Re: [twitter-dev] 401 Unauthorized in Python/Twisted app
Hi Taylor, Thank you for your response. Originally, I did forget to add an oauth_timestamp field. I've since included one, but still have the same problem. I modified my app to dump out the base string. Here's what I got: GEThttps%3A%2F%2Fuserstream.twitter.com%2F2%2Fuser.jsondelimited%3Dlength%26oauth_nonce%3D05963995484855701581311629784779%26oauth_timestamp%3D1309276024%26oauth_version%3D1.0 Does that look right? Eryn On 2011-06-27, at 08:10, Taylor Singletary wrote: Hi Eryn, I'm not too familiar with the Twisted framework or its implementation of OAuth, so take what I recommend with a grain of salt. * Access tokens generated through the OAuth flow on Twitter, regardless of the technique used (PIN code, xAuth, vanilla OAuth) are long-lived and do not expire until the end-user makes an explicit effort to revoke the access. You store the access token and access token secret. * While OAuth in theory should just work when it works in one spot, there's a great amount of variation in the amount of wrongness that given services will tolerate when evaluating the credentials. Long- term, we're working to normalize the entire validation procedure across all of our services, but in reality the streaming API and the REST API use different OAuth engines to evaluate the validity of the request -- the streaming API's OAuth verification is considerably stricter than the REST API's more forgiving implementation. * I notice that your authorization header is missing a oauth_timestamp parameter -- is that a copy and paste error? Do you know how to locate the OAuth signature base string in the Python library you are using -- it can often be buried under private or protected methods but the string is invaluable in debugging issues like this. Thanks, Taylor On Jun 24, 7:54 pm, Eryn Wells e...@3b518c.com wrote: Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection tohttps://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized in Python/Twisted app
An interesting note, perhaps. I was writing unit tests last night to check my OAuth implementation. I was able to connect and retrieve data via the regular API (api.twitter.com), but I still have the 401 issue when trying to connect to the user stream API. On 2011-06-24, at 19:54, Eryn Wells wrote: Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection to https://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] 401 Unauthorized in Python/Twisted app
Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection to https://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] 401 Unauthorized Responses to requests signed with whitelisted account
Hello, I am a Java developer working on a web application that makes use of the Twitter API. We use the Signpost library (version 1.2.1.1) to perform OAuth and issue API requests, and have been doing so successfully for months. We have been signing our requests with a whitelisted key and secret that has a 20,000 request/hour rate limit. In the last few days, we started getting only 401 Not Authorized responses when using these credentials. Upon looking back at our server logs, I notice other requests failures dating back to at least Feb 17, but they are sporadic. Error messages look like this: WARN org.apache.http.impl.client.DefaultHttpClient Authentication error: Unable to respond to any of these challenges: {oauth=WWW- Authenticate: OAuth realm=http://api.twitter.com} The response header shows 401 but no other enlightening information. I have paid attention to and read lots of other postings related to OAuth, and want to emphasize that our system has been working for quite a while - we make calls using the proper end points and so forth: http://api.twitter.com/1/users/show.json?user_id=[id] Something appears to have changed on Twitter's end but we don't know what. Can anyone shed some light on what might be happening? We have already verified with Twitter API support that our credentials should still be viable - perhaps there has been an inadvertent shutdown of that account? Thank you in advance for any help or guidance! Sincerely, Chris Stolte -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized Responses to requests signed with whitelisted account
Hi Christopher, Could you attempt to get the response body for the request either by repeating the request or enhancing your logs. The reason for the 401 is communicated in the response body and knowing that will help explain what is going on. Best, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Mon, Apr 18, 2011 at 11:23 AM, Christopher Stolte stolte...@gmail.comwrote: Hello, I am a Java developer working on a web application that makes use of the Twitter API. We use the Signpost library (version 1.2.1.1) to perform OAuth and issue API requests, and have been doing so successfully for months. We have been signing our requests with a whitelisted key and secret that has a 20,000 request/hour rate limit. In the last few days, we started getting only 401 Not Authorized responses when using these credentials. Upon looking back at our server logs, I notice other requests failures dating back to at least Feb 17, but they are sporadic. Error messages look like this: WARN org.apache.http.impl.client.DefaultHttpClient Authentication error: Unable to respond to any of these challenges: {oauth=WWW- Authenticate: OAuth realm=http://api.twitter.com} The response header shows 401 but no other enlightening information. I have paid attention to and read lots of other postings related to OAuth, and want to emphasize that our system has been working for quite a while - we make calls using the proper end points and so forth: http://api.twitter.com/1/users/show.json?user_id=[id] Something appears to have changed on Twitter's end but we don't know what. Can anyone shed some light on what might be happening? We have already verified with Twitter API support that our credentials should still be viable - perhaps there has been an inadvertent shutdown of that account? Thank you in advance for any help or guidance! Sincerely, Chris Stolte -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401 unauthorized on blackberry after appending ;interface=wifi
Hi On blackberry with httpConnection, I need to add network transport string such as ;interface=wifi to the url. The problem is, once I added the network transport string, I get 401 unauthorized for status update and GET statuses/user_timeline. If I remove the transport string, then I can POST updates and GET statuses everything runs fine. So it seems the request I'm sending to twitter api is correct. Is there anything special with the transport string that might cause problems? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] (401) Unauthorized
There is an active thread for this issue http://code.google.com/p/twitter-api/issues/detail?id=2118 you're not alone on this one, there are many people suffering from this issue. On Tue, Mar 29, 2011 at 6:26 AM, naresh naresh.d...@gmail.com wrote: Hi We have integrated our web application to use twitter oAuth for publishing the tweet etc. We have integrated the twitter oAuth some months back.It used to work fine, but now all of sudden we have start getting this 401 error.This works fine sometime and sometime it does not work.We are correctly setting the callback url etc, we are dynamically passing the callback url. When we have debugged and uses the callback url as localhost:port then it works fine but on our production servers it does not seems to be working fine? Thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401 unauthorized
Is anyone else experiencing any 401 errors all of a sudden? I was doing some testing this morning and was logging in fine using twitter and then 10 min later I started getting 401 unauthorized errors. Thanks, Trevor -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 unauthorized
Hi Trevor, Could you share the request and response you are sending so we can investigate. Remember to obscure user and consumer secrets. Thanks, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean trevord...@gmail.com wrote: Is anyone else experiencing any 401 errors all of a sudden? I was doing some testing this morning and was logging in fine using twitter and then 10 min later I started getting 401 unauthorized errors. Thanks, Trevor -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401 Unauthorized responses on OAUTH
We're getting a ton of 401 errors when people are trying to OAuth against some of our sites. These sites have been in production for years (and one new one went up yesterday). When we get the error, we get no message in the Response. From the client perspective, it happens when you click the Allow button and Twitter redirects back to us. I've checked all the usual things 1) Server clock is synced correctly to nist time (and the server runs in UTC, so no timezone/DST issues) 2) The servers haven't had any recent patches. 3) Same applications were working fine and haven't been changed (except the new site) 4) We get the same issues no matter what user we're logged into Twitter as. 5) We get the same issues even when running from the Amazon EC2 instance (IP whitelisted) or our QA servers (also IP whitelisted) or from development machines (not whitelisted). 6) Occasionally (1 in 20 or worse) we get a success. 7) Nonce values are NOT being reused and we're (still) using DotNetOAuth for the library to handle that part (no change) 8) Happens on all of these: http://stlindex.com (application under @STLIndex) http://stltweets.com (application under @STLTweets) http://loufesttweets.com (application under @LouFestTweets) http://taste.stltweets.com (application under @STLTweets) Typical failure: REQUEST Headers: (https://twitter.com:443/) Authorization: OAuth oauth_verifier=fRSn84gupR7TFAW5G5ySm4c2LmuvD9x8ZckCHIEA, oauth_token=MfgvKyS4Vgxy8c1kNgw7h3owkpAlzdqG223DTIs8vc, oauth_consumer_key=MliXkE6e4kCJY2U10OH8sQ, oauth_nonce=gkJy165f, oauth_signature_method=HMAC-SHA1, oauth_signature=9tRuLd55El37hJ2fqJs2cJVREaM%3D, oauth_version=1.0, oauth_timestamp=1300464048 User-Agent: DotNetOpenAuth/3.4.5.10201 Host: twitter.com RESPONSE: Status: 401 Unauthorized X-Transaction: 1300464048-3423-38581 X-Runtime: 0.00544 Pragma: no-cache X-Revision: DEV Content-Length: 1 Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Content-Type: text/html; charset=utf-8 Date: Fri, 18 Mar 2011 16:00:48 GMT Expires: Tue, 31 Mar 1981 05:00:00 GMT Last-Modified: Fri, 18 Mar 2011 16:00:48 GMT Set-Cookie: k=208.82.145.5.1300464048881173; path=/; expires=Fri, 25- Mar-11 16:00:48 GMT; domain=.twitter.com,guest_id=13004640478451; path=/; expires=Sun, 17 Apr 2011 16:00:48 GMT, _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPmasskuAToHaWQiJWFkNDcxMzE2Yjg1YmIy %250ANDkzMGFkMWI3YmM5NTZlNDA5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--1c8558a834ffe3d40ae9be1bed2360f83555f5ae; domain=.twitter.com; path=/; HttpOnly Server: hi X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized responses on OAUTH
Ryan's just told me they're currently aware of the issue and looking into it. On 18 Mar 2011, at 19:13, Ninjamonk wrote: I am also getting these problems. They have been on and off all day. The same code works fine and 5 mins later it throws 401's and its been working for 6 months no problem. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401: Unauthorized (Python)
I have an application that contains a simple setup using the oauthtwitter library found here. http://code.google.com/p/oauth-python-twitter/ #Example code twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY, CONSUMER_SECRET) request_token = twitter.getRequestToken() oauth_verifier = request.GET.get('oauth_verifier') access_token = twitter.getAccessToken(request_token, oauth_verifier) I'm failing at getting the access token. I have a verifier and am passing that along, like the example in the oauth lib, however am continuing to get (all day now) 401s. My system time is set correctly, as this is in a Django project, and I'm setting it via TIME_ZONE = 'America/Kentucky/Louisville' in my settings.py. Can anyone help? Thanks, John -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401: Unauthorized (Python)
Hi John, What is the does the body of the error response say? The message will tell you which part of the oauth request failed. Also be aware that oauth timestamps are in UTC seconds. Best, @themattharris On Feb 4, 2011, at 12:45, john john.g...@gmail.com wrote: I have an application that contains a simple setup using the oauthtwitter library found here. http://code.google.com/p/oauth-python-twitter/ #Example code twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY, CONSUMER_SECRET) request_token = twitter.getRequestToken() oauth_verifier = request.GET.get('oauth_verifier') access_token = twitter.getAccessToken(request_token, oauth_verifier) I'm failing at getting the access token. I have a verifier and am passing that along, like the example in the oauth lib, however am continuing to get (all day now) 401s. My system time is set correctly, as this is in a Django project, and I'm setting it via TIME_ZONE = 'America/Kentucky/Louisville' in my settings.py. Can anyone help? Thanks, John -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor, In order to test your 1st suggestion do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? we created a simple test procedure on our public web server, to simulate the google end point https://api.twitter.com/oauth/access_token. So with our test program pointing to another end point we could capture the values that googles end point might receive. The values received by our web service end point (simulator) (along with other CGI values) are: HTTP_AUTHORIZATION= OAuth oauth_consumer_key=TY0Js5vMc04HNqmqIkNEnQ, oauth_nonce=jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF, oauth_signature=%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288666484, oauth_version=1.0 REQUEST_METHOD=POST So I presume this is indicating the post request is not munged/altered in any way by the Microsoft XMLHTTP OCX when it sends the request using: Create Microsoft.XMLHTTP objHTTP . objHTTP:open(POST,api-atokin, false, p-username, p-password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:SetRequestHeader(Content-Type,application/x-www-form- urlencoded). objHTTP:send(). Note: The syntax of the Progress code (above) that uses objHTTP is very similiar to Visual basic. In fact we used the syntax for objHTTP:open and setRequestHeader(Authorization that you see above, in the same way as it is used in the googe examples in http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html (open this Google example page and view HTML source from lines 32 to 53..) We are checking the 2nd and 3rd suggestions now... and hope to have further test results posted in next few hours.. Taylor Singletary wrote: Hi Martin, Thanks for your patience in working through xAuth with the issues you're facing. Given the information you've provided, it's difficult to determine exactly what might be amiss here. I'm unfamiliar with the programming environment you are using -- do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? If you utilize an access token obtained through other means (such as by the procedure outlined in http://bit.ly/1token ) are you able to get any other kind of OAuth-based requests functional with your OAuth library? You mentioned that you successfully recreated the examples at http://dev.twitter.com/pages/xauth -- acknowledging that those values would also return a 401 from our API but provide a safe login password you can share on a public forum, is there any way you can perform an HTTP capture of the entire request cycle using those static values? This would allow us to see the entire HTTP request, including headers sent/received, the raw POST body, etc -- which may yield an obvious answer as to why your implementation is not working. Hang in there! Taylor On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote: We had an application successfully talking to twitter for a few years prior to oAuth, and now converting this application to xAuth and cant get past the first step. The application gets a 401 Unauthorized response when attempting to get the access token. Have confirmed our program when provided with the same consumer_key and Secret key as on twitter documentation page http://dev.twitter.com/pages/xauth produces exactly the same Singature, parameters, base string as on http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed string comparisons of output at each step to the twitter documentation http://dev.twitter.com/pages/xauth by placing the twitter values in a string variable and comparing to the values produced by our program, so confident these are the same) . Using our consumer and secret keys in the test site http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests and compared the base string and signature results to our program and again they are exactly the same. Have checked the time stamp is producing correct time (based on enoch time) by comparing against against http://unixtimestamp.com/index.php Passing my consumer_secret with at end into signature generator (which as I said above seems to be producing correct results because we used values in http://dev.twitter.com/pages/xauth and it generated the same oauth_signature value) Base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ %26oauth_nonce %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D %26x_auth_username%3D Authorization header parameters: OAuth oauth_nonce=uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288131701,
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor, In releatio to the 2nd test, I have used the values from http://dev.twitter.com/pages/xauth and inserted these into my program to step through the process. Base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Secret key used in generation of signature: 9z6157pUbOBqtbm0A0q4r29Y2EYzIHlUwbF4Cl9c oauth_signature generated: 1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D Authorization string sent in Authorization Header v-params = OAuth oauth_nonce=6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1284565601, oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature=1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D, oauth_version=1.0 This is then sent to Twitter via: Create Microsoft.XMLHTTP objHTTP. objHTTP:open(POST,'https://api.twitter.com/oauth/access_token', false, p-username, p-password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:SetRequestHeader(Content-Type,application/x-www-form- urlencoded). objHTTP:send(). Questions: In relation to the Authorization string sent in Authorization Header which is as follows: v-params = OAuth oauth_nonce=6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1284565601, oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature=1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D, oauth_version=1.0 1. Does the name/value pairs in the string need to be in any particular order a) i.e. the name/value pairs must be in decending order for encoding as a signature, but in the documentation in http://dev.twitter.com/pages/xauth the name/value pairs sent in Authorization header are in a different order. I understand they are in decending order for signature, does the order matter for the Authorization header? b) Should the authorization header name/value pairs be URL encoded ..? 2. All the documentation sugests that the nonce is a random number and we borrowed and adapted some code to generate this number each time.. Please confirm that this is correct. We are now performing another test based on your suggestions and results of todays investigations/tests and will post results as soon as complete. Taylor Singletary wrote: Hi Martin, Thanks for your patience in working through xAuth with the issues you're facing. Given the information you've provided, it's difficult to determine exactly what might be amiss here. I'm unfamiliar with the programming environment you are using -- do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? If you utilize an access token obtained through other means (such as by the procedure outlined in http://bit.ly/1token ) are you able to get any other kind of OAuth-based requests functional with your OAuth library? You mentioned that you successfully recreated the examples at http://dev.twitter.com/pages/xauth -- acknowledging that those values would also return a 401 from our API but provide a safe login password you can share on a public forum, is there any way you can perform an HTTP capture of the entire request cycle using those static values? This would allow us to see the entire HTTP request, including headers sent/received, the raw POST body, etc -- which may yield an obvious answer as to why your implementation is not working. Hang in there! Taylor On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote: We had an application successfully talking to twitter for a few years prior to oAuth, and now converting this application to xAuth and cant get past the first step. The application gets a 401 Unauthorized response when attempting to get the access token. Have confirmed our program when provided with the same consumer_key and Secret key as on twitter documentation page http://dev.twitter.com/pages/xauth produces exactly the same Singature, parameters, base string as on http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed string comparisons of output at each step to the twitter documentation http://dev.twitter.com/pages/xauth by placing the twitter values in a string variable and comparing to the values produced by our program, so confident these are the same) . Using our consumer and secret keys in the test site http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests and compared the base string and signature results to our program and again they are exactly the same. Have checked the time stamp is producing correct time (based on enoch time) by comparing against against http://unixtimestamp.com/index.php Passing my consumer_secret with at end into signature generator
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor, Success, the missing peice of the puzzle was that we needed to send the post Body, which although it was explained in documentation, we thought it was there for explanation of how the values are accumulated for the base string.. seems obvious now, but when your trying to do this for 1st time, it wasnt obvious then. So the find part of the send is: objHTTP:send(x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth). So my last question is, should this be url encoded, because when we URL encoded (as the doco suggests) it did NOT work. Martin Hannah wrote: Hi Taylor, In order to test your 1st suggestion do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? we created a simple test procedure on our public web server, to simulate the google end point https://api.twitter.com/oauth/access_token. So with our test program pointing to another end point we could capture the values that googles end point might receive. The values received by our web service end point (simulator) (along with other CGI values) are: HTTP_AUTHORIZATION= OAuth oauth_consumer_key=TY0Js5vMc04HNqmqIkNEnQ, oauth_nonce=jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF, oauth_signature=%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288666484, oauth_version=1.0 REQUEST_METHOD=POST So I presume this is indicating the post request is not munged/altered in any way by the Microsoft XMLHTTP OCX when it sends the request using: Create Microsoft.XMLHTTP objHTTP . objHTTP:open(POST,api-atokin, false, p-username, p-password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:SetRequestHeader(Content-Type,application/x-www-form- urlencoded). objHTTP:send(). Note: The syntax of the Progress code (above) that uses objHTTP is very similiar to Visual basic. In fact we used the syntax for objHTTP:open and setRequestHeader(Authorization that you see above, in the same way as it is used in the googe examples in http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html (open this Google example page and view HTML source from lines 32 to 53..) We are checking the 2nd and 3rd suggestions now... and hope to have further test results posted in next few hours.. Taylor Singletary wrote: Hi Martin, Thanks for your patience in working through xAuth with the issues you're facing. Given the information you've provided, it's difficult to determine exactly what might be amiss here. I'm unfamiliar with the programming environment you are using -- do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? If you utilize an access token obtained through other means (such as by the procedure outlined in http://bit.ly/1token ) are you able to get any other kind of OAuth-based requests functional with your OAuth library? You mentioned that you successfully recreated the examples at http://dev.twitter.com/pages/xauth -- acknowledging that those values would also return a 401 from our API but provide a safe login password you can share on a public forum, is there any way you can perform an HTTP capture of the entire request cycle using those static values? This would allow us to see the entire HTTP request, including headers sent/received, the raw POST body, etc -- which may yield an obvious answer as to why your implementation is not working. Hang in there! Taylor On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote: We had an application successfully talking to twitter for a few years prior to oAuth, and now converting this application to xAuth and cant get past the first step. The application gets a 401 Unauthorized response when attempting to get the access token. Have confirmed our program when provided with the same consumer_key and Secret key as on twitter documentation page http://dev.twitter.com/pages/xauth produces exactly the same Singature, parameters, base string as on http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed string comparisons of output at each step to the twitter documentation http://dev.twitter.com/pages/xauth by placing the twitter values in a string variable and comparing to the values produced by our program, so confident these are the same) . Using our consumer and secret keys in the test site http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests and compared the base string and signature results to our program and again they are exactly the same. Have checked the time stamp is producing correct time (based on enoch time) by comparing against against http://unixtimestamp.com/index.php Passing my consumer_secret with at end into signature generator (which as I said above seems to be producing
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor, Now I have the Access Token and I use the explanations in http://dev.twitter.com/pages/auth to make a request on users behalf, I get a response from twitter: Twitter Response= {errors:[{code:53,message:Basic authentication is not supported}]} Status= 401 StatusTxt= Unauthorized I am using the same procedure just changing the paramaters to follow the example in http://dev.twitter.com/pages/auth and signing the request with oauth_consumer_secret + + oauth_token_secret tied to my access token... Posting to: http://api.twitter.com/1/statuses/update.json Authorization header parameters: OAuth oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ, oauth_nonce=M2XTcq44gwlMHw9VbP98FQkB7TRSc1iIX0IOiAA500B, oauth_signature=f6Xz1tSwO8FCvkIJu4mgXYfNvUM%3D, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288703533, oauth_token=46989789-6NoccKZ1NVN3wdtlRGyhQrUG3b9RcU9Tkn372uIg3, oauth_version=1.0, status=PostingthroughMicrosoftXMLHTTP Any suggestions ? Martin Hannah wrote: Hi Taylor, Success, the missing peice of the puzzle was that we needed to send the post Body, which although it was explained in documentation, we thought it was there for explanation of how the values are accumulated for the base string.. seems obvious now, but when your trying to do this for 1st time, it wasnt obvious then. So the find part of the send is: objHTTP:send(x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth). So my last question is, should this be url encoded, because when we URL encoded (as the doco suggests) it did NOT work. Martin Hannah wrote: Hi Taylor, In order to test your 1st suggestion do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? we created a simple test procedure on our public web server, to simulate the google end point https://api.twitter.com/oauth/access_token. So with our test program pointing to another end point we could capture the values that googles end point might receive. The values received by our web service end point (simulator) (along with other CGI values) are: HTTP_AUTHORIZATION= OAuth oauth_consumer_key=TY0Js5vMc04HNqmqIkNEnQ, oauth_nonce=jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF, oauth_signature=%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288666484, oauth_version=1.0 REQUEST_METHOD=POST So I presume this is indicating the post request is not munged/altered in any way by the Microsoft XMLHTTP OCX when it sends the request using: Create Microsoft.XMLHTTP objHTTP . objHTTP:open(POST,api-atokin, false, p-username, p-password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:SetRequestHeader(Content-Type,application/x-www-form- urlencoded). objHTTP:send(). Note: The syntax of the Progress code (above) that uses objHTTP is very similiar to Visual basic. In fact we used the syntax for objHTTP:open and setRequestHeader(Authorization that you see above, in the same way as it is used in the googe examples in http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html (open this Google example page and view HTML source from lines 32 to 53..) We are checking the 2nd and 3rd suggestions now... and hope to have further test results posted in next few hours.. Taylor Singletary wrote: Hi Martin, Thanks for your patience in working through xAuth with the issues you're facing. Given the information you've provided, it's difficult to determine exactly what might be amiss here. I'm unfamiliar with the programming environment you are using -- do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? If you utilize an access token obtained through other means (such as by the procedure outlined in http://bit.ly/1token ) are you able to get any other kind of OAuth-based requests functional with your OAuth library? You mentioned that you successfully recreated the examples at http://dev.twitter.com/pages/xauth -- acknowledging that those values would also return a 401 from our API but provide a safe login password you can share on a public forum, is there any way you can perform an HTTP capture of the entire request cycle using those static values? This would allow us to see the entire HTTP request, including headers sent/received, the raw POST body, etc -- which may yield an obvious answer as to why your implementation is not working. Hang in there! Taylor On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote: We had an application successfully talking to twitter for a few years prior to oAuth, and now converting this application to xAuth and cant get past the first step. The application gets a 401 Unauthorized response when attempting to get the access
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Martin, Thanks for your patience in working through xAuth with the issues you're facing. Given the information you've provided, it's difficult to determine exactly what might be amiss here. I'm unfamiliar with the programming environment you are using -- do you know if your HTTP transport method munges any HTTP headers or adds its own HTTP headers in any way? If you utilize an access token obtained through other means (such as by the procedure outlined in http://bit.ly/1token ) are you able to get any other kind of OAuth-based requests functional with your OAuth library? You mentioned that you successfully recreated the examples at http://dev.twitter.com/pages/xauth -- acknowledging that those values would also return a 401 from our API but provide a safe login password you can share on a public forum, is there any way you can perform an HTTP capture of the entire request cycle using those static values? This would allow us to see the entire HTTP request, including headers sent/received, the raw POST body, etc -- which may yield an obvious answer as to why your implementation is not working. Hang in there! Taylor On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote: We had an application successfully talking to twitter for a few years prior to oAuth, and now converting this application to xAuth and cant get past the first step. The application gets a 401 Unauthorized response when attempting to get the access token. Have confirmed our program when provided with the same consumer_key and Secret key as on twitter documentation page http://dev.twitter.com/pages/xauth produces exactly the same Singature, parameters, base string as on http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed string comparisons of output at each step to the twitter documentation http://dev.twitter.com/pages/xauth by placing the twitter values in a string variable and comparing to the values produced by our program, so confident these are the same) . Using our consumer and secret keys in the test site http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests and compared the base string and signature results to our program and again they are exactly the same. Have checked the time stamp is producing correct time (based on enoch time) by comparing against against http://unixtimestamp.com/index.php Passing my consumer_secret with at end into signature generator (which as I said above seems to be producing correct results because we used values in http://dev.twitter.com/pages/xauth and it generated the same oauth_signature value) Base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ %26oauth_nonce %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D %26x_auth_username%3D Authorization header parameters: OAuth oauth_nonce=uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288131701, oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ, oauth_signature=VQYSXdvrEtlvugqUpTXbCjYTNa0%3D, oauth_version=1.0 Twitter response: Status= 401 StatusTxt= Unauthorized Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT Server: hi Status: 401 Unauthorized X-Transaction: 1288128121-92836-33309 Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT X-Runtime: 0.00473 Content-Type: text/html; charset=utf-8 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa %252BorASIKZmxhc2hJQzonQWN0aW9uQ29u %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl %250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw-- f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/ Connection: close The actual Send procedure is: (tried procedure using both both blank and valid p-username and p-password) define var objHTTP as com-handle. Create Microsoft.XMLHTTP objHTTP . objHTTP:open(POST,api-atokin, false, p-username, p-password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:SetRequestHeader(Content-Type,application/x-www-form- urlencoded). objHTTP:send(). v-response = 'Response= ' + objHTTP:responseText + chr(10) + 'Status= '+ objHTTP:status + chr(10) + 'StatusTxt= ' + objHTTP:statusText + chr(10) + 'Headers= ' + objHTTP:getAllResponseHeaders() + chr(10) . I have emailed api.twitter.com and asked for them to check that I have xAuth enabled and they responded: I can confirm that your application, client ID xxx, has xAuth access and I just refreshed its permissions and consumer keys for good measure. If you still get 401 errors when trying to use xAuth
[twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
We had an application successfully talking to twitter for a few years prior to oAuth, and now converting this application to xAuth and cant get past the first step. The application gets a 401 Unauthorized response when attempting to get the access token. Have confirmed our program when provided with the same consumer_key and Secret key as on twitter documentation page http://dev.twitter.com/pages/xauth produces exactly the same Singature, parameters, base string as on http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed string comparisons of output at each step to the twitter documentation http://dev.twitter.com/pages/xauth by placing the twitter values in a string variable and comparing to the values produced by our program, so confident these are the same) . Using our consumer and secret keys in the test site http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests and compared the base string and signature results to our program and again they are exactly the same. Have checked the time stamp is producing correct time (based on enoch time) by comparing against against http://unixtimestamp.com/index.php Passing my consumer_secret with at end into signature generator (which as I said above seems to be producing correct results because we used values in http://dev.twitter.com/pages/xauth and it generated the same oauth_signature value) Base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ %26oauth_nonce %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D %26x_auth_username%3D Authorization header parameters: OAuth oauth_nonce=uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288131701, oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ, oauth_signature=VQYSXdvrEtlvugqUpTXbCjYTNa0%3D, oauth_version=1.0 Twitter response: Status= 401 StatusTxt= Unauthorized Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT Server: hi Status: 401 Unauthorized X-Transaction: 1288128121-92836-33309 Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT X-Runtime: 0.00473 Content-Type: text/html; charset=utf-8 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa %252BorASIKZmxhc2hJQzonQWN0aW9uQ29u %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl %250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw-- f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/ Connection: close The actual Send procedure is: (tried procedure using both both blank and valid p-username and p-password) define var objHTTP as com-handle. Create Microsoft.XMLHTTP objHTTP . objHTTP:open(POST,api-atokin, false, p-username, p-password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:SetRequestHeader(Content-Type,application/x-www-form- urlencoded). objHTTP:send(). v-response = 'Response= ' + objHTTP:responseText + chr(10) + 'Status= '+ objHTTP:status + chr(10) + 'StatusTxt= ' + objHTTP:statusText + chr(10) + 'Headers= ' + objHTTP:getAllResponseHeaders() + chr(10) . I have emailed api.twitter.com and asked for them to check that I have xAuth enabled and they responded: I can confirm that your application, client ID xxx, has xAuth access and I just refreshed its permissions and consumer keys for good measure. If you still get 401 errors when trying to use xAuth with these new keys, please post about it in our Developer Talk Group: http://groups.google.com/group/twitter-development-talk . Our developer advocates have been tracking some issues like these and will be happy to help you out there, as well as use any information you provide to debug any possible related issues on our side. I apologize for the inconvenience. I am stumped, and my team has been on this for 3 weeks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] (401) Unauthorized
I am getting an error executing the same code that has been working fine until today. I am getting an error when attempting to get access token, the error is Invalid / expired Token. I'm not sure what changed from yesterday to today, any idea? I am running this code locally so the callback is http://127.0.0.1/.../..., not sure if that is causing the issue. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] (401) Unauthorized
Like the error says: your token is invalid or has expired. Make sure that you are using the correct ones. Tom On 10/5/10 1:20 PM, Trevor Dean wrote: I am getting an error executing the same code that has been working fine until today. I am getting an error when attempting to get access token, the error is Invalid / expired Token. I'm not sure what changed from yesterday to today, any idea? I am running this code locally so the callback is http://127.0.0.1/.../..., not sure if that is causing the issue. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] (401) Unauthorized
This code hasn't changed and was working yesterday and has been working for many months. This error is happening right after the user has allowed the application permission and is returning back to my application with tokens. There is no chance for these tokens to expire so I don't think that this is the issue On Tue, Oct 5, 2010 at 7:24 AM, Tom van der Woerdt i...@tvdw.eu wrote: Like the error says: your token is invalid or has expired. Make sure that you are using the correct ones. Tom On 10/5/10 1:20 PM, Trevor Dean wrote: I am getting an error executing the same code that has been working fine until today. I am getting an error when attempting to get access token, the error is Invalid / expired Token. I'm not sure what changed from yesterday to today, any idea? I am running this code locally so the callback is http://127.0.0.1/.../.. http://127.0.0.1/., not sure if that is causing the issue. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized on status update
Please show your Base String. A lot of issues are related to the Base String. Also, to answer your question: yes, you need to combine both secrets. consumersecretusersecret = your signing key. Tom On 9/12/10 12:09 AM, DK wrote: I keep getting this when I try to update status. I am using xAuth and am able to successfully get access token. MY request: POST /1/statuses/update.xml HTTP/1.1 Accept: */* Referer: file:///Applications/Install/8B95EF94-D747-4976-B877-9C0D6F69C000/Install/ Content-Length: 140 Accept-Encoding: identity Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=7fa7df55-dff0-498d- a412-31f311a58aa2, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1284241920, oauth_consumer_key=xx, oauth_token=185630219-3cz8iKUYxazA9RQyXMSl0WIZK76lJTYlrJ7LZUeR, oauth_signature=5F19ANULI0fYZVVCicdbcSTiF2g%3D, oauth_version=1.0 User-Agent: @sebagomez shelltwit Host: api.twitter.com Connection: Keep-Alive Cache-Control: no-cache status=Nothing%20is%20to%20come%2C%20and%20nothing%20past%3A%20But%20an %20eternal%20now%2C%20does%20always%20last.%20%0A-%20Abraham%20Cowley the response i get is: HTTP/1.1 401 Unauthorized Date: Sat, 11 Sep 2010 21:52:54 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm=Twitter API Content-Type: application/xml; charset=utf-8 Content-Length: 135 Cache-Control: no-cache, max-age=1800 Set-Cookie: k=173.79.181.196.1284241973942054; path=/; expires=Sat, 18- Sep-10 21:52:53 GMT; domain=.twitter.com Set-Cookie: guest_id=128424197394768797; path=/; expires=Mon, 11 Oct 2010 21:52:53 GMT Set-Cookie: original_referer=fBxhJyK4Ko2le28vCjFdUuU0TPqFAtRdqYyfC0jPsNARZDQUgPOC8mBAw3pSUcn9KGWZLCcqP3zbWjCZVfqsrV8qgcG0M3IvAN %2FeDqwRZDs%3D; path=/ Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMhiyQIrAToHaWQiJTA0NTkyNDA5YWI5ZWRm %250ANmEyYTIzZmVlMmI2MGQyODhlIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--048b4c682393f66d9e63abd364abb048db4022cf; domain=.twitter.com; path=/ Expires: Sat, 11 Sep 2010 22:22:53 GMT Vary: Accept-Encoding Connection: close ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash I am urlencoding the params. Do I need to also include the consumer secret in the signature? Any help is really appreciated as I have spend 2 full days with this :- ( -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] 401 unauthorized error
Hi~ I'm developing the twitter application with Android. For posting twitpic data, I use Oauth echo, but I'v got 401 error. Could not authentication you. (header rejected by twitter) Oauth header POST /2/upload.xml HTTP 1.1 x-auth-service-provider: https://api.twitter.com/1/account/verify_credentials.xml x-verify-credentials-authorization: Oauth realm=http:// api.twitter.com, oauth_consumer_key=a, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1212, oauth_nonce=123123, oauth_version=1.0, oauth_token=user_oauth_token . What is the problem? I have spent for a week. --;
[twitter-dev] 401 Unauthorized with oauth gem
Did anything change in the API (couldn't find anything in the API changelog) that would make all new users who are associating their Twitter acounts to my app get a 401 on status update? All accounts up to a few days ago are still working, newer ones get 401 using absolutely the same codebase and the oauth gem (Ruby) version 0.3.6. Kinda hard to debug. Cheers, -Fabio. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] 401 Unauthorized
Hi everyone, I am developing an application using Twitter API and I have encountered into a strange behavior connected with 401 error. I am using basic auth. When I run my application locally, it works just fine and I never get any 401 errors. However, when I run my application on another environment, I get 401 error in approximately 80% cases. I am completely sure that the credentials are correct. What makes this situation even more weird is that I am working with several accounts, and most of them work fine in both environments. I am experiencing problems only with one account. All accounts I work with are whitelisted, so rate limit should not be an issue here. I have no idea what may cause this behavior. Could you please explain me the possible reasons I am getting 401? Thanks, Uladzimir
[twitter-dev] 401 - Unauthorized error when diacritics in status
I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
I believe it has been fixed in some libraries in other programming languages, but I can't figure out how to do it in .Net. Ryan On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan aralbal...@gmail.com wrote: Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
this would be news to me - if you have a way to replicate this, and you are confident its not your oauth libraries, then please let me know. On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford ryanalford...@gmail.comwrote: I believe it has been fixed in some libraries in other programming languages, but I can't figure out how to do it in .Net. Ryan On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan aralbal...@gmail.comwrote: Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
I think it is the way that .Net handles encoding of the diacritics. I don't think it's a Twitter api issue. I was hoping that another .Net developer had run into this issue and had fixed it. Ryan On Tue, Feb 23, 2010 at 2:07 PM, Raffi Krikorian ra...@twitter.com wrote: this would be news to me - if you have a way to replicate this, and you are confident its not your oauth libraries, then please let me know. On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford ryanalford...@gmail.comwrote: I believe it has been fixed in some libraries in other programming languages, but I can't figure out how to do it in .Net. Ryan On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan aralbal...@gmail.comwrote: Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] 401 unauthorized
My website uses twitter for authentication, For the past 24 hours the OAuth sign in is continuously returning 401 , i am not able to figure out what to do? Has some one faced similar problems? My site has been down for 24 hours now because of this. please help me out here.
[twitter-dev] 401 Unauthorized
I having this error for a while and is happening only on my machine, I deploy the same project in another similar VM and it worked, so I am starting to think that there might be something related to my environment that is causing the 401 Unauthorized issue. I have a Mac with OS 10.5.6 and a VM running on Paralles, the VM is Fedora Core running ruby 1.8.6 (2007-06-07 patchlevel 36) [i386-linux], i am using twitter (0.7.5) and oauth (0.3.6) and when I run this code: oauth = Twitter::OAuth.new('consumer_key', 'consumer_secret') atokens = oauth.request_token(:oauth_callback = callback) I always get a 401 Unauthorized, apparently a couples of weeks ago there was a general issue with twitter API and was getting the same error from a completely different environment (PC) but now the general issue seems to be solved my PC is able to run the code but my VM still giving me the 401, any clue on how could I do further tests? BTW: I have already ask on the Twitter gem Google Group, waiting for answer. Just wanted to see if you could give me a clue Thanks,
[twitter-dev] 401 Unauthorized -- user_timeline -- using Numeric ID
I have been running into a recurring problem that I have been facing for the past couple of days, on numerous machines. I am extracting 200 tweets for a large number of users, using the numeric user ID (user_id). After a small number of requests (between 10 and 50) I receive nothing but This method requires authentication. Authenticating with my username and password does not make the message go away. I have verified that the users I am trying to pull are not protected users. I have also verified that I am not hitting the rate limit. On my latest attempt, I used an IP I have not used in the past. I was able to extract the first 200 tweets for *12* users, then I started receiving 401s (This method requires authentication) on every single request of this type. After about 10 minutes, I tried again and it worked for about another 15 users, then I started getting the same message as well as other messages including 502. Is this behavior expected? Does this 401 message possibly mean something else?
[twitter-dev] 401 Unauthorized with good access token (or seemingly good)
I am using python-auth, and oauth twitter to do backend authentication via twitter sign in. It works as designed. I am able to get an access_token and then use that to get the user info. I am having trouble when it comes to trying to post a status update using the oauth. I have pasted an example to illustrate my problem at http://pastebin.com/m50ed2c7e . You can see where I fail. Also at the bottom of that is pasted the encoded post data that I am sending to do the status update. Also, pasted below. encoded_post_data='status=Testoauth_nonce=43777168oauth_timestamp=1255665189oauth_consumer_key=MY_CONSUMER_KEYoauth_signature_method=HMAC- SHA1oauth_version=1.0oauth_token=SAME_AS_TOKEN.KEYoauth_signature=SIGNATURE_REMOVED' I don't expect anyone to be familiar with the libraries I am using but it is odd I can sign in properly but can't do much beyond that. I'd ideally like to chat with someone at twitter so I can send my Consumer info and the access_key in question to see if they can check things on their end and tell me what I am doing wrong. Thanks. Dan
[twitter-dev] 401 Unauthorized error while posting status with Unicode characters (non english characters)
I am getting 401 Unauthorized exception when updating status with non english characters using my app. This exception is happening for any Japanese or Korean characters. Another interesting thing is that it is possible to post some other non english characters like Malayalam. The exception will not happen for single word in these cases, but occurs for multiple words. For example consider the following example ØáÇÞµæù çµdw - does not work ØáÇÞµæùçµdw - with space removed works. Base signature for ØáÇÞµæù çµdw which throws exception is POSThttp%3A%2F%2Ftwitter.com%2Fstatuses %2Fupdate.jsonoauth_consumer_key% 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce %3D4504682%26oauth_signature_method% 3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396- 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version %3D1.0%26status% 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw and for ØáÇÞµæùçµdw which works is POSThttp%3A%2F%2Ftwitter.com%2Fstatuses %2Fupdate.jsonoauth_consumer_key% 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce %3D9388868%26oauth_signature_method% 3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396- 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version %3D1.0%26status% 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw OAuth client library I am using is in .Net Could you please help to solve this issue? Also I would like to know you support all unicode characters. Your help is greatly appreciated. Thanks, Satheesh Natesan
[twitter-dev] 401 Unauthorized...
Is Twitter still blocking posts to the API from non-white listed apps? Since the DDOS attack we can't seem to send any posts through the API using oAuth. Nothing in our code has changed but all was working prior to the attack. Is anyone out there havine any success sending messages with oauth (non-whitelisted app)??? Can someone/anyone please comment, I need to get our app working but considering our code has not changed I don't want to spend a lot of time chasing something down that is not my fault and out of my control. PLEASE HELP
[twitter-dev] 401 Unauthorized
Are anyone experiencing 401 Unauthorized errors? Everything worked fine before yesterday. Now we are getting 401 Unauthorized on both basic authorization and OAuth on 80% of the calls. Other 20% works fine. What's happening?
[twitter-dev] 401 Unauthorized When Getting an Access Token
I am using ASP .NET (VB) to try and authenticate using oAuth. I have been able to get a request token and direct a user to Twitter's authentication page. Twitter then redirects back to my app. At that point I attempt to get an access token, but I continue to receive 401 unauthorized errors. I have made sure that I am getting a new signature, using both the token and token secret when generating the signature, and that my url parameters are in alphabetical order, but I continue to get 401 errors. Has anyone experienced this, and if so, could you point me in the right direction toward diagnosing this issue? -Matt
[twitter-dev] 401: Unauthorized application or token on friendship/exists
I'm fairly sure I'm getting a proper token. Using the page http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html I get the same signature as in my failing url. GET looks like: http://twitter.com/friendship/exists.json? oauth_consumer_key=Rg4VBVUvAoThpl78duF3Rg oauth_nonce=375494971125145587 oauth_signature=xWCdscsa6I4GJphDIQAnsDmjyhM%3D oauth_signature_method=HMAC-SHA1 oauth_timestamp=1240933535 oauth_token=765803-e2mAy2wkQy4wRI9LQC73cZwbiwmmJ7mZJh04MZiWk oauth_version=1.0 user_a=tayknight user_b=wxtweet I must be missing something obvious. Other GETs work. I can provide secrets to TwitterAPI folks if they want to help debug. Thanks.
[twitter-dev] 401 unauthorized
My previous post is waiting to be moderated since I'm a newbie I think, but I was wrong. I thought it was a get vs. post issue, but it seems to be that my code works very intermittently. The error is always a 401 unauthorized in getting the access token from the request token. but once in a while it works fine. I'm using the Ruby tutorial from the wiki pretty much verbatim for now. To get it to work initially I had to add the authorize url to the oauth::consumer new call (rather than use the defaults) but that may have just been the intermittent nature. I'd like to debug this myself but I can't see where the authorize would ever return a 401 since I just got the request token (I can see where the previous step would return unauthorized if the user denied or some error occurred there). Anywhere I can look for hints? Could it be something about the fact I have rtied and failed a few times? I don't think I could have hit any reasonable limit. Ken
[twitter-dev] 401 Unauthorized on OAuth calls?
Hi everyone, since about half an hour ago I seem to be getting 401 Unauthorized responses to my OAuth-ed API calls. Is that a known problem? Regards, Dominik