Re: [twitter-dev] Re: statuses/update: Expect: 100-Continue header rejected
Interestingly, last night when I was doing testing I noticed Twitter was rejecting my Expect: 100-Continue header the same way you stated below. Today, Twitter is accepting the header. I'm going to comment it out of my code for now so I don't get unexpected results later. THe payloads are usually so small that the 100-continue behavior shouldn't be needed. On Thu, May 20, 2010 at 5:47 PM, Richard Barnett richard.d.barn...@gmail.com wrote: On May 20, 10:38 pm, Cameron Kaiser spec...@floodgap.com wrote: I've been playing with oacurlhttps:// code.google.com/apis/buzz/v1/oacurl.html and tried to use it to send a tweet. oacurl sends Expect: 100-Continue but Twitter rejects this with we only allow the 100-continue expectation. Is this fixable, or avoidable in the meantime? (I know about twurl, but oacurl seems generic - can I use twurl to make oauth calls to MySpace?) Just change the header to simply send a blank Expect:. With regular cURL a simple -H Expect: will work. Thanks for your reply. Although oacurl supports -H like curl, using -H Expect: adds a second Expect: header to the request, the Twitter server still fails because of Expect: 100-Continue. I'll raise the oacurl bug with one of the authors, but that still leaves a bug in Twitter's handling of Expect:. /c/download: echo status=Testing+oacurl | java -cp oacurl-1.0.0.jar com.google.oacurl.Fetch -X POST -H Expect: -v http://api.twitter.com/1/statuses/update.json POST /1/statuses/update.json HTTP/1.1 Content-Type: application/atom+xml Expect: Authorization: OAuth oauth_token=34507306-fJYSoMdju3Vv9SecfdyCUbYu5JdlIPLyaVN3xElNw, oauth_consumer_key=FFUZwLopTkug9Dlj1KamA, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1274396737, oauth_nonce=571291495191528, oauth_version=1.0, oauth_signature=CqiI%2FY%2Br96PGVPkCSClqnkmfHAo%3D Transfer-Encoding: chunked Host: api.twitter.com Connection: Keep-Alive User-Agent: Apache-HttpClient/4.0 (java 1.5) Expect: 100-Continue status=Testing+oacurl[\n] -- Richard
Re: [twitter-dev] OAuth issues with some POSTs only
I think you have the same problem I posted about yesterday. In your base
string the '%' chars of the status are supposed to also be escaped. Here is
an example from my app
My status update string
timestamp:1274472570 Rejoice! I am done debugging :-).
POSThttp%3A%2F%2Fapi.twitter.com
%2F1%2Fstatuses%2Fupdate.xmloauth_consumer_key%%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%x%26oauth_version%3D1.0%26status%3Dtimestamp
%253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
See how the '%' char is also escaped to %25?
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
Re: [twitter-dev] OAuth issues with some POSTs only
quickly one more thing, i twould also be cool to get some more details about
what exactly went wrong when the server side validation of the signature
fails. All you get now is 'Invalid Signature' and there are quite a few
things you could get wrong in developing that signature.
On Fri, May 21, 2010 at 1:11 PM, Mike Dice mikedice...@gmail.com wrote:
I think you have the same problem I posted about yesterday. In your base
string the '%' chars of the status are supposed to also be escaped. Here is
an example from my app
My status update string
timestamp:1274472570 Rejoice! I am done debugging :-).
POSThttp%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fupdate.xmloauth_consumer_key%%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%x%26oauth_version%3D1.0%26status%3Dtimestamp
%253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
See how the '%' char is also escaped to %25?
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
Re: [twitter-dev] OAuth issues with some POSTs only
That will be very helpful. Thanks Taylor.
On Fri, May 21, 2010 at 1:20 PM, Taylor Singletary
taylorsinglet...@twitter.com wrote:
Mike,
We're going to be a lot more informative on signature generation errors in
the near future -- we have a newer implementation of OAuth 1.0a waiting in
the wings that will provide the signature base string we generated on a
failed request. More details when the staggered release of that is drawing
near.
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
On Fri, May 21, 2010 at 1:14 PM, Mike Dice mikedice...@gmail.comwrote:
quickly one more thing, i twould also be cool to get some more details
about what exactly went wrong when the server side validation of the
signature fails. All you get now is 'Invalid Signature' and there are quite
a few things you could get wrong in developing that signature.
On Fri, May 21, 2010 at 1:11 PM, Mike Dice mikedice...@gmail.com wrote:
I think you have the same problem I posted about yesterday. In your base
string the '%' chars of the status are supposed to also be escaped. Here is
an example from my app
My status update string
timestamp:1274472570 Rejoice! I am done debugging :-).
POSThttp%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fupdate.xmloauth_consumer_key%%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%x%26oauth_version%3D1.0%26status%3Dtimestamp
%253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
See how the '%' char is also escaped to %25?
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
Re: [twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
I will write my own if I have to. But before I do, I'd like to understand as many details as possible about the specifics of Twitter's RFC 3986 behavior. In my experience with RFC specs, they usually provide a lot of detail but they almost always leave some of those details to be interpreted by implementors and those interpretations are not always the same. No spec is perfect. On Thu, May 20, 2010 at 1:28 PM, Cameron Kaiser spec...@floodgap.comwrote: FYI - I am writing a .Net based library and so I currently use System.Uri.EscapeDataString http://msdn.microsoft.com/en-us/library/system.uri.escapedatastring.aspx to do my escaping I don't know what that routine is, but if it's not RFC 3986 compliant, it won't work. You might want to roll your own, it's a couple lines of code and a regex. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- EH! STEVE! ---
Re: [twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Thanks a lot Cameron! I was just sitting down to write my lib, planning on doing as you suggest below. On Thu, May 20, 2010 at 5:06 PM, Cameron Kaiser spec...@floodgap.comwrote: I will write my own if I have to. But before I do, I'd like to understand as many details as possible about the specifics of Twitter's RFC 3986 behavior. This is the regex I'm using, which is known to work: $x =~ s/([^-0-9a-zA-Z._~])/%.uc(unpack(H2,$1))/eg; In short, letters, numbers, and the set of -._~ are NOT URL encoded. Everything else is. Note this routine is not 100% UTF-8 safe as written; I have other code that handles that, so you may need to do that as your library warrants. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- People are weird. -- Law Order SVU ---
