subject:"\[twitter\-dev\] Re\: OAuth problem\: can authenticate, but cant fetch timelines."

[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.

2010-05-21 Thread Miguel de Icaza

Hello Taylor, Dana,

Thanks to both of you for the reply, after this change, my twitter
client is working with OAuth.

 It might be good to update the oauth guide on the twitter site
with this information, I tried for a few hours before I gave up and
posted here, and it might save others the pain.

Miguel.

On May 21, 1:16 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Miguel,

 Your signature base string is off by just a little bit here -- you're
 globbing the query parameter count on to the original URL when it should
 be separated out.. the query string part of the URL should be represented
 only as key/value pairs, sorted with the other OAuth parameters. Your
 sorting here is correct, it's just that you're including the encoded ?
 mark here. Had this been a parameter that would have started with a p, for
 example, you'd have that parameter following the oauth_* parameters.

 Here's an example of a signature base string with this encoded correctly
 (though using different keys):

 GEThttp%3A%2F%2Fapi.twitter.com
 %2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3Dri8 
 JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DcafnvEsPqnuVgXbqDqaw1X2SFvTSd9wYjpF5ZtH 
 ruFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274462075%26 
 oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_vers 
 ion%3D1.0

 Hope this helps!

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod

 On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
 miguel.de.ic...@gmail.comwrote:



  Hello folks,

     I have my client speaking OAuth to twitter for the entire initial
  dance up to getting my access token.

     But once I try using the access token to call:
 http://api.twitter.com/1/statuses/mentions.json?count=200

     All I get from twitter is a 401 with the following body:

  {request:/1/statuses/mentions.json?count=200,error:Incorrect
  signature}

     I followed the steps described here:http://dev.twitter.com/pages/
  auth and just assumed that since there is no content, the value for
  computing the signature is not needed.

  GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
  %3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
  %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
  SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
  %26oauth_version%3D1.0

  My composite signature is made of my consumer secret (from the twitter
  app page) and the oauth_token_secret returned by the acquire access
  token process

  This is what ends up in the HTTP traffic, when I  append the
  oauth_signature:
  GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
  authorization: OAuth

  oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_ 
  method=HMAC-
  SHA1,oauth_timestamp=1274461098,oauth_token=823083-
  ***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
  %3D
  Connection: keep-alive
  Host: api.twitter.com

  Any ideas on what I am doing wrong?

[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.

2010-05-21 Thread Miguel de Icaza

Hello,

 I was able to make progress for my original sample (?count=200)
but I am running into a different problem when I pass more than one
parameter, in this case count=200since_id=NNN

 I did sort the parameters as suggested by Dana from the query
string, here is my result:

GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D
%26oauth_nonce%3D2gpt5qj733gpnj68%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274476231%26oauth_token%3D
%26oauth_version%3D1.0%26since_id%3D14452646144

As you can see count is the first component and since_id has been
tucked at the end.

This is the HTTP request that is sent:

GET /1/statuses/home_timeline.json?count=200since_id=14452646144 HTTP/
1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=2gpt5qj733gpnj68,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274476231,oauth_token=,oauth_version=1.0,oauth_signature=HaWDhfKcUNBJocecm7wyYcS8VFE
%3D
Host: api.twitter.com

Miguel

[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.

2010-05-21 Thread Miguel de Icaza

Hello,

I figured this out, it was my fault, the bug was not really the
extra parameters, but an early optimization on the reuse of the SHA1
code.

Miguel.

On May 21, 5:19 pm, Miguel de Icaza miguel.de.ic...@gmail.com wrote:
 Hello,

      I was able to make progress for my original sample (?count=200)
 but I am running into a different problem when I pass more than one
 parameter, in this case count=200since_id=NNN

      I did sort the parameters as suggested by Dana from the query
 string, here is my result:

 GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
 %2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D
 %26oauth_nonce%3D2gpt5qj733gpnj68%26oauth_signature_method%3DHMAC-
 SHA1%26oauth_timestamp%3D1274476231%26oauth_token%3D
 %26oauth_version%3D1.0%26since_id%3D14452646144

 As you can see count is the first component and since_id has been
 tucked at the end.

     This is the HTTP request that is sent:

 GET /1/statuses/home_timeline.json?count=200since_id=14452646144 HTTP/
 1.1
 authorization: OAuth
 oauth_consumer_key=**,oauth_nonce=2gpt5qj733gpnj68,oauth_signature_ 
 method=HMAC-
 SHA1,oauth_timestamp=1274476231,oauth_token=,oauth_version=1. 
 0,oauth_signature=HaWDhfKcUNBJocecm7wyYcS8VFE
 %3D
 Host: api.twitter.com

 Miguel

[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.

[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.

[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.

3 matches

Site Navigation

Mail list logo

Footer information