[twitter-dev] Re: 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
We now have oAuth/xAuth working for Progress open edge and have the
basic Twitter status and command functions operational as they were
before. You can find sample source and Progress open edge twitter
libraries we are working on now at
http://www.coresoft.com.au/coreforum/index.php?PHPSESSID=87aaa10a26a77fb99837fe711ecbaaa5;topic=38.msg43
On Nov 2, 11:22 pm, Martin Hannah mhan...@coresoft.com.au wrote:
Hi Taylor,
Now I have the Access Token and I use the explanations
inhttp://dev.twitter.com/pages/authto make a request on users behalf, I
get a response from twitter:
Twitter Response= {errors:[{code:53,message:Basic
authentication is not supported}]}
Status= 401
StatusTxt= Unauthorized
I am using the same procedure just changing the paramaters to follow
the example inhttp://dev.twitter.com/pages/authand signing the
request with oauth_consumer_secret + + oauth_token_secret tied to
my access token...
Posting to:http://api.twitter.com/1/statuses/update.json
Authorization header parameters:
OAuth oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ,
oauth_nonce=M2XTcq44gwlMHw9VbP98FQkB7TRSc1iIX0IOiAA500B,
oauth_signature=f6Xz1tSwO8FCvkIJu4mgXYfNvUM%3D,
oauth_signature_method=HMAC-SHA1,
oauth_timestamp=1288703533,
oauth_token=46989789-6NoccKZ1NVN3wdtlRGyhQrUG3b9RcU9Tkn372uIg3,
oauth_version=1.0, status=PostingthroughMicrosoftXMLHTTP
Any suggestions ?
Martin
Hannahbegin_of_the_skype_highlighting end_of_the_skype_highlightingwrote:
Hi Taylor,
Success, the missing peice of the puzzle was that we needed to send
the post Body, which although it was explained in documentation, we
thought it was there for explanation of how the values are accumulated
for the base string.. seems obvious now, but when your trying to do
this for 1st time, it wasnt obvious then.
So the find part of the send is:
objHTTP:send(x_auth_username=oauth_test_execx_auth_password=twitter-
xauthx_auth_mode=client_auth).
So my last question is, should this be url encoded, because when we
URL encoded (as the doco suggests) it did NOT work.
Martin
Hannahbegin_of_the_skype_highlighting end_of_the_skype_highlightingwrote:
Hi Taylor,
In order to test your 1st suggestion do you know if your HTTP
transport method munges any HTTP headers or adds its own HTTP headers
in any way? we created a simple test procedure on our public web
server, to simulate the google end
pointhttps://api.twitter.com/oauth/access_token.
So with our test program pointing to another end point we could
capture the values that googles end point might receive.
The values received by our web service end point (simulator) (along
with other CGI values) are:
HTTP_AUTHORIZATION= OAuth oauth_consumer_key=TY0Js5vMc04HNqmqIkNEnQ,
oauth_nonce=jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF,
oauth_signature=%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288666484,
oauth_version=1.0
REQUEST_METHOD=POST
So I presume this is indicating the post request is not munged/altered
in any way by the Microsoft XMLHTTP OCX when it sends the request
using:
Create Microsoft.XMLHTTP objHTTP .
objHTTP:open(POST,api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
Note: The syntax of the Progress code (above) that uses objHTTP is
very similiar to Visual basic. In fact we used the syntax for
objHTTP:open and setRequestHeader(Authorization that you see above,
in the same way as it is used in the googe examples in
http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
(open this Google example page and view HTML source from lines 32 to
53..)
We are checking the 2nd and 3rd suggestions now... and hope to have
further test results posted in next few hours..
Taylor Singletary wrote:
Hi Martin,
Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to
determine
exactly what might be amiss here.
I'm unfamiliar with the programming environment you are using -- do you
know
if your HTTP transport method munges any HTTP headers or adds its own
HTTP
headers in any way? If you utilize an access token obtained through
other
means (such as by the procedure outlined inhttp://bit.ly/1token) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?
You mentioned that you successfully recreated the examples at
http://dev.twitter.com/pages/xauth-- acknowledging that those values
would
also return a 401 from our API but provide a safe login password
you can
share on a public forum, is there any way you can perform an HTTP
capture of
the entire request cycle using
[twitter-dev] Re: 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token
Hi Taylor: For your interest (In case someone else asks):
We now have oAuth/xAuth working for Progress open edge and have the
basic Twitter status and command functions operational as they were
before. There is sample source and Progress open edge twitter
libraries we are working on now at
http://www.coresoft.com.au/coreforum/index.php?topic=38.0
On Nov 2, 9:40 am, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi Martin,
Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to determine
exactly what might be amiss here.
I'm unfamiliar with the programming environment you are using -- do you know
if your HTTP transport method munges any HTTP headers or adds its own HTTP
headers in any way? If you utilize an access token obtained through other
means (such as by the procedure outlined inhttp://bit.ly/1token) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?
You mentioned that you successfully recreated the examples
athttp://dev.twitter.com/pages/xauth-- acknowledging that those values would
also return a 401 from our API but provide a safe login password you can
share on a public forum, is there any way you can perform an HTTP capture of
the entire request cycle using those static values? This would allow us to
see the entire HTTP request, including headers sent/received, the raw POST
body, etc -- which may yield an obvious answer as to why your implementation
is not working.
Hang in there!
Taylor
On Tue, Oct 26, 2010 at 3:20 PM, Martin
Hannahbegin_of_the_skype_highlighting end_of_the_skype_highlightingmhan...@coresoft.com.auwrote:
We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.
The application gets a 401 Unauthorized response when attempting to
get the access token.
Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page
http://dev.twitter.com/pages/xauth
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauthdoco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauthby placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .
Using our consumer and secret keys in the test site
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
and compared the base string and signature results to our program and
again they are exactly the same.
Have checked the time stamp is producing correct time (based on enoch
time) by comparing against againsthttp://unixtimestamp.com/index.php
Passing my consumer_secret with at end into signature generator
(which as I said above seems to be producing correct results because
we used values inhttp://dev.twitter.com/pages/xauthand it generated
the same oauth_signature value)
Base string:
POSThttps%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_tokenoauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
%26oauth_nonce
%3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
%26x_auth_username%3D
Authorization header parameters:
OAuth oauth_nonce=uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288131701,
oauth_consumer_key=1q0ZoaBf3fKFP1hSmhVNQ,
oauth_signature=VQYSXdvrEtlvugqUpTXbCjYTNa0%3D, oauth_version=1.0
Twitter response:
Status= 401
StatusTxt= Unauthorized
Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1288128121-92836-33309
Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
X-Runtime: 0.00473
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
%252BorASIKZmxhc2hJQzonQWN0aW9uQ29u
%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl
%250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw--
f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
Connection: close
The actual Send procedure is: (tried procedure using both both blank
and valid p-username and p-password)
define var objHTTP as com-handle.
Create Microsoft.XMLHTTP objHTTP .
objHTTP:open(POST,api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader(Content-Type,application/x-www-form-
urlencoded).
objHTTP:send().
v-response =
