[twitter-dev] Re: win phone 7 xAuth
Like Taylor said, find your time offset relative to Twitter's. The WP7 Emulator timestamp is terribly off, and it is probably a good idea to keep your own offset anyway with devices that may have been off- network a long time (or in the future, zune devices which dont have a source). In my personal library (based on the real basic OAuthBase.cs) I'm grabbing the timestamp and calculating an offset from the system clock, so I only have to grab the time every so often. I didn't see if the timestamp Hammock uses is injectable though. On Sep 1, 1:21 am, Hongwei suhongwe...@gmail.com wrote: Hi guys, Does anyone know what is wrong with my code? it always returns Failed to validate oauth signature and token (it did return access token and access access secret few day ago) here is my code (I use Hammock/TweetSharp library) private const string _consumerKey = cKey; private const string _consumerSecret = cSecret; private string _userName = uName; private string _password = uPassword; Button.Click { Hammock.RestClient c = new RestClient() { Authority = https:// api.twitter.com/oauth/, HasElevatedPermissions = true, Credentials = new OAuthCredentials() { Type = OAuthType.ClientAuthentication, ConsumerKey = _consumerKey, ConsumerSecret = _consumerSecret, SignatureMethod = OAuthSignatureMethod.HmacSha1, ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader, ClientUsername = _userName, ClientPassword = _password, } }; RestRequest r = new RestRequest() { Path = access_token, }; c.BeginRequest(r, new RestCallback(Callback)); } public void Callback(Hammock.RestRequest request, Hammock.RestResponse response, object userState) { var a = response.Content; (I set debug here, and variable 'a' contains Failed to validate oauth signature and token, RestRespone.content contains 'Content' threw an exception of typeSystem.UnauthorizedAccessException } Thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: TwitPic 401 Unauthorized image upload
My guess is that is the case. It is for Twitgoo as well. In Twitgoo we are using the $_POST array in PHP, which only grabs body parameters, not querystring parameters. Thats one of those awkward things about PHP. On Jul 27, 5:30 am, globaljobber gerardn...@exciteinternet.co.uk wrote: Hi Justin, Don't suppose you have an example of a C# Httpwebrequest POST that is sent to Twitpic with an image attachment? I've actually found now that my headers are ok but from a trace have determined that the 401 error is because of 'no api key provided'. I thought it was ok to simply append parameters to the post Url? example: HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(http:// api.twitpic.com/2/upload.json?key=XXmessage=TestMessage); Or do I need to add the parameters to the post body along with the image data? Thanks Gerard On Jul 27, 6:52 am, globaljobber gerardn...@exciteinternet.co.uk wrote: Thanks for replying Justin, much appreciated. Slwly getting there - I hope! Gerard On Jul 27, 5:55 am, Justin Hart onyxra...@gmail.com wrote: Oop, it looks like you've moved on (in a different thread). I'm actually working on some OAuth stuff in C# right now so I'll let you know if I come across something. On Jul 26, 10:49 pm, Justin Hart onyxra...@gmail.com wrote: I think I see what you're doing wrong - when you're adding the X-Auth- Service-Provider and X-Verify-Credentials-Authorization to the request, those are meant to be HTTP headers, not in the multipart POST body. Twitgoo supports putting those in the post body by setting everything to lowercase and replacing - with _ (so x_auth_service_provider, etc), and I believe Twitpic does as well. I'm pretty sure everything else looks right. I have an example HTTP packet including all the headers for Twitgoo:http://twitgoo.com/docs/Content/Developer/upload.htm(Itsinthe example link 'pulldown' in the top section) On Jul 25, 11:57 pm, globaljobber gerardn...@exciteinternet.co.uk wrote: Thanks Andy, No that was just a typo on the post. I'm obviously not sending through the correct OAuth sig or something, just can't find what it is. I'm using the same mechanism to create the sig as that used to get an access token and for intial request of the request token, so not sure why this twitpic upload thing isn't working. It would be great if there were an asp.net example someone else had done but it's incredible that I can't find one on the net, First time ever not been able to find a working example! Gerard On Jul 26, 3:58 am, Andy Matsubara andymatsub...@gmail.com wrote: Just for doublechekking. Your first post showed X-Auth-Service-Provider was JSON. If you signed to https://api.twitter.com/1/account/verify_credentials.xml;, X-Auth-Service-Provider also must be XML. Andy On Sun, Jul 25, 2010 at 5:03 AM, globaljobber gerardn...@exciteinternet.co.uk wrote: Hi Andy, thanks for replying. Yes, I did sign the url as you mention. As a test, I also sent a request to https://api.twitter.com/1/account/verify_credentials.xml; From this I get authorization ok using a standard call when using an Authorization header, but as soon as I use the header X-Verify- Credentials-Authorization then I get the 401 not authorized. I created the signed request using a GET not a POST, then modify the Realm part, as instructed by other posts. The credentials were creatd using the request url of https://api.twitter.com/1/account/ verify_credentials.xml. As far as I can tell, I am doing everything correctly - but obviously not. Can't fathom what the problem is, I wish Twitter API provided more feedback for debugging. Regards Gerard On Jul 24, 12:40 pm, Andy Matsubara andymatsub...@gmail.com wrote: Did you sign to thehttps://api.twitter.com/1/account/verify_credentials.jsontogetthe credentials? The signed url must be the same as X-Auth-Service-Provider. Andy Matsubara On Sat, Jul 24, 2010 at 10:57 PM, globaljobber - Hide quoted text - - Show quoted text -gerardn...@exciteinternet.co.uk wrote: Hi, Been on this for a week. Am having trouble uploading image to Twitpic with Oauth. I get user to authenticate ok, receive access_token, etc., and then try to make a httpwebrequest POST after generating X-Verify- Credentials-Authorization string. I am always getting a 401 Unauthorized Access response. Has anyone anywhere on the planet done this with ASP.NET yet who could help? Seems no one has. Here is part of the post that I
[twitter-dev] Re: TwitPic 401 Unauthorized image upload
I think I see what you're doing wrong - when you're adding the X-Auth- Service-Provider and X-Verify-Credentials-Authorization to the request, those are meant to be HTTP headers, not in the multipart POST body. Twitgoo supports putting those in the post body by setting everything to lowercase and replacing - with _ (so x_auth_service_provider, etc), and I believe Twitpic does as well. I'm pretty sure everything else looks right. I have an example HTTP packet including all the headers for Twitgoo: http://twitgoo.com/docs/Content/Developer/upload.htm (Its in the example link 'pulldown' in the top section) On Jul 25, 11:57 pm, globaljobber gerardn...@exciteinternet.co.uk wrote: Thanks Andy, No that was just a typo on the post. I'm obviously not sending through the correct OAuth sig or something, just can't find what it is. I'm using the same mechanism to create the sig as that used to get an access token and for intial request of the request token, so not sure why this twitpic upload thing isn't working. It would be great if there were an asp.net example someone else had done but it's incredible that I can't find one on the net, First time ever not been able to find a working example! Gerard On Jul 26, 3:58 am, Andy Matsubara andymatsub...@gmail.com wrote: Just for doublechekking. Your first post showed X-Auth-Service-Provider was JSON. If you signed to https://api.twitter.com/1/account/verify_credentials.xml;, X-Auth-Service-Provider also must be XML. Andy On Sun, Jul 25, 2010 at 5:03 AM, globaljobber gerardn...@exciteinternet.co.uk wrote: Hi Andy, thanks for replying. Yes, I did sign the url as you mention. As a test, I also sent a request to https://api.twitter.com/1/account/verify_credentials.xml; From this I get authorization ok using a standard call when using an Authorization header, but as soon as I use the header X-Verify- Credentials-Authorization then I get the 401 not authorized. I created the signed request using a GET not a POST, then modify the Realm part, as instructed by other posts. The credentials were creatd using the request url of https://api.twitter.com/1/account/ verify_credentials.xml. As far as I can tell, I am doing everything correctly - but obviously not. Can't fathom what the problem is, I wish Twitter API provided more feedback for debugging. Regards Gerard On Jul 24, 12:40 pm, Andy Matsubara andymatsub...@gmail.com wrote: Did you sign to thehttps://api.twitter.com/1/account/verify_credentials.jsontogetthe credentials? The signed url must be the same as X-Auth-Service-Provider. Andy Matsubara On Sat, Jul 24, 2010 at 10:57 PM, globaljobber - Hide quoted text - - Show quoted text -gerardn...@exciteinternet.co.uk wrote: Hi, Been on this for a week. Am having trouble uploading image to Twitpic with Oauth. I get user to authenticate ok, receive access_token, etc., and then try to make a httpwebrequest POST after generating X-Verify- Credentials-Authorization string. I am always getting a 401 Unauthorized Access response. Has anyone anywhere on the planet done this with ASP.NET yet who could help? Seems no one has. Here is part of the post that I generate, including headers: --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=X-Auth-Service-Provider https://api.twitter.com/1/account/verify_credentials.json --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=X-Verify-Credentials- Authorization OAuth realm=http:// api.twitter.com/,oauth_consumer_key=9cjtDDCxlOYSSJqyp7XKzA,oauth_nonce= 6C850587,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1233928528,oauth_token=15321156-7q4tTvSwJ9oB6iWZh7 DvRjkn60eKTc1T4VRkNl4,oauth_version=1.0,oauth_signature=9FJK45EJtW4Efp nJla6S %2BGIqvuE%3D --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=message Test image upload --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=key 97bfc758472981ds9630232def4eea82 --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: file; name=media; filename=DSC_22.jpg Content-Type: image/jpeg Much appreciate any help from someone. Thanks Gerard- Hide quoted text - - Show quoted text -
[twitter-dev] Re: TwitPic 401 Unauthorized image upload
Oop, it looks like you've moved on (in a different thread). I'm actually working on some OAuth stuff in C# right now so I'll let you know if I come across something. On Jul 26, 10:49 pm, Justin Hart onyxra...@gmail.com wrote: I think I see what you're doing wrong - when you're adding the X-Auth- Service-Provider and X-Verify-Credentials-Authorization to the request, those are meant to be HTTP headers, not in the multipart POST body. Twitgoo supports putting those in the post body by setting everything to lowercase and replacing - with _ (so x_auth_service_provider, etc), and I believe Twitpic does as well. I'm pretty sure everything else looks right. I have an example HTTP packet including all the headers for Twitgoo:http://twitgoo.com/docs/Content/Developer/upload.htm(Its in the example link 'pulldown' in the top section) On Jul 25, 11:57 pm, globaljobber gerardn...@exciteinternet.co.uk wrote: Thanks Andy, No that was just a typo on the post. I'm obviously not sending through the correct OAuth sig or something, just can't find what it is. I'm using the same mechanism to create the sig as that used to get an access token and for intial request of the request token, so not sure why this twitpic upload thing isn't working. It would be great if there were an asp.net example someone else had done but it's incredible that I can't find one on the net, First time ever not been able to find a working example! Gerard On Jul 26, 3:58 am, Andy Matsubara andymatsub...@gmail.com wrote: Just for doublechekking. Your first post showed X-Auth-Service-Provider was JSON. If you signed to https://api.twitter.com/1/account/verify_credentials.xml;, X-Auth-Service-Provider also must be XML. Andy On Sun, Jul 25, 2010 at 5:03 AM, globaljobber gerardn...@exciteinternet.co.uk wrote: Hi Andy, thanks for replying. Yes, I did sign the url as you mention. As a test, I also sent a request to https://api.twitter.com/1/account/verify_credentials.xml; From this I get authorization ok using a standard call when using an Authorization header, but as soon as I use the header X-Verify- Credentials-Authorization then I get the 401 not authorized. I created the signed request using a GET not a POST, then modify the Realm part, as instructed by other posts. The credentials were creatd using the request url of https://api.twitter.com/1/account/ verify_credentials.xml. As far as I can tell, I am doing everything correctly - but obviously not. Can't fathom what the problem is, I wish Twitter API provided more feedback for debugging. Regards Gerard On Jul 24, 12:40 pm, Andy Matsubara andymatsub...@gmail.com wrote: Did you sign to thehttps://api.twitter.com/1/account/verify_credentials.jsontogetthe credentials? The signed url must be the same as X-Auth-Service-Provider. Andy Matsubara On Sat, Jul 24, 2010 at 10:57 PM, globaljobber - Hide quoted text - - Show quoted text -gerardn...@exciteinternet.co.uk wrote: Hi, Been on this for a week. Am having trouble uploading image to Twitpic with Oauth. I get user to authenticate ok, receive access_token, etc., and then try to make a httpwebrequest POST after generating X-Verify- Credentials-Authorization string. I am always getting a 401 Unauthorized Access response. Has anyone anywhere on the planet done this with ASP.NET yet who could help? Seems no one has. Here is part of the post that I generate, including headers: --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=X-Auth-Service-Provider https://api.twitter.com/1/account/verify_credentials.json --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=X-Verify-Credentials- Authorization OAuth realm=http:// api.twitter.com/,oauth_consumer_key=9cjtDDCxlOYSSJqyp7XKzA,oauth_nonce= 6C850587,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1233928528,oauth_token=15321156-7q4tTvSwJ9oB6iWZh7 DvRjkn60eKTc1T4VRkNl4,oauth_version=1.0,oauth_signature=9FJK45EJtW4Efp nJla6S %2BGIqvuE%3D --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=message Test image upload --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: form-data; name=key 97bfc758472981ds9630232def4eea82 --76a18be812b446b599adabd8c9b6fee0 Content-Disposition: file; name=media; filename=DSC_22.jpg Content-Type: image/jpeg Much appreciate any help from someone. Thanks Gerard- Hide quoted text - - Show quoted text -
[twitter-dev] Re: OAuth Echo Example (PHP)
If you dont mind the Zend Framework stuff, I've got one over here: http://pastie.org/975634 Hopefully you can translate that to whatever you're using. On May 24, 1:42 pm, Greg gregory.av...@gmail.com wrote: Hello Developers, Does anyone have any example how to use TwitPic's OAuth Echo in PHP? I've been looking all over - but I'm little confused on how to sign the request? Any takers? Thanks, Greg
[twitter-dev] Re: oAuth Echo Enabled Providers
This is now active on Twitgoo. You can see the documentation here: http://twitgoo.com/docs/Content/Developer/upload.htm On May 19, 9:05 am, Justin Hart onyxra...@gmail.com wrote: I am the lead dev on Twitgoo and I just built full echo support for 'upload' there. Its on the beta site right now, so if you want to test, please contact me for the info, otherwise it should be out by the end of the week. It will have full support of header, query string and multipart body parameters. On May 17, 2:47 pm, Rich rhyl...@gmail.com wrote: With the impending switch off of Basic Auth, should we keep a list of media providers and external services that have already made the switch to oAuth Echo. So far I've found and tested TwitPic - full oAuth Echo support TwitVid - oAuth Echo by sending as a URL parameter I know MobyPicture intend to have oAuth Echo enabled this month. Any others any one knows of?
[twitter-dev] Re: oAuth Echo Enabled Providers
I am the lead dev on Twitgoo and I just built full echo support for 'upload' there. Its on the beta site right now, so if you want to test, please contact me for the info, otherwise it should be out by the end of the week. It will have full support of header, query string and multipart body parameters. On May 17, 2:47 pm, Rich rhyl...@gmail.com wrote: With the impending switch off of Basic Auth, should we keep a list of media providers and external services that have already made the switch to oAuth Echo. So far I've found and tested TwitPic - full oAuth Echo support TwitVid - oAuth Echo by sending as a URL parameter I know MobyPicture intend to have oAuth Echo enabled this month. Any others any one knows of?
[twitter-dev] Re: DDoS Status Update
Comments inline. On Aug 7, 12:05 pm, Ryan Sarver rsar...@twitter.com wrote: *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. Does this affect POST as well as GET? The issue here is the way clients handle 30x after POST. Most clients (now by convention) do not respect the RFC (http://www.w3.org/Protocols/rfc2616/rfc2616- sec10.html#sec10.3) and will send a GET after POST always. Some clients will respect the method, but not re-post any data. We need to be sure we are all expecting the right things. How does this affect OAuth signed requests? OAuth requires knowing the HTTP Method as well as the full URI and parameters to generate signatures a priori. Most (all?) clients and libraries do not know how to handle changes in these during a redirect. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. Is there anything else we can do on the protocol level? Keepalives on/ off? Specific headers? Thanks for all your hard work. Having spent yesterday battling a rash of spambots is nothing compared to what you guys are doing. --Justin
[twitter-dev] Re: 140 character limit overridden for Twitgoo?
Hi, what app were you using? Just the website? On Jul 20, 4:20 pm, Abir abstar...@gmail.com wrote: Abraham: Thanks, but not sure I understand why the counter said 140 when i was inputting but the post count is 133? On Jul 20, 3:11 pm, Abraham Williams 4bra...@gmail.com wrote: If you look at the status you will find that it only posted at 133 characters. http://twitter.com/ABIRB123/status/2745931292 Abraham On Mon, Jul 20, 2009 at 16:36, Abir abstar...@gmail.com wrote: Guys: Just posted this on Twitgoo. -It let me post a 140 character + -The URL it is an oryx antelope, it's just a stock image from my laptop's repository. why do this? well i am testing!http://twitgoo.com/1ke92 Isn't the total limit 140 characters? or are URL's not counted? I am developing a service to buy and sell things on Twitter and this would be helpful to know. Thanks -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Background Image URL always non-empty
(was posted a while ago, but no replies) If a background image is turned off by a user, its last value is still shown in the api for the verifyCredentials and user/show actions. For example, I get this: ... profile_background_image_url http://static.twitter.com/images/themes/theme1/bg.gif /profile_background_image_url ... although I would expect to see something like this: ... profile_background_image_url/ or another field that says profile_background_image_showfalse/ profile_background_image_show
[twitter-dev] profile_background_image_url always non-empty?
This is an older post, but I saw no activity around it. I'm seeing this too. It seems that the field profile_background_image_url should either be blank or there should be another flag (like the tile flag) that says if the background_image is being shown or not. Thanks. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/0053c1c03493bf8e/a861485dad3d85de#a861485dad3d85de On Jan 20, 4:22 pm, Saša Šarunić ssaru...@gmail.com wrote: I'm not sure if this is expected behavior, but it seams like a bug to me: Even if I turn off abackgroundimagein my settings, it is still returned in call to /users/show api function. For example, I get this: ... profile_background_image_url http://static.twitter.com/images/themes/theme1/bg.gif /profile_background_image_url ... although I would expect to see something like this: ... profile_background_image_url/ ... Can someone comment on this? Sasa S.www.shoutem.com
[twitter-dev] Questions about TOS
I have a tool which will allow users to follow everyone on the #TCOT list (in batches of 25). Someone brought up a concern that this might infringe on Twitter's TOS? Any thoughts on this. see below: http://tweetforchuck.com/tcot/
[twitter-dev] Good tool or spam?
I have a tool developed for the #TCOT community which will allow a user to follow everyone on that list in batches of 25. Is this kosher or does this run up against the Twitter TOS? Here's the tool: http://tweetforchuck.com/tcot/
Reply notification?
Is there any notification we can set up for @replies?