[twitter-dev] Problems with oauth request_token
Hello gentlemans, I'm working on a client twitter that uses HTTP proxy in Java. I struggling with the OAuth request_token that returns me HTTP 401 Unauthorized. Consumer key=3P1dah6urSdAo9voKDJDA Consumer secret=kMYprvWb0UQ0L8oAin2dQJArUQfMcjuVSjOjyHzTv8E -- I already added the in the end of it twitterURL=[https://api.twitter.com/oauth/request_token] authorizationData=[OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=901dc12600ac1cdbc082d57d4aef7bfc, oauth_signature_method=HMAC-SHA1, oaut h_timestamp=1276235403668, oauth_version=1.0, oauth_signature=5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D] basedata=[POSThttps%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] And it returns the error: errorStream=[Failed to validate oauth signature and token] In order to check what I'm sending, I create a HttpListener and redirected the api.twitter.com to localhost:8000 and here is the header. Any suggestion is very welcome. POST /oauth/request_token HTTP/1.1 Authorization: OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=2c449ca3c5a8637a8a9152d896c6d8bd, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276236145594, oauth_version=1.0, oauth_signature=y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D User-Agent: Java/1.6.0_20 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 266 POSThttp%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau th_version%3D1.0. Best regards, Leo Meirelles
Re: [twitter-dev] Problems with oauth request_token
First Leonardo, If that's your real consumer secret, you're going to want to go and regenerate your API keys *ASAP*. Looking at what you've sent along, it looks like you're pretty close to getting this right. Your timestamp is verbose as far as the OAuth standard is concerned -- it should be in seconds and not in milliseconds. Also ensure that your server time is in sync with Twitter's: we return our current server time in a header on every response. I notice you have your signature base string at the end of the email: is this being sent as a POST body or is it just in your email? It shouldn't be sent, if so. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles pite...@gmail.com wrote: Hello gentlemans, I'm working on a client twitter that uses HTTP proxy in Java. I struggling with the OAuth request_token that returns me HTTP 401 Unauthorized. Consumer key=3P1dah6urSdAo9voKDJDA twitterURL=[https://api.twitter.com/oauth/request_token] authorizationData=[OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=901dc12600ac1cdbc082d57d4aef7bfc, oauth_signature_method=HMAC-SHA1, oaut h_timestamp=1276235403668, oauth_version=1.0, oauth_signature=5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D] basedata=[POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] And it returns the error: errorStream=[Failed to validate oauth signature and token] In order to check what I'm sending, I create a HttpListener and redirected the api.twitter.com to localhost:8000 and here is the header. Any suggestion is very welcome. POST /oauth/request_token HTTP/1.1 Authorization: OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=2c449ca3c5a8637a8a9152d896c6d8bd, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276236145594, oauth_version=1.0, oauth_signature=y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D User-Agent: Java/1.6.0_20 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 266 POSThttp%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau th_version%3D1.0. Best regards, Leo Meirelles
Re: [twitter-dev] Problems with oauth request_token
Yes, I will generate a new pair of keys (I was aware of it when I put it on the email), thanks for the reminder. So far I'm the only real user. You help is really appreciate, I did two mistakes (well pointed out - in case someone else fall in the same problem): timestamp in millis instead of seconds and POST body (I was really send the post data). Thanks a lot Taylor! On Fri, Jun 11, 2010 at 10:19 AM, Taylor Singletary taylorsinglet...@twitter.com wrote: First Leonardo, If that's your real consumer secret, you're going to want to go and regenerate your API keys *ASAP*. Looking at what you've sent along, it looks like you're pretty close to getting this right. Your timestamp is verbose as far as the OAuth standard is concerned -- it should be in seconds and not in milliseconds. Also ensure that your server time is in sync with Twitter's: we return our current server time in a header on every response. I notice you have your signature base string at the end of the email: is this being sent as a POST body or is it just in your email? It shouldn't be sent, if so. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles pite...@gmail.com wrote: Hello gentlemans, I'm working on a client twitter that uses HTTP proxy in Java. I struggling with the OAuth request_token that returns me HTTP 401 Unauthorized. Consumer key=3P1dah6urSdAo9voKDJDA twitterURL=[https://api.twitter.com/oauth/request_token] authorizationData=[OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=901dc12600ac1cdbc082d57d4aef7bfc, oauth_signature_method=HMAC-SHA1, oaut h_timestamp=1276235403668, oauth_version=1.0, oauth_signature=5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D] basedata=[POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] And it returns the error: errorStream=[Failed to validate oauth signature and token] In order to check what I'm sending, I create a HttpListener and redirected the api.twitter.com to localhost:8000 and here is the header. Any suggestion is very welcome. POST /oauth/request_token HTTP/1.1 Authorization: OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=2c449ca3c5a8637a8a9152d896c6d8bd, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276236145594, oauth_version=1.0, oauth_signature=y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D User-Agent: Java/1.6.0_20 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 266 POSThttp%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau th_version%3D1.0. Best regards, Leo Meirelles -- Do you know the difference between look something amazing and touch it? Think about Jennifer Aniston... (K.V.)