Re: [twitter-dev] 401 Unauthorized in Python/Twisted app
Hi Taylor, Thank you for your response. Originally, I did forget to add an oauth_timestamp field. I've since included one, but still have the same problem. I modified my app to dump out the base string. Here's what I got: GEThttps%3A%2F%2Fuserstream.twitter.com%2F2%2Fuser.jsondelimited%3Dlength%26oauth_nonce%3D05963995484855701581311629784779%26oauth_timestamp%3D1309276024%26oauth_version%3D1.0 Does that look right? Eryn On 2011-06-27, at 08:10, Taylor Singletary wrote: Hi Eryn, I'm not too familiar with the Twisted framework or its implementation of OAuth, so take what I recommend with a grain of salt. * Access tokens generated through the OAuth flow on Twitter, regardless of the technique used (PIN code, xAuth, vanilla OAuth) are long-lived and do not expire until the end-user makes an explicit effort to revoke the access. You store the access token and access token secret. * While OAuth in theory should just work when it works in one spot, there's a great amount of variation in the amount of wrongness that given services will tolerate when evaluating the credentials. Long- term, we're working to normalize the entire validation procedure across all of our services, but in reality the streaming API and the REST API use different OAuth engines to evaluate the validity of the request -- the streaming API's OAuth verification is considerably stricter than the REST API's more forgiving implementation. * I notice that your authorization header is missing a oauth_timestamp parameter -- is that a copy and paste error? Do you know how to locate the OAuth signature base string in the Python library you are using -- it can often be buried under private or protected methods but the string is invaluable in debugging issues like this. Thanks, Taylor On Jun 24, 7:54 pm, Eryn Wells e...@3b518c.com wrote: Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection tohttps://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized in Python/Twisted app
An interesting note, perhaps. I was writing unit tests last night to check my OAuth implementation. I was able to connect and retrieve data via the regular API (api.twitter.com), but I still have the 401 issue when trying to connect to the user stream API. On 2011-06-24, at 19:54, Eryn Wells wrote: Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection to https://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] 401 Unauthorized in Python/Twisted app
Hello all, I'm quite new to OAuth and the Twitter API, and this is my first post to this list. I'm working on an app in Python using the Twisted framework. It uses brosner's fork of python-oauth2[1] to do the initial authentication and subsequent request signing. I'm using the PIN code flow for authentication. Do access tokens need to be generated every time you start the app, or can they be stored between runs and reused? If so, how long are the valid? Right now, my code writes the access token and secret out to a file and recovers it the next time it starts. The procedure seems to go just fine – I don't get any errors – but I can't really verify that everything is Correct because I don't really know what I'm looking for… Second thing, I'm at the point where I'm trying to do the initial connection to https://userstream.twitter.com/2/user.json. I'm using SSLConnect and web.HTTPClient, if that helps… I write out the command (GET url), and the headers (a Host and an Authorization header). The OAuth library generates the following Authorization header content. I get back a 401 Unauthorized error with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User Streams require OAuth, so why am I getting a Basic auth response? OAuth realm=Firehose, oauth_nonce=25622603816219309853125867384777, oauth_consumer_key=cut, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_token=cut, oauth_signature=1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D Anything obvious there that I'm doing wrong? Thanks, Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] 401 Unauthorized Responses to requests signed with whitelisted account
Hello,
I am a Java developer working on a web application that makes use of
the Twitter API. We use the Signpost library (version 1.2.1.1) to
perform OAuth and issue API requests, and have been doing so
successfully for months. We have been signing our requests with a
whitelisted key and secret that has a 20,000 request/hour rate limit.
In the last few days, we started getting only 401 Not Authorized
responses when using these credentials. Upon looking back at our
server logs, I notice other requests failures dating back to at least
Feb 17, but they are sporadic. Error messages look like this:
WARN org.apache.http.impl.client.DefaultHttpClient Authentication
error: Unable to respond to any of these challenges: {oauth=WWW-
Authenticate: OAuth realm=http://api.twitter.com}
The response header shows 401 but no other enlightening information.
I have paid attention to and read lots of other postings related to
OAuth, and want to emphasize that our system has been working for
quite a while - we make calls using the proper end points and so
forth:
http://api.twitter.com/1/users/show.json?user_id=[id]
Something appears to have changed on Twitter's end but we don't know
what.
Can anyone shed some light on what might be happening? We have
already verified with Twitter API support that our credentials should
still be viable - perhaps there has been an inadvertent shutdown of
that account?
Thank you in advance for any help or guidance!
Sincerely,
Chris Stolte
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized Responses to requests signed with whitelisted account
Hi Christopher,
Could you attempt to get the response body for the request either by
repeating the request or enhancing your logs. The reason for the 401 is
communicated in the response body and knowing that will help explain what is
going on.
Best,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris
On Mon, Apr 18, 2011 at 11:23 AM, Christopher Stolte stolte...@gmail.comwrote:
Hello,
I am a Java developer working on a web application that makes use of
the Twitter API. We use the Signpost library (version 1.2.1.1) to
perform OAuth and issue API requests, and have been doing so
successfully for months. We have been signing our requests with a
whitelisted key and secret that has a 20,000 request/hour rate limit.
In the last few days, we started getting only 401 Not Authorized
responses when using these credentials. Upon looking back at our
server logs, I notice other requests failures dating back to at least
Feb 17, but they are sporadic. Error messages look like this:
WARN org.apache.http.impl.client.DefaultHttpClient Authentication
error: Unable to respond to any of these challenges: {oauth=WWW-
Authenticate: OAuth realm=http://api.twitter.com}
The response header shows 401 but no other enlightening information.
I have paid attention to and read lots of other postings related to
OAuth, and want to emphasize that our system has been working for
quite a while - we make calls using the proper end points and so
forth:
http://api.twitter.com/1/users/show.json?user_id=[id]
Something appears to have changed on Twitter's end but we don't know
what.
Can anyone shed some light on what might be happening? We have
already verified with Twitter API support that our credentials should
still be viable - perhaps there has been an inadvertent shutdown of
that account?
Thank you in advance for any help or guidance!
Sincerely,
Chris Stolte
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker:
http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401 unauthorized on blackberry after appending ;interface=wifi
Hi On blackberry with httpConnection, I need to add network transport string such as ;interface=wifi to the url. The problem is, once I added the network transport string, I get 401 unauthorized for status update and GET statuses/user_timeline. If I remove the transport string, then I can POST updates and GET statuses everything runs fine. So it seems the request I'm sending to twitter api is correct. Is there anything special with the transport string that might cause problems? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] (401) Unauthorized
There is an active thread for this issue http://code.google.com/p/twitter-api/issues/detail?id=2118 you're not alone on this one, there are many people suffering from this issue. On Tue, Mar 29, 2011 at 6:26 AM, naresh naresh.d...@gmail.com wrote: Hi We have integrated our web application to use twitter oAuth for publishing the tweet etc. We have integrated the twitter oAuth some months back.It used to work fine, but now all of sudden we have start getting this 401 error.This works fine sometime and sometime it does not work.We are correctly setting the callback url etc, we are dynamically passing the callback url. When we have debugged and uses the callback url as localhost:port then it works fine but on our production servers it does not seems to be working fine? Thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401 unauthorized
Is anyone else experiencing any 401 errors all of a sudden? I was doing some testing this morning and was logging in fine using twitter and then 10 min later I started getting 401 unauthorized errors. Thanks, Trevor -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 unauthorized
Hi Trevor, Could you share the request and response you are sending so we can investigate. Remember to obscure user and consumer secrets. Thanks, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean trevord...@gmail.com wrote: Is anyone else experiencing any 401 errors all of a sudden? I was doing some testing this morning and was logging in fine using twitter and then 10 min later I started getting 401 unauthorized errors. Thanks, Trevor -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401 Unauthorized responses on OAUTH
We're getting a ton of 401 errors when people are trying to OAuth against some of our sites. These sites have been in production for years (and one new one went up yesterday). When we get the error, we get no message in the Response. From the client perspective, it happens when you click the Allow button and Twitter redirects back to us. I've checked all the usual things 1) Server clock is synced correctly to nist time (and the server runs in UTC, so no timezone/DST issues) 2) The servers haven't had any recent patches. 3) Same applications were working fine and haven't been changed (except the new site) 4) We get the same issues no matter what user we're logged into Twitter as. 5) We get the same issues even when running from the Amazon EC2 instance (IP whitelisted) or our QA servers (also IP whitelisted) or from development machines (not whitelisted). 6) Occasionally (1 in 20 or worse) we get a success. 7) Nonce values are NOT being reused and we're (still) using DotNetOAuth for the library to handle that part (no change) 8) Happens on all of these: http://stlindex.com (application under @STLIndex) http://stltweets.com (application under @STLTweets) http://loufesttweets.com (application under @LouFestTweets) http://taste.stltweets.com (application under @STLTweets) Typical failure: REQUEST Headers: (https://twitter.com:443/) Authorization: OAuth oauth_verifier=fRSn84gupR7TFAW5G5ySm4c2LmuvD9x8ZckCHIEA, oauth_token=MfgvKyS4Vgxy8c1kNgw7h3owkpAlzdqG223DTIs8vc, oauth_consumer_key=MliXkE6e4kCJY2U10OH8sQ, oauth_nonce=gkJy165f, oauth_signature_method=HMAC-SHA1, oauth_signature=9tRuLd55El37hJ2fqJs2cJVREaM%3D, oauth_version=1.0, oauth_timestamp=1300464048 User-Agent: DotNetOpenAuth/3.4.5.10201 Host: twitter.com RESPONSE: Status: 401 Unauthorized X-Transaction: 1300464048-3423-38581 X-Runtime: 0.00544 Pragma: no-cache X-Revision: DEV Content-Length: 1 Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Content-Type: text/html; charset=utf-8 Date: Fri, 18 Mar 2011 16:00:48 GMT Expires: Tue, 31 Mar 1981 05:00:00 GMT Last-Modified: Fri, 18 Mar 2011 16:00:48 GMT Set-Cookie: k=208.82.145.5.1300464048881173; path=/; expires=Fri, 25- Mar-11 16:00:48 GMT; domain=.twitter.com,guest_id=13004640478451; path=/; expires=Sun, 17 Apr 2011 16:00:48 GMT, _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPmasskuAToHaWQiJWFkNDcxMzE2Yjg1YmIy %250ANDkzMGFkMWI3YmM5NTZlNDA5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--1c8558a834ffe3d40ae9be1bed2360f83555f5ae; domain=.twitter.com; path=/; HttpOnly Server: hi X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized responses on OAUTH
Ryan's just told me they're currently aware of the issue and looking into it. On 18 Mar 2011, at 19:13, Ninjamonk wrote: I am also getting these problems. They have been on and off all day. The same code works fine and 5 mins later it throws 401's and its been working for 6 months no problem. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] 401: Unauthorized (Python)
I have an application that contains a simple setup using the
oauthtwitter library found here.
http://code.google.com/p/oauth-python-twitter/
#Example code
twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
CONSUMER_SECRET)
request_token = twitter.getRequestToken()
oauth_verifier = request.GET.get('oauth_verifier')
access_token = twitter.getAccessToken(request_token, oauth_verifier)
I'm failing at getting the access token. I have a verifier and am
passing that along, like the example in the oauth lib, however am
continuing to get (all day now) 401s. My system time is set correctly,
as this is in a Django project, and I'm setting it via TIME_ZONE =
'America/Kentucky/Louisville' in my settings.py. Can anyone help?
Thanks,
John
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401: Unauthorized (Python)
Hi John,
What is the does the body of the error response say? The message will tell you
which part of the oauth request failed.
Also be aware that oauth timestamps are in UTC seconds.
Best,
@themattharris
On Feb 4, 2011, at 12:45, john john.g...@gmail.com wrote:
I have an application that contains a simple setup using the
oauthtwitter library found here.
http://code.google.com/p/oauth-python-twitter/
#Example code
twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
CONSUMER_SECRET)
request_token = twitter.getRequestToken()
oauth_verifier = request.GET.get('oauth_verifier')
access_token = twitter.getAccessToken(request_token, oauth_verifier)
I'm failing at getting the access token. I have a verifier and am
passing that along, like the example in the oauth lib, however am
continuing to get (all day now) 401s. My system time is set correctly,
as this is in a Django project, and I'm setting it via TIME_ZONE =
'America/Kentucky/Louisville' in my settings.py. Can anyone help?
Thanks,
John
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor,
In order to test your 1st suggestion do you know if your HTTP
transport method munges any HTTP headers or adds its own HTTP headers
in any way? we created a simple test procedure on our public web
server, to simulate the google end point
https://api.twitter.com/oauth/access_token.
So with our test program pointing to another end point we could
capture the values that googles end point might receive.
The values received by our web service end point (simulator) (along
with other CGI values) are:
HTTP_AUTHORIZATION= OAuth oauth_consumer_key=TY0Js5vMc04HNqmqIkNEnQ,
oauth_nonce=jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF,
oauth_signature=%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288666484,
oauth_version=1.0
REQUEST_METHOD=POST
So I presume this is indicating the post request is not munged/altered
in any way by the Microsoft XMLHTTP OCX when it sends the request
using:
Create Microsoft.XMLHTTP objHTTP .
objHTTP:open(POST,api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
Note: The syntax of the Progress code (above) that uses objHTTP is
very similiar to Visual basic. In fact we used the syntax for
objHTTP:open and setRequestHeader(Authorization that you see above,
in the same way as it is used in the googe examples in
http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
(open this Google example page and view HTML source from lines 32 to
53..)
We are checking the 2nd and 3rd suggestions now... and hope to have
further test results posted in next few hours..
Taylor Singletary wrote:
Hi Martin,
Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to determine
exactly what might be amiss here.
I'm unfamiliar with the programming environment you are using -- do you know
if your HTTP transport method munges any HTTP headers or adds its own HTTP
headers in any way? If you utilize an access token obtained through other
means (such as by the procedure outlined in http://bit.ly/1token ) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?
You mentioned that you successfully recreated the examples at
http://dev.twitter.com/pages/xauth -- acknowledging that those values would
also return a 401 from our API but provide a safe login password you can
share on a public forum, is there any way you can perform an HTTP capture of
the entire request cycle using those static values? This would allow us to
see the entire HTTP request, including headers sent/received, the raw POST
body, etc -- which may yield an obvious answer as to why your implementation
is not working.
Hang in there!
Taylor
On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote:
We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.
The application gets a 401 Unauthorized response when attempting to
get the access token.
Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page
http://dev.twitter.com/pages/xauth
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauth by placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .
Using our consumer and secret keys in the test site
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
and compared the base string and signature results to our program and
again they are exactly the same.
Have checked the time stamp is producing correct time (based on enoch
time) by comparing against against http://unixtimestamp.com/index.php
Passing my consumer_secret with at end into signature generator
(which as I said above seems to be producing correct results because
we used values in http://dev.twitter.com/pages/xauth and it generated
the same oauth_signature value)
Base string:
POSThttps%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_tokenoauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
%26oauth_nonce
%3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
%26x_auth_username%3D
Authorization header parameters:
OAuth oauth_nonce=uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288131701,
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor,
In releatio to the 2nd test, I have used the values from
http://dev.twitter.com/pages/xauth and inserted these into my program
to step through the process.
Base string:
POSThttps%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA
%26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec
Secret key used in generation of signature:
9z6157pUbOBqtbm0A0q4r29Y2EYzIHlUwbF4Cl9c
oauth_signature generated:
1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D
Authorization string sent in Authorization Header
v-params = OAuth
oauth_nonce=6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1284565601,
oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA,
oauth_signature=1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D,
oauth_version=1.0
This is then sent to Twitter via:
Create Microsoft.XMLHTTP objHTTP.
objHTTP:open(POST,'https://api.twitter.com/oauth/access_token',
false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
Questions:
In relation to the Authorization string sent in Authorization Header
which is as follows:
v-params = OAuth
oauth_nonce=6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1284565601,
oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA,
oauth_signature=1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D,
oauth_version=1.0
1. Does the name/value pairs in the string need to be in any
particular order
a) i.e. the name/value pairs must be in decending order for encoding
as a signature, but in the documentation in http://dev.twitter.com/pages/xauth
the name/value pairs sent in Authorization header are in a different
order. I understand they are in decending order for signature, does
the order matter for the Authorization header?
b) Should the authorization header name/value pairs be URL encoded ..?
2. All the documentation sugests that the nonce is a random number and
we borrowed and adapted some code to generate this number each time..
Please confirm that this is correct.
We are now performing another test based on your suggestions and
results of todays investigations/tests and will post results as soon
as complete.
Taylor Singletary wrote:
Hi Martin,
Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to determine
exactly what might be amiss here.
I'm unfamiliar with the programming environment you are using -- do you know
if your HTTP transport method munges any HTTP headers or adds its own HTTP
headers in any way? If you utilize an access token obtained through other
means (such as by the procedure outlined in http://bit.ly/1token ) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?
You mentioned that you successfully recreated the examples at
http://dev.twitter.com/pages/xauth -- acknowledging that those values would
also return a 401 from our API but provide a safe login password you can
share on a public forum, is there any way you can perform an HTTP capture of
the entire request cycle using those static values? This would allow us to
see the entire HTTP request, including headers sent/received, the raw POST
body, etc -- which may yield an obvious answer as to why your implementation
is not working.
Hang in there!
Taylor
On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote:
We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.
The application gets a 401 Unauthorized response when attempting to
get the access token.
Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page
http://dev.twitter.com/pages/xauth
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauth by placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .
Using our consumer and secret keys in the test site
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
and compared the base string and signature results to our program and
again they are exactly the same.
Have checked the time stamp is producing correct time (based on enoch
time) by comparing against against http://unixtimestamp.com/index.php
Passing my consumer_secret with at end into signature generator
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor,
Success, the missing peice of the puzzle was that we needed to send
the post Body, which although it was explained in documentation, we
thought it was there for explanation of how the values are accumulated
for the base string.. seems obvious now, but when your trying to do
this for 1st time, it wasnt obvious then.
So the find part of the send is:
objHTTP:send(x_auth_username=oauth_test_execx_auth_password=twitter-
xauthx_auth_mode=client_auth).
So my last question is, should this be url encoded, because when we
URL encoded (as the doco suggests) it did NOT work.
Martin Hannah wrote:
Hi Taylor,
In order to test your 1st suggestion do you know if your HTTP
transport method munges any HTTP headers or adds its own HTTP headers
in any way? we created a simple test procedure on our public web
server, to simulate the google end point
https://api.twitter.com/oauth/access_token.
So with our test program pointing to another end point we could
capture the values that googles end point might receive.
The values received by our web service end point (simulator) (along
with other CGI values) are:
HTTP_AUTHORIZATION= OAuth oauth_consumer_key=TY0Js5vMc04HNqmqIkNEnQ,
oauth_nonce=jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF,
oauth_signature=%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288666484,
oauth_version=1.0
REQUEST_METHOD=POST
So I presume this is indicating the post request is not munged/altered
in any way by the Microsoft XMLHTTP OCX when it sends the request
using:
Create Microsoft.XMLHTTP objHTTP .
objHTTP:open(POST,api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
Note: The syntax of the Progress code (above) that uses objHTTP is
very similiar to Visual basic. In fact we used the syntax for
objHTTP:open and setRequestHeader(Authorization that you see above,
in the same way as it is used in the googe examples in
http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
(open this Google example page and view HTML source from lines 32 to
53..)
We are checking the 2nd and 3rd suggestions now... and hope to have
further test results posted in next few hours..
Taylor Singletary wrote:
Hi Martin,
Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to determine
exactly what might be amiss here.
I'm unfamiliar with the programming environment you are using -- do you know
if your HTTP transport method munges any HTTP headers or adds its own HTTP
headers in any way? If you utilize an access token obtained through other
means (such as by the procedure outlined in http://bit.ly/1token ) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?
You mentioned that you successfully recreated the examples at
http://dev.twitter.com/pages/xauth -- acknowledging that those values would
also return a 401 from our API but provide a safe login password you can
share on a public forum, is there any way you can perform an HTTP capture of
the entire request cycle using those static values? This would allow us to
see the entire HTTP request, including headers sent/received, the raw POST
body, etc -- which may yield an obvious answer as to why your implementation
is not working.
Hang in there!
Taylor
On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah
mhan...@coresoft.com.auwrote:
We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.
The application gets a 401 Unauthorized response when attempting to
get the access token.
Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page
http://dev.twitter.com/pages/xauth
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauth by placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .
Using our consumer and secret keys in the test site
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
and compared the base string and signature results to our program and
again they are exactly the same.
Have checked the time stamp is producing correct time (based on enoch
time) by comparing against against http://unixtimestamp.com/index.php
Passing my consumer_secret with at end into signature generator
(which as I said above seems to be producing
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor,
Now I have the Access Token and I use the explanations in
http://dev.twitter.com/pages/auth to make a request on users behalf, I
get a response from twitter:
Twitter Response= {errors:[{code:53,message:Basic
authentication is not supported}]}
Status= 401
StatusTxt= Unauthorized
I am using the same procedure just changing the paramaters to follow
the example in http://dev.twitter.com/pages/auth and signing the
request with oauth_consumer_secret + + oauth_token_secret tied to
my access token...
Posting to: http://api.twitter.com/1/statuses/update.json
Authorization header parameters:
OAuth oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ,
oauth_nonce=M2XTcq44gwlMHw9VbP98FQkB7TRSc1iIX0IOiAA500B,
oauth_signature=f6Xz1tSwO8FCvkIJu4mgXYfNvUM%3D,
oauth_signature_method=HMAC-SHA1,
oauth_timestamp=1288703533,
oauth_token=46989789-6NoccKZ1NVN3wdtlRGyhQrUG3b9RcU9Tkn372uIg3,
oauth_version=1.0, status=PostingthroughMicrosoftXMLHTTP
Any suggestions ?
Martin Hannah wrote:
Hi Taylor,
Success, the missing peice of the puzzle was that we needed to send
the post Body, which although it was explained in documentation, we
thought it was there for explanation of how the values are accumulated
for the base string.. seems obvious now, but when your trying to do
this for 1st time, it wasnt obvious then.
So the find part of the send is:
objHTTP:send(x_auth_username=oauth_test_execx_auth_password=twitter-
xauthx_auth_mode=client_auth).
So my last question is, should this be url encoded, because when we
URL encoded (as the doco suggests) it did NOT work.
Martin Hannah wrote:
Hi Taylor,
In order to test your 1st suggestion do you know if your HTTP
transport method munges any HTTP headers or adds its own HTTP headers
in any way? we created a simple test procedure on our public web
server, to simulate the google end point
https://api.twitter.com/oauth/access_token.
So with our test program pointing to another end point we could
capture the values that googles end point might receive.
The values received by our web service end point (simulator) (along
with other CGI values) are:
HTTP_AUTHORIZATION= OAuth oauth_consumer_key=TY0Js5vMc04HNqmqIkNEnQ,
oauth_nonce=jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF,
oauth_signature=%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288666484,
oauth_version=1.0
REQUEST_METHOD=POST
So I presume this is indicating the post request is not munged/altered
in any way by the Microsoft XMLHTTP OCX when it sends the request
using:
Create Microsoft.XMLHTTP objHTTP .
objHTTP:open(POST,api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
Note: The syntax of the Progress code (above) that uses objHTTP is
very similiar to Visual basic. In fact we used the syntax for
objHTTP:open and setRequestHeader(Authorization that you see above,
in the same way as it is used in the googe examples in
http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
(open this Google example page and view HTML source from lines 32 to
53..)
We are checking the 2nd and 3rd suggestions now... and hope to have
further test results posted in next few hours..
Taylor Singletary wrote:
Hi Martin,
Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to determine
exactly what might be amiss here.
I'm unfamiliar with the programming environment you are using -- do you
know
if your HTTP transport method munges any HTTP headers or adds its own HTTP
headers in any way? If you utilize an access token obtained through other
means (such as by the procedure outlined in http://bit.ly/1token ) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?
You mentioned that you successfully recreated the examples at
http://dev.twitter.com/pages/xauth -- acknowledging that those values
would
also return a 401 from our API but provide a safe login password you
can
share on a public forum, is there any way you can perform an HTTP capture
of
the entire request cycle using those static values? This would allow us to
see the entire HTTP request, including headers sent/received, the raw POST
body, etc -- which may yield an obvious answer as to why your
implementation
is not working.
Hang in there!
Taylor
On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah
mhan...@coresoft.com.auwrote:
We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.
The application gets a 401 Unauthorized response when attempting to
get the access
Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Martin,
Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to determine
exactly what might be amiss here.
I'm unfamiliar with the programming environment you are using -- do you know
if your HTTP transport method munges any HTTP headers or adds its own HTTP
headers in any way? If you utilize an access token obtained through other
means (such as by the procedure outlined in http://bit.ly/1token ) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?
You mentioned that you successfully recreated the examples at
http://dev.twitter.com/pages/xauth -- acknowledging that those values would
also return a 401 from our API but provide a safe login password you can
share on a public forum, is there any way you can perform an HTTP capture of
the entire request cycle using those static values? This would allow us to
see the entire HTTP request, including headers sent/received, the raw POST
body, etc -- which may yield an obvious answer as to why your implementation
is not working.
Hang in there!
Taylor
On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah mhan...@coresoft.com.auwrote:
We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.
The application gets a 401 Unauthorized response when attempting to
get the access token.
Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page
http://dev.twitter.com/pages/xauth
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauth by placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .
Using our consumer and secret keys in the test site
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
and compared the base string and signature results to our program and
again they are exactly the same.
Have checked the time stamp is producing correct time (based on enoch
time) by comparing against against http://unixtimestamp.com/index.php
Passing my consumer_secret with at end into signature generator
(which as I said above seems to be producing correct results because
we used values in http://dev.twitter.com/pages/xauth and it generated
the same oauth_signature value)
Base string:
POSThttps%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_tokenoauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
%26oauth_nonce
%3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
%26x_auth_username%3D
Authorization header parameters:
OAuth oauth_nonce=uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288131701,
oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ,
oauth_signature=VQYSXdvrEtlvugqUpTXbCjYTNa0%3D, oauth_version=1.0
Twitter response:
Status= 401
StatusTxt= Unauthorized
Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1288128121-92836-33309
Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
X-Runtime: 0.00473
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
%252BorASIKZmxhc2hJQzonQWN0aW9uQ29u
%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl
%250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw--
f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
Connection: close
The actual Send procedure is: (tried procedure using both both blank
and valid p-username and p-password)
define var objHTTP as com-handle.
Create Microsoft.XMLHTTP objHTTP .
objHTTP:open(POST,api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
v-response = 'Response= ' + objHTTP:responseText + chr(10)
+ 'Status= '+ objHTTP:status + chr(10)
+ 'StatusTxt= ' + objHTTP:statusText + chr(10)
+ 'Headers= ' + objHTTP:getAllResponseHeaders() +
chr(10) .
I have emailed api.twitter.com and asked for them to check that I have
xAuth enabled and they responded:
I can confirm that your application, client ID xxx, has xAuth
access and I just refreshed its permissions and consumer keys for good
measure. If you still get 401 errors when trying to use xAuth
[twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.
The application gets a 401 Unauthorized response when attempting to
get the access token.
Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page
http://dev.twitter.com/pages/xauth
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauth by placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .
Using our consumer and secret keys in the test site
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
and compared the base string and signature results to our program and
again they are exactly the same.
Have checked the time stamp is producing correct time (based on enoch
time) by comparing against against http://unixtimestamp.com/index.php
Passing my consumer_secret with at end into signature generator
(which as I said above seems to be producing correct results because
we used values in http://dev.twitter.com/pages/xauth and it generated
the same oauth_signature value)
Base string:
POSThttps%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_tokenoauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
%26oauth_nonce
%3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
%26x_auth_username%3D
Authorization header parameters:
OAuth oauth_nonce=uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288131701,
oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ,
oauth_signature=VQYSXdvrEtlvugqUpTXbCjYTNa0%3D, oauth_version=1.0
Twitter response:
Status= 401
StatusTxt= Unauthorized
Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1288128121-92836-33309
Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
X-Runtime: 0.00473
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
%252BorASIKZmxhc2hJQzonQWN0aW9uQ29u
%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl
%250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw--
f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
Connection: close
The actual Send procedure is: (tried procedure using both both blank
and valid p-username and p-password)
define var objHTTP as com-handle.
Create Microsoft.XMLHTTP objHTTP .
objHTTP:open(POST,api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
v-response = 'Response= ' + objHTTP:responseText + chr(10)
+ 'Status= '+ objHTTP:status + chr(10)
+ 'StatusTxt= ' + objHTTP:statusText + chr(10)
+ 'Headers= ' + objHTTP:getAllResponseHeaders() +
chr(10) .
I have emailed api.twitter.com and asked for them to check that I have
xAuth enabled and they responded:
I can confirm that your application, client ID xxx, has xAuth
access and I just refreshed its permissions and consumer keys for good
measure. If you still get 401 errors when trying to use xAuth with
these new keys, please post about it in our Developer Talk Group:
http://groups.google.com/group/twitter-development-talk . Our
developer advocates have been tracking some issues like these and will
be happy to help you out there, as well as use any information you
provide to debug any possible related issues on our side. I apologize
for the inconvenience.
I am stumped, and my team has been on this for 3 weeks
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
[twitter-dev] (401) Unauthorized
I am getting an error executing the same code that has been working fine until today. I am getting an error when attempting to get access token, the error is Invalid / expired Token. I'm not sure what changed from yesterday to today, any idea? I am running this code locally so the callback is http://127.0.0.1/.../..., not sure if that is causing the issue. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] (401) Unauthorized
Like the error says: your token is invalid or has expired. Make sure that you are using the correct ones. Tom On 10/5/10 1:20 PM, Trevor Dean wrote: I am getting an error executing the same code that has been working fine until today. I am getting an error when attempting to get access token, the error is Invalid / expired Token. I'm not sure what changed from yesterday to today, any idea? I am running this code locally so the callback is http://127.0.0.1/.../..., not sure if that is causing the issue. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] (401) Unauthorized
This code hasn't changed and was working yesterday and has been working for many months. This error is happening right after the user has allowed the application permission and is returning back to my application with tokens. There is no chance for these tokens to expire so I don't think that this is the issue On Tue, Oct 5, 2010 at 7:24 AM, Tom van der Woerdt i...@tvdw.eu wrote: Like the error says: your token is invalid or has expired. Make sure that you are using the correct ones. Tom On 10/5/10 1:20 PM, Trevor Dean wrote: I am getting an error executing the same code that has been working fine until today. I am getting an error when attempting to get access token, the error is Invalid / expired Token. I'm not sure what changed from yesterday to today, any idea? I am running this code locally so the callback is http://127.0.0.1/.../.. http://127.0.0.1/., not sure if that is causing the issue. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Unauthorized on status update
Please show your Base String. A lot of issues are related to the Base String. Also, to answer your question: yes, you need to combine both secrets. consumersecretusersecret = your signing key. Tom On 9/12/10 12:09 AM, DK wrote: I keep getting this when I try to update status. I am using xAuth and am able to successfully get access token. MY request: POST /1/statuses/update.xml HTTP/1.1 Accept: */* Referer: file:///Applications/Install/8B95EF94-D747-4976-B877-9C0D6F69C000/Install/ Content-Length: 140 Accept-Encoding: identity Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=7fa7df55-dff0-498d- a412-31f311a58aa2, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1284241920, oauth_consumer_key=xx, oauth_token=185630219-3cz8iKUYxazA9RQyXMSl0WIZK76lJTYlrJ7LZUeR, oauth_signature=5F19ANULI0fYZVVCicdbcSTiF2g%3D, oauth_version=1.0 User-Agent: @sebagomez shelltwit Host: api.twitter.com Connection: Keep-Alive Cache-Control: no-cache status=Nothing%20is%20to%20come%2C%20and%20nothing%20past%3A%20But%20an %20eternal%20now%2C%20does%20always%20last.%20%0A-%20Abraham%20Cowley the response i get is: HTTP/1.1 401 Unauthorized Date: Sat, 11 Sep 2010 21:52:54 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm=Twitter API Content-Type: application/xml; charset=utf-8 Content-Length: 135 Cache-Control: no-cache, max-age=1800 Set-Cookie: k=173.79.181.196.1284241973942054; path=/; expires=Sat, 18- Sep-10 21:52:53 GMT; domain=.twitter.com Set-Cookie: guest_id=128424197394768797; path=/; expires=Mon, 11 Oct 2010 21:52:53 GMT Set-Cookie: original_referer=fBxhJyK4Ko2le28vCjFdUuU0TPqFAtRdqYyfC0jPsNARZDQUgPOC8mBAw3pSUcn9KGWZLCcqP3zbWjCZVfqsrV8qgcG0M3IvAN %2FeDqwRZDs%3D; path=/ Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMhiyQIrAToHaWQiJTA0NTkyNDA5YWI5ZWRm %250ANmEyYTIzZmVlMmI2MGQyODhlIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--048b4c682393f66d9e63abd364abb048db4022cf; domain=.twitter.com; path=/ Expires: Sat, 11 Sep 2010 22:22:53 GMT Vary: Accept-Encoding Connection: close ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash I am urlencoding the params. Do I need to also include the consumer secret in the signature? Any help is really appreciated as I have spend 2 full days with this :- ( -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] 401 unauthorized error
Hi~ I'm developing the twitter application with Android. For posting twitpic data, I use Oauth echo, but I'v got 401 error. Could not authentication you. (header rejected by twitter) Oauth header POST /2/upload.xml HTTP 1.1 x-auth-service-provider: https://api.twitter.com/1/account/verify_credentials.xml x-verify-credentials-authorization: Oauth realm=http:// api.twitter.com, oauth_consumer_key=a, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1212, oauth_nonce=123123, oauth_version=1.0, oauth_token=user_oauth_token . What is the problem? I have spent for a week. --;
[twitter-dev] 401 Unauthorized with oauth gem
Did anything change in the API (couldn't find anything in the API changelog) that would make all new users who are associating their Twitter acounts to my app get a 401 on status update? All accounts up to a few days ago are still working, newer ones get 401 using absolutely the same codebase and the oauth gem (Ruby) version 0.3.6. Kinda hard to debug. Cheers, -Fabio. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] 401 Unauthorized
Hi everyone, I am developing an application using Twitter API and I have encountered into a strange behavior connected with 401 error. I am using basic auth. When I run my application locally, it works just fine and I never get any 401 errors. However, when I run my application on another environment, I get 401 error in approximately 80% cases. I am completely sure that the credentials are correct. What makes this situation even more weird is that I am working with several accounts, and most of them work fine in both environments. I am experiencing problems only with one account. All accounts I work with are whitelisted, so rate limit should not be an issue here. I have no idea what may cause this behavior. Could you please explain me the possible reasons I am getting 401? Thanks, Uladzimir
[twitter-dev] 401 - Unauthorized error when diacritics in status
I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
I believe it has been fixed in some libraries in other programming languages, but I can't figure out how to do it in .Net. Ryan On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan aralbal...@gmail.com wrote: Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
this would be news to me - if you have a way to replicate this, and you are confident its not your oauth libraries, then please let me know. On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford ryanalford...@gmail.comwrote: I believe it has been fixed in some libraries in other programming languages, but I can't figure out how to do it in .Net. Ryan On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan aralbal...@gmail.comwrote: Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] 401 - Unauthorized error when diacritics in status
I think it is the way that .Net handles encoding of the diacritics. I don't think it's a Twitter api issue. I was hoping that another .Net developer had run into this issue and had fixed it. Ryan On Tue, Feb 23, 2010 at 2:07 PM, Raffi Krikorian ra...@twitter.com wrote: this would be news to me - if you have a way to replicate this, and you are confident its not your oauth libraries, then please let me know. On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford ryanalford...@gmail.comwrote: I believe it has been fixed in some libraries in other programming languages, but I can't figure out how to do it in .Net. Ryan On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan aralbal...@gmail.comwrote: Ooh, if this is the case then it will definitely stop me from using oAuth for Feathers (http://feathersapp.com) since diacritics are an essential part of Unicode art. Very interested in hearing what you find out. All the best, Aral On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo ryanalford...@gmail.comwrote: I am getting an error message when posting accent marks and other diacritics in a status update. I saw that there was an issue [1] posted in April of last year about this problem. It seems to be with the signature generation for OAuth with the encoding of accent marks. I am using .Net(C#), and I can't figure out how to fix this. Do I use a different encoding? Anybody have any ideas on how to fix this in .Net? [1] - http://code.google.com/p/twitter-api/issues/detail?id=433 Ryan -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] 401 unauthorized
My website uses twitter for authentication, For the past 24 hours the OAuth sign in is continuously returning 401 , i am not able to figure out what to do? Has some one faced similar problems? My site has been down for 24 hours now because of this. please help me out here.
[twitter-dev] 401 Unauthorized
I having this error for a while and is happening only on my machine, I
deploy the same project in another similar VM and it worked, so I am
starting to think that there might be something related to my
environment that is causing the 401 Unauthorized issue. I have a Mac
with OS 10.5.6 and a VM running on Paralles, the VM is Fedora Core
running ruby 1.8.6 (2007-06-07 patchlevel 36) [i386-linux], i am using
twitter (0.7.5) and oauth (0.3.6) and when I run this code:
oauth = Twitter::OAuth.new('consumer_key', 'consumer_secret')
atokens = oauth.request_token(:oauth_callback = callback)
I always get a 401 Unauthorized, apparently a couples of weeks ago
there was a general issue with twitter API and was getting the same
error
from a completely different environment (PC) but now the general issue
seems to be solved my PC is able to run the code but my VM still
giving me the 401, any clue on how could I do further tests?
BTW: I have already ask on the Twitter gem Google Group, waiting for
answer. Just wanted to see if you could give me a clue
Thanks,
[twitter-dev] 401 Unauthorized -- user_timeline -- using Numeric ID
I have been running into a recurring problem that I have been facing for the past couple of days, on numerous machines. I am extracting 200 tweets for a large number of users, using the numeric user ID (user_id). After a small number of requests (between 10 and 50) I receive nothing but This method requires authentication. Authenticating with my username and password does not make the message go away. I have verified that the users I am trying to pull are not protected users. I have also verified that I am not hitting the rate limit. On my latest attempt, I used an IP I have not used in the past. I was able to extract the first 200 tweets for *12* users, then I started receiving 401s (This method requires authentication) on every single request of this type. After about 10 minutes, I tried again and it worked for about another 15 users, then I started getting the same message as well as other messages including 502. Is this behavior expected? Does this 401 message possibly mean something else?
[twitter-dev] 401 Unauthorized with good access token (or seemingly good)
I am using python-auth, and oauth twitter to do backend authentication via twitter sign in. It works as designed. I am able to get an access_token and then use that to get the user info. I am having trouble when it comes to trying to post a status update using the oauth. I have pasted an example to illustrate my problem at http://pastebin.com/m50ed2c7e . You can see where I fail. Also at the bottom of that is pasted the encoded post data that I am sending to do the status update. Also, pasted below. encoded_post_data='status=Testoauth_nonce=43777168oauth_timestamp=1255665189oauth_consumer_key=MY_CONSUMER_KEYoauth_signature_method=HMAC- SHA1oauth_version=1.0oauth_token=SAME_AS_TOKEN.KEYoauth_signature=SIGNATURE_REMOVED' I don't expect anyone to be familiar with the libraries I am using but it is odd I can sign in properly but can't do much beyond that. I'd ideally like to chat with someone at twitter so I can send my Consumer info and the access_key in question to see if they can check things on their end and tell me what I am doing wrong. Thanks. Dan
[twitter-dev] 401 Unauthorized error while posting status with Unicode characters (non english characters)
I am getting 401 Unauthorized exception when updating status with non english characters using my app. This exception is happening for any Japanese or Korean characters. Another interesting thing is that it is possible to post some other non english characters like Malayalam. The exception will not happen for single word in these cases, but occurs for multiple words. For example consider the following example ØáÇÞµæù çµdw - does not work ØáÇÞµæùçµdw - with space removed works. Base signature for ØáÇÞµæù çµdw which throws exception is POSThttp%3A%2F%2Ftwitter.com%2Fstatuses %2Fupdate.jsonoauth_consumer_key% 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce %3D4504682%26oauth_signature_method% 3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396- 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version %3D1.0%26status% 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw and for ØáÇÞµæùçµdw which works is POSThttp%3A%2F%2Ftwitter.com%2Fstatuses %2Fupdate.jsonoauth_consumer_key% 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce %3D9388868%26oauth_signature_method% 3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396- 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version %3D1.0%26status% 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw OAuth client library I am using is in .Net Could you please help to solve this issue? Also I would like to know you support all unicode characters. Your help is greatly appreciated. Thanks, Satheesh Natesan
[twitter-dev] 401 Unauthorized...
Is Twitter still blocking posts to the API from non-white listed apps? Since the DDOS attack we can't seem to send any posts through the API using oAuth. Nothing in our code has changed but all was working prior to the attack. Is anyone out there havine any success sending messages with oauth (non-whitelisted app)??? Can someone/anyone please comment, I need to get our app working but considering our code has not changed I don't want to spend a lot of time chasing something down that is not my fault and out of my control. PLEASE HELP
[twitter-dev] 401 Unauthorized
Are anyone experiencing 401 Unauthorized errors? Everything worked fine before yesterday. Now we are getting 401 Unauthorized on both basic authorization and OAuth on 80% of the calls. Other 20% works fine. What's happening?
[twitter-dev] 401 Unauthorized When Getting an Access Token
I am using ASP .NET (VB) to try and authenticate using oAuth. I have been able to get a request token and direct a user to Twitter's authentication page. Twitter then redirects back to my app. At that point I attempt to get an access token, but I continue to receive 401 unauthorized errors. I have made sure that I am getting a new signature, using both the token and token secret when generating the signature, and that my url parameters are in alphabetical order, but I continue to get 401 errors. Has anyone experienced this, and if so, could you point me in the right direction toward diagnosing this issue? -Matt
[twitter-dev] 401: Unauthorized application or token on friendship/exists
I'm fairly sure I'm getting a proper token. Using the page http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html I get the same signature as in my failing url. GET looks like: http://twitter.com/friendship/exists.json? oauth_consumer_key=Rg4VBVUvAoThpl78duF3Rg oauth_nonce=375494971125145587 oauth_signature=xWCdscsa6I4GJphDIQAnsDmjyhM%3D oauth_signature_method=HMAC-SHA1 oauth_timestamp=1240933535 oauth_token=765803-e2mAy2wkQy4wRI9LQC73cZwbiwmmJ7mZJh04MZiWk oauth_version=1.0 user_a=tayknight user_b=wxtweet I must be missing something obvious. Other GETs work. I can provide secrets to TwitterAPI folks if they want to help debug. Thanks.
[twitter-dev] 401 unauthorized
My previous post is waiting to be moderated since I'm a newbie I think, but I was wrong. I thought it was a get vs. post issue, but it seems to be that my code works very intermittently. The error is always a 401 unauthorized in getting the access token from the request token. but once in a while it works fine. I'm using the Ruby tutorial from the wiki pretty much verbatim for now. To get it to work initially I had to add the authorize url to the oauth::consumer new call (rather than use the defaults) but that may have just been the intermittent nature. I'd like to debug this myself but I can't see where the authorize would ever return a 401 since I just got the request token (I can see where the previous step would return unauthorized if the user denied or some error occurred there). Anywhere I can look for hints? Could it be something about the fact I have rtied and failed a few times? I don't think I could have hit any reasonable limit. Ken
[twitter-dev] 401 Unauthorized on OAuth calls?
Hi everyone, since about half an hour ago I seem to be getting 401 Unauthorized responses to my OAuth-ed API calls. Is that a known problem? Regards, Dominik
