works in one spot, there's a great amount of variation in the amount of wrongness that given services will tolerate when evaluating the credentials. Long- term, we're working to normalize the entire validation procedure across all of our services, but in reality the streaming API and the REST API use different OAuth engines to evaluate the validity of the request -- the streaming API's OAuth verification is considerably stricter than the REST API's more forgiving implementation. * I notice that your authorization header is missing a oauth_timestamp parameter -- is that a copy and paste error? Do you know how to locate the OAuth signature base string in the Python library you are using -- it can often be buried under private or protected methods but the string is invaluable in debugging issues like this. Thanks, Taylor On Jun 24, 7:54 pm, Eryn Wells e...@3b518c.com wrote: Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection tohttps://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Documentation for streaming events
Hi all, Is there any documentation for the various events a client can receive via the user and/or streaming APIs? Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized in Python/Twisted app
An interesting note, perhaps. I was writing unit tests last night to check my OAuth implementation. I was able to connect and retrieve data via the regular API (api.twitter.com), but I still have the 401 issue when trying to connect to the user stream API. On 2011-06-24, at 19:54, Eryn Wells wrote: Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection to https://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] 401 Unauthorized in Python/Twisted app
Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection to https://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk