[twitter-dev] Re: Randomly failing OAuth procedure
Hi Taylor, after doing some more detailed logging, i managed to figure out the problem. First I do the encoding of the post body, then the signature is being build and attached to the post body. I just forgot to encode the signature string, too, after attaching it to the post body. So everytime when the signature strings contained a slash or an equal sign, like base64 tends to produce, the oauth failed. Besides the encoding of the status texts was wrong. Just as I saw in Abraham's Twitter PHP library I decoded %7E back to ~ in the final string and oauth is happy. Otherwise, if the string contains a plain ~ it fails, still wondering why... Thanks again for the support and sunny greetings from Hamburg Germany, Felix. On 14 Jun., 18:03, Felix Oldenburg oldenburg.fe...@googlemail.com wrote: Hi Taylor, thanks for many hints on tracking down the problem. I don't use any libraries, neither for Twitter, nor for oauth. I'm doing all by my self, thus printing out some debugging messages is fairly easy. As I'm able to do a status update some times successfully, I was sure to do everything correctly. Of cource, I inspected every detail, like the assembling of the base string and its signing. I followedhttp://dev.twitter.com/pages/authand I get the same results for the base string and the final signature string, when I use the same input as in the example. Even using special characters(space, exclamation mark, and so on..) in the text of the tweet is possible, as I already tweeted some cryptic posts - containing different special chars - to my wall. So I pressume my url encoding and signing process should be correct. https://api.twitter.com/oauth/request_tokenandhttps://api.twitter.com/oauth/access_token are the paths I use for acquiring the request and access token. The system clock of my Macbook is fine, I think, but I'll check that out on detail. Maybe I should recheck my timestamp and oauth_nonce generation code, because I don't check if a timestamp, or oauth_nonce is being used twice. Though I can't imagine what could go wrong, when simply using a unix timestamp. (Oh.. is it seconds or miliseconds ruby returns when using Time.now.to_i, I'd better check that out oO!!!) I'll check the timestamp thing and if that's not the problem, I'll post some detailed debug report tomorrow. Many thanks for your inspiring reply, Felix! On 14 Jun., 17:10, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Felix, Are you using a specific OAuth library for the OAuth portion? I would recommend adding a bit of logging around the OAuth token negotiation process.. find out the signature base string, the exact URL you're executing, and the Authorization header you're sending. Log the response code and body of the response when it fails. With the main OAuth ruby gem that's out there, some of these details are hard to come by because the values are hidden in private methods (PSA to OAuth library developers: don't do this), so you may need to monkey patch the OAuth gem here and there to debug the values. What you're mainly looking for is a specific pattern to your failed requests for a request token -- is some value not being sent correctly? Do you have some kind of problem where in certain conditions a variable you've set like your consumer key gets unset somehow? Is your system clock reliable? Is the library you're using to generate HMAC-SHA1 signatures doing the right thing? Are you using the right kind of URL encoding? Are you accidentally sending double parameters for something? Verify that you're usinghttps://api.twitter.com/oauth/asthe base path for the OAuth negotiation steps. While there have been failures in the past in exchanging a request token for an access token due to some lag, we're not aware of anything specifically wrong with the process for fetching the request token. @episod http://twitter.com/intent/user?screen_name=episod - Taylor Singletary On Tue, Jun 14, 2011 at 7:25 AM, Felix Oldenburg oldenburg.fe...@googlemail.com wrote: Hi twitter developing community, I'm using ruby( on rails) to do the oauth dance manually and finally call /1/statuses/update.json to update the status of an authorized user. Every single step during the oauth procedure is confirmed to be working. Actually I already tweeted some messages successfully. But for no obvious reason(to me), oauth sometimes fails at the very beginning while acquiring a request token. Then it just sais: Failed to validate oauth signature and token. Then I retry it several times until it (suddenly) works. The next step, i.e. exchanging the request token for an access token, works perfectly every time. But when it comes to the actual status update(i.e. calling the /1/ statuses/update.json endpoint) it sometimes fails, too, saying Failed to validate oauth signature and token. Again I just retry a few times
[twitter-dev] Re: Randomly failing OAuth procedure
Hi Taylor, thanks for many hints on tracking down the problem. I don't use any libraries, neither for Twitter, nor for oauth. I'm doing all by my self, thus printing out some debugging messages is fairly easy. As I'm able to do a status update some times successfully, I was sure to do everything correctly. Of cource, I inspected every detail, like the assembling of the base string and its signing. I followed http://dev.twitter.com/pages/auth and I get the same results for the base string and the final signature string, when I use the same input as in the example. Even using special characters(space, exclamation mark, and so on..) in the text of the tweet is possible, as I already tweeted some cryptic posts - containing different special chars - to my wall. So I pressume my url encoding and signing process should be correct. https://api.twitter.com/oauth/request_token and https://api.twitter.com/oauth/access_token are the paths I use for acquiring the request and access token. The system clock of my Macbook is fine, I think, but I'll check that out on detail. Maybe I should recheck my timestamp and oauth_nonce generation code, because I don't check if a timestamp, or oauth_nonce is being used twice. Though I can't imagine what could go wrong, when simply using a unix timestamp. (Oh.. is it seconds or miliseconds ruby returns when using Time.now.to_i, I'd better check that out oO!!!) I'll check the timestamp thing and if that's not the problem, I'll post some detailed debug report tomorrow. Many thanks for your inspiring reply, Felix! On 14 Jun., 17:10, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Felix, Are you using a specific OAuth library for the OAuth portion? I would recommend adding a bit of logging around the OAuth token negotiation process.. find out the signature base string, the exact URL you're executing, and the Authorization header you're sending. Log the response code and body of the response when it fails. With the main OAuth ruby gem that's out there, some of these details are hard to come by because the values are hidden in private methods (PSA to OAuth library developers: don't do this), so you may need to monkey patch the OAuth gem here and there to debug the values. What you're mainly looking for is a specific pattern to your failed requests for a request token -- is some value not being sent correctly? Do you have some kind of problem where in certain conditions a variable you've set like your consumer key gets unset somehow? Is your system clock reliable? Is the library you're using to generate HMAC-SHA1 signatures doing the right thing? Are you using the right kind of URL encoding? Are you accidentally sending double parameters for something? Verify that you're usinghttps://api.twitter.com/oauth/as the base path for the OAuth negotiation steps. While there have been failures in the past in exchanging a request token for an access token due to some lag, we're not aware of anything specifically wrong with the process for fetching the request token. @episod http://twitter.com/intent/user?screen_name=episod - Taylor Singletary On Tue, Jun 14, 2011 at 7:25 AM, Felix Oldenburg oldenburg.fe...@googlemail.com wrote: Hi twitter developing community, I'm using ruby( on rails) to do the oauth dance manually and finally call /1/statuses/update.json to update the status of an authorized user. Every single step during the oauth procedure is confirmed to be working. Actually I already tweeted some messages successfully. But for no obvious reason(to me), oauth sometimes fails at the very beginning while acquiring a request token. Then it just sais: Failed to validate oauth signature and token. Then I retry it several times until it (suddenly) works. The next step, i.e. exchanging the request token for an access token, works perfectly every time. But when it comes to the actual status update(i.e. calling the /1/ statuses/update.json endpoint) it sometimes fails, too, saying Failed to validate oauth signature and token. Again I just retry a few times and all of a sudden it works. I don't change the code during this testing sessions, nor do i change the text I want to be tweetet. It just doesn't work sometimes. I can't reproduce this unwanted behavior. Did Somebody have the same issue? Suggestions are also appreciated. Kind regards, Felix. -- Twitter developer documentation and resources:https://dev.twitter.com/doc API updates via Twitter:https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your
