[twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
Hello folks, I have my client speaking OAuth to twitter for the entire initial dance up to getting my access token. But once I try using the access token to call: http://api.twitter.com/1/statuses/mentions.json?count=200 All I get from twitter is a 401 with the following body: {request:/1/statuses/mentions.json?count=200,error:Incorrect signature} I followed the steps described here:http://dev.twitter.com/pages/ auth and just assumed that since there is no content, the value for computing the signature is not needed. GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json %3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D** %26oauth_version%3D1.0 My composite signature is made of my consumer secret (from the twitter app page) and the oauth_token_secret returned by the acquire access token process This is what ends up in the HTTP traffic, when I append the oauth_signature: GET /1/statuses/home_timeline.json?count=200 HTTP/1.1 authorization: OAuth oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1274461098,oauth_token=823083- ***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI %3D Connection: keep-alive Host: api.twitter.com Any ideas on what I am doing wrong?
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
Hi Miguel, Your signature base string is off by just a little bit here -- you're globbing the query parameter count on to the original URL when it should be separated out.. the query string part of the URL should be represented only as key/value pairs, sorted with the other OAuth parameters. Your sorting here is correct, it's just that you're including the encoded ? mark here. Had this been a parameter that would have started with a p, for example, you'd have that parameter following the oauth_* parameters. Here's an example of a signature base string with this encoded correctly (though using different keys): GEThttp%3A%2F%2Fapi.twitter.com %2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DcafnvEsPqnuVgXbqDqaw1X2SFvTSd9wYjpF5ZtHruFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274462075%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0 Hope this helps! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza miguel.de.ic...@gmail.comwrote: Hello folks, I have my client speaking OAuth to twitter for the entire initial dance up to getting my access token. But once I try using the access token to call: http://api.twitter.com/1/statuses/mentions.json?count=200 All I get from twitter is a 401 with the following body: {request:/1/statuses/mentions.json?count=200,error:Incorrect signature} I followed the steps described here:http://dev.twitter.com/pages/ auth and just assumed that since there is no content, the value for computing the signature is not needed. GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json %3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D** %26oauth_version%3D1.0 My composite signature is made of my consumer secret (from the twitter app page) and the oauth_token_secret returned by the acquire access token process This is what ends up in the HTTP traffic, when I append the oauth_signature: GET /1/statuses/home_timeline.json?count=200 HTTP/1.1 authorization: OAuth oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1274461098,oauth_token=823083- ***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI %3D Connection: keep-alive Host: api.twitter.com Any ideas on what I am doing wrong?
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
When you're constructing your signature base string, don't include the query parameters in the URL. The query parameters do need to be included in the next part of the signature base string though. Here's what the base string in your example should look like: GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0 %3Fcount%3D200 has been removed, and count%3D200%26 has been inserted after the second ampersand. On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza miguel.de.ic...@gmail.com wrote: Hello folks, I have my client speaking OAuth to twitter for the entire initial dance up to getting my access token. But once I try using the access token to call: http://api.twitter.com/1/statuses/mentions.json?count=200 All I get from twitter is a 401 with the following body: {request:/1/statuses/mentions.json?count=200,error:Incorrect signature} I followed the steps described here:http://dev.twitter.com/pages/ auth and just assumed that since there is no content, the value for computing the signature is not needed. GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json %3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D** %26oauth_version%3D1.0 My composite signature is made of my consumer secret (from the twitter app page) and the oauth_token_secret returned by the acquire access token process This is what ends up in the HTTP traffic, when I append the oauth_signature: GET /1/statuses/home_timeline.json?count=200 HTTP/1.1 authorization: OAuth oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1274461098,oauth_token=823083- ***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI %3D Connection: keep-alive Host: api.twitter.com Any ideas on what I am doing wrong? -- Dana Contreras Twitter Platform Team http://twitter.com/DanaDanger
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
...and I see Taylor beat me to it. ;) On Fri, May 21, 2010 at 10:34 AM, Dana Contreras d...@twitter.com wrote: When you're constructing your signature base string, don't include the query parameters in the URL. The query parameters do need to be included in the next part of the signature base string though. Here's what the base string in your example should look like: GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0 %3Fcount%3D200 has been removed, and count%3D200%26 has been inserted after the second ampersand. On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza miguel.de.ic...@gmail.com wrote: Hello folks, I have my client speaking OAuth to twitter for the entire initial dance up to getting my access token. But once I try using the access token to call: http://api.twitter.com/1/statuses/mentions.json?count=200 All I get from twitter is a 401 with the following body: {request:/1/statuses/mentions.json?count=200,error:Incorrect signature} I followed the steps described here:http://dev.twitter.com/pages/ auth and just assumed that since there is no content, the value for computing the signature is not needed. GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json %3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D** %26oauth_version%3D1.0 My composite signature is made of my consumer secret (from the twitter app page) and the oauth_token_secret returned by the acquire access token process This is what ends up in the HTTP traffic, when I append the oauth_signature: GET /1/statuses/home_timeline.json?count=200 HTTP/1.1 authorization: OAuth oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1274461098,oauth_token=823083- ***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI %3D Connection: keep-alive Host: api.twitter.com Any ideas on what I am doing wrong? -- Dana Contreras Twitter Platform Team http://twitter.com/DanaDanger -- Dana Contreras Twitter Platform Team http://twitter.com/DanaDanger