[twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
Hi Miguel,
Your signature base string is off by just a little bit here -- you're
globbing the query parameter count on to the original URL when it should
be separated out.. the query string part of the URL should be represented
only as key/value pairs, sorted with the other OAuth parameters. Your
sorting here is correct, it's just that you're including the encoded ?
mark here. Had this been a parameter that would have started with a p, for
example, you'd have that parameter following the oauth_* parameters.
Here's an example of a signature base string with this encoded correctly
(though using different keys):
GEThttp%3A%2F%2Fapi.twitter.com
%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DcafnvEsPqnuVgXbqDqaw1X2SFvTSd9wYjpF5ZtHruFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274462075%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0
Hope this helps!
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.comwrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
When you're constructing your signature base string, don't include the
query parameters in the URL. The query parameters do need to be
included in the next part of the signature base string though. Here's
what the base string in your example should look like:
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0
%3Fcount%3D200 has been removed, and count%3D200%26 has been
inserted after the second ampersand.
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.com wrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
--
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
...and I see Taylor beat me to it. ;)
On Fri, May 21, 2010 at 10:34 AM, Dana Contreras d...@twitter.com wrote:
When you're constructing your signature base string, don't include the
query parameters in the URL. The query parameters do need to be
included in the next part of the signature base string though. Here's
what the base string in your example should look like:
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0
%3Fcount%3D200 has been removed, and count%3D200%26 has been
inserted after the second ampersand.
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.com wrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
--
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger
--
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger
