Re: [twitter-dev] Re: Streaming API OAuth explanation?
This likely wasn't due to adding the source parameter. It was more likely but due to a bug I had in the streaming OAuth implementation. Java's URLEncoder converts spaes to '+' instead of '%20'. This got fixed yesterday. ---Mark http://twitter.com/mccv On Mon, Jun 28, 2010 at 5:08 PM, Matt Harris thematthar...@twitter.com wrote: Wil, Fantastic. So glad you got it working, and thanks for sharing the solution which worked for you. Matt On Mon, Jun 28, 2010 at 10:10 AM, Wil willi...@gmail.com wrote: Hi Taylor, Finally! It now works. TweetSharp includes the source parameter by default on all requests (I think). Thus, I overrode the TwitterClientInfo just for that request and cleared out the ClientName field. Now it works! I guess on your side, the code filters out unknown parameters before doing the signature verification thing huh? Thanks a lot for helping! (though TweetSharp has another problem of dropping off the stream connection prematurely... that's another topic to discuss after I do more poking) Regards, Wil On Jun 29, 12:49 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Wil, Did some more tests. Why are you passing source in this context? I don't recall this being an operator for the Streaming API. If you're passing it as some kind of analogue to a source parameter you'd pass in basic auth on tweet creation, it's unnecessary here unless there's some other use for it that I'm unaware of. Without the source parameter, I'm able to make this call work. Taylor On Mon, Jun 28, 2010 at 9:40 AM, Wil willi...@gmail.com wrote: Hi again, I made a real request this time because in the previous one, I couldn't control the nonce and timestamp generation directly so I copy- pasted the code it used and modified it a bit. This is the real generated data which has a non-mock nonce and timestamp. Timestamp: 1277742686 Nonce: ufywbndxv0qevuh0 Base String: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DTwitterConsumerKey%26oauth_nonce %3Dufywbndxv0qevuh0%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1277742686%26oauth_token%3DTwitterAccessToken %26oauth_version%3D1.0%26source%3DWildfire%2520by%2520Implication Signature: YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D Packet Capture: - Http: Request, POST /1/statuses/filter.json , Using OAuth Authorization Command: POST + URI: /1/statuses/filter.json ProtocolVersion: HTTP/1.1 - Authorization: OAuth + Authorization: OAuth oauth_consumer_key=TwitterConsumerKey,oauth_token=TwitterAccessToken,oa uth_nonce=ufywbndxv0qevuh0,oauth_timestamp=1277742686,oauth_signature_m ethod=HMAC- SHA1,oauth_signature=YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D,oauth_version=1.0, + ContentType: application/x-www-form-urlencoded Host: stream.twitter.com ContentLength: 51 - Http: HTTP Payload, URL: /1/statuses/filter.json - payload: HttpContentType = application/x-www-form-urlencoded source: Wildfire%20by%20Implication follow: 156934710 It still looks correct though... Regards, Wil On Jun 29, 12:21 am, Wil willi...@gmail.com wrote: Hi, I got exactly the same values: Base string: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DTwitterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1277739588%26oauth_token %3DTwitterAccessToken%26oauth_version%3D1.0%26source%3DWildfire%2520by %2520Implication Signature (escaped): rYGiA6H2UXog0nYOzTeUKwJSssM%3D Authorization Header: oauth_consumer_key=TwitterConsumerKey,oauth_token=TwitterAccessToken,oa uth_nonce=abcdefgh,oauth_timestamp=1277739588,oauth_signature_method=H MAC- SHA1,oauth_signature=rYGiA6H2UXog0nYOzTeUKwJSssM %3D,oauth_version=1.0 Post content: source=Wildfire%20by%20Implicationfollow=156934710 On Jun 28, 11:45 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Let's start from a common point. By using the same inputs, we can try and meet in the middle with exactly the same signature, signature base string, and authorization header. Using the following values: Consumer Key: TwitterConsumerKey Consumer Secret: TwitterConsumerSecret Access Token: TwitterAccessToken Access Token Secret: TwitterAccessTokenScret OAuth Nonce: abcdefgh OAuth Timestamp: 1277739588 URL:http://stream.twitter.com/1/statuses/filter.json POST Body: follow=156934710source=Wildfire%20by%20Implication Assuming these exact values, the following should be the result: POST body: follow=156934710source=Wildfire%20by%20Implication Signature Base String:
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Wil: Can you retrieve the signature base string (again, from your current work) from your library when attempting the call that returns 401? There must be something minor going amiss there with this parameter for some reason. Thanks, Taylor On Sat, Jun 26, 2010 at 12:08 PM, John Kalucki j...@twitter.com wrote: An invalid delimited parameter is ignored, and won't cause a 401. On Sat, Jun 26, 2010 at 2:04 AM, Wil willi...@gmail.com wrote: Hi, @John: I removed the delimited=1 parameter and it still gave me 401's. @Taylor: I checked my system clock and does not differ from the server time by more than 5 minutes. The code works with the following which I've used: 1) OAuth authentication methods 2) statuses/user_timeline 3) 1/favorites/create (3) is a bit wierd since TweetSharp sends favorite requests in this form: http://api.twitter.com/1/favorites/create/##.json and the POST body contains this: source=Wildfire%20by%20Implication Yet it still works. I haven't tried other things in TweetSharp that does POST though. I thought that it was probably the read/write permissions that's causing the problem because I initially set the App as read-only (I changed it to write-access when I implemented the favorite). I then recreated the client information with readwrite access. So I guess permissions weren't the problem. I did some packet sniffing to be extra sure that it's sending the data as POST... and I got this: (using Microsoft NetMon 3.3) - Http: Request, POST /1/statuses/filter.json , Using OAuth Authorization Command: POST + URI: /1/statuses/filter.json ProtocolVersion: HTTP/1.1 - Authorization: OAuth - Authorization: OAuth oauth_consumer_key=##,oauth_token=34216267- BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo,oauth_nonce=d8qtvqz2sefipbsu,oauth_timestamp=1277542341,oauth_signature_method=HMAC- SHA1,oauth_signature=PeKBoS3uYgL9p7oJ%2 WhiteSpace: AuthorizationData: OAuth oauth_consumer_key=###,oauth_token=34216267- BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo,oauth_nonce=d8qtvqz2sefipbsu,oauth_timestamp=1277542341,oauth_signature_method=HMAC- SHA1,oauth_signature=PeKBoS3uYgL9p7o + ContentType: application/x-www-form-urlencoded Host: stream.twitter.com ContentLength: 51 Connection: Keep-Alive HeaderEnd: CRLF The next frame was the HTTP payload - Http: HTTP Payload, URL: /1/statuses/filter.json - payload: HttpContentType = application/x-www-form-urlencoded source: softwarename follow: ### On Jun 26, 5:50 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Wil, Does your OAuth code work against other aspects of the Twitter API? Can you verify if your system's clock is within 5 minutes or so of the times returned by our system? (You can see the current server time in an HTTP header of any of our responses). Are you sure that your code is actually POSTing the POST body along with the request? Seems like you are really close. On Fri, Jun 25, 2010 at 10:10 AM, Wil willi...@gmail.com wrote: Hi John, Uhh, care to elaborate? I don't quite get what you meant... Thanks, Wil On Jun 24, 11:17 pm, John Kalucki j...@twitter.com wrote: Aside from the oAuth issue, which others can address, the only valid delimited value is length. -John On Thu, Jun 24, 2010 at 7:58 AM, Wil willi...@gmail.com wrote: I'm getting this response: HTTP/1.1 401 Unauthorized Content-Length: 1296 Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html; charset=iso-8859-1 Server: Jetty(6.1.17) WWW-Authenticate: Basic realm=Firehose html head meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1/ titleError 401 UNAUTHORIZED/title /head body h2HTTP ERROR: 401/h2 pProblem accessing /1/statuses/filter.json. Reason: preUNAUTHORIZED/pre/p hr /ismallPowered by Jetty:///small/i Here's what I POSTed(oauth tokens are filtered out): REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json Authorization: OAuth oauth_consumer_key=#,oauth_token=,oauth_nonce=#,oauth _timestamp=#,oauth_signature_method=HMAC- SHA1,oauth_signature=,oauth_version=1.0, Content-Type: application/x-www-form-urlencoded Vary: Accept-Encoding Connection: close source=softwarenamedelimited=1follow=156934710 On Jun 23, 1:33 am, John Kalucki j...@twitter.com wrote: OAuthshould work fine onstream.twitter.com -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Jun 22, 2010 at 10:00 AM, Wil willi...@gmail.com wrote: I'm a bit dumbfounded here... I've been trying to login tostream.twitter.com usingOAuth (particularly, I've been trying to access
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Great! Let me know if you still need assistance. Taylor On Mon, Jun 28, 2010 at 8:10 AM, Wil willi...@gmail.com wrote: The thing wasn't including the POST parameters in the signing! I think I got it! On Jun 28, 10:54 pm, Wil willi...@gmail.com wrote: Ah wait, I ran a couple more tests just to be sure and the signatures match the sent sniffed one guess I missed something previously... Base: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce%3Deodjuo8ystdcyl3f %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1277736634%26oauth_token%3D156934710- J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source %3DWildfire%2520by%2520Implication Signature: nt%2F5itdHGoVr8gRloaBOakSmUbM%3D Sent: oauth_consumer_key=rHYIlqotmSfiGc6OfFtw oauth_token=156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E oauth_nonce=eodjuo8ystdcyl3f oauth_timestamp=1277736634 oauth_signature_method=HMAC-SHA1 oauth_signature=nt%2F5itdHGoVr8gRloaBOakSmUbM%3D oauth_version=1.0 On Jun 28, 10:35 pm, Wil willi...@gmail.com wrote: Hi Taylor, Ok. Here's the entire thing: Generated base string: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce %3Dmvzi5szav5dciif4%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1277735188%26oauth_token%3D156934710- J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source %3DWildfire%2520by%2520Implication calculated signature: %2FgqbnKcwmnpFMGnqNUK3kr6waI0%3D Sniffed authorization header: oauth_consumer_key=rHYIlqotmSfiGc6OfFtw oauth_token=156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E oauth_nonce=6qzbdouhrz40dqs4 oauth_timestamp=1277735291 oauth_signature_method=HMAC-SHA1 oauth_signature=2yRkYN7j8YpS0%2FgrFSNKnoCrk7Y%3D oauth_version=1.0 You're right, something seems to be wrong with the signature. I'll continue to investigate this Regards, Wil On Jun 28, 10:23 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Wil: Can you retrieve the signature base string (again, from your current work) from your library when attempting the call that returns 401? There must be something minor going amiss there with this parameter for some reason. Thanks, Taylor On Sat, Jun 26, 2010 at 12:08 PM, John Kalucki j...@twitter.com wrote: An invalid delimited parameter is ignored, and won't cause a 401. On Sat, Jun 26, 2010 at 2:04 AM, Wil willi...@gmail.com wrote: Hi, @John: I removed the delimited=1 parameter and it still gave me 401's. @Taylor: I checked my system clock and does not differ from the server time by more than 5 minutes. The code works with the following which I've used: 1)OAuthauthentication methods 2) statuses/user_timeline 3) 1/favorites/create (3) is a bit wierd since TweetSharp sends favorite requests in this form: http://api.twitter.com/1/favorites/create/##.json and the POST body contains this: source=Wildfire%20by%20Implication Yet it still works. I haven't tried other things in TweetSharp that does POST though. I thought that it was probably the read/write permissions that's causing the problem because I initially set the App as read-only (I changed it to write-access when I implemented the favorite). I then recreated the client information with readwrite access. So I guess permissions weren't the problem. I did some packet sniffing to be extra sure that it's sending the data as POST... and I got this: (using Microsoft NetMon 3.3) - Http: Request, POST /1/statuses/filter.json , UsingOAuth Authorization Command: POST + URI: /1/statuses/filter.json ProtocolVersion: HTTP/1.1 - Authorization:OAuth - Authorization: OAuth oauth_consumer_key=##,oauth_token=34216267- BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo,oauth_nonce=d8qtvqz2sefipbsu,o auth_timestamp=1277542341,oauth_signature_method=HMAC- SHA1,oauth_signature=PeKBoS3uYgL9p7oJ%2 WhiteSpace: AuthorizationData:OAuth oauth_consumer_key=###,oauth_token=34216267- BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo,oauth_nonce=d8qtvqz2sefipbsu,o auth_timestamp=1277542341,oauth_signature_method=HMAC- SHA1,oauth_signature=PeKBoS3uYgL9p7o + ContentType: application/x-www-form-urlencoded Host: stream.twitter.com ContentLength: 51 Connection: Keep-Alive HeaderEnd: CRLF The next frame was the HTTP payload - Http: HTTP Payload, URL: /1/statuses/filter.json - payload: HttpContentType = application/x-www-form-urlencoded source:
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Let's start from a common point. By using the same inputs, we can try and meet in the middle with exactly the same signature, signature base string, and authorization header. Using the following values: Consumer Key: TwitterConsumerKey Consumer Secret: TwitterConsumerSecret Access Token: TwitterAccessToken Access Token Secret: TwitterAccessTokenScret OAuth Nonce: abcdefgh OAuth Timestamp: 1277739588 URL: http://stream.twitter.com/1/statuses/filter.json POST Body: follow=156934710source=Wildfire%20by%20Implication Assuming these exact values, the following should be the result: POST body: follow=156934710source=Wildfire%20by%20Implication Signature Base String: POSThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key%3DTwitterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1277739588%26oauth_token%3DTwitterAccessToken%26oauth_version%3D1.0%26source%3DWildfire%2520by%2520Implication Signing Secret TwitterConsumerSecretTwitterAccessTokenSecret Signature rYGiA6H2UXog0nYOzTeUKwJSssM= Authorization Header OAuth oauth_nonce=abcdefgh, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1277739588, oauth_consumer_key=TwitterConsumerKey, oauth_token=TwitterAccessToken, oauth_signature=rYGiA6H2UXog0nYOzTeUKwJSssM%3D, oauth_version=1.0 Using these values do you get the same signature and other values? Taylor On Mon, Jun 28, 2010 at 8:21 AM, Wil willi...@gmail.com wrote: Oh wait, it does include them I just missed it. So much for premature celebration... On Jun 28, 11:10 pm, Wil willi...@gmail.com wrote: The thing wasn't including the POST parameters in the signing! I think I got it! On Jun 28, 10:54 pm, Wil willi...@gmail.com wrote: Ah wait, I ran a couple more tests just to be sure and the signatures match the sent sniffed one guess I missed something previously... Base: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce%3Deodjuo8ystdcyl3f %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1277736634%26oauth_token%3D156934710- J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source %3DWildfire%2520by%2520Implication Signature: nt%2F5itdHGoVr8gRloaBOakSmUbM%3D Sent: oauth_consumer_key=rHYIlqotmSfiGc6OfFtw oauth_token=156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E oauth_nonce=eodjuo8ystdcyl3f oauth_timestamp=1277736634 oauth_signature_method=HMAC-SHA1 oauth_signature=nt%2F5itdHGoVr8gRloaBOakSmUbM%3D oauth_version=1.0 On Jun 28, 10:35 pm, Wil willi...@gmail.com wrote: Hi Taylor, Ok. Here's the entire thing: Generated base string: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce %3Dmvzi5szav5dciif4%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1277735188%26oauth_token%3D156934710- J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source %3DWildfire%2520by%2520Implication calculated signature: %2FgqbnKcwmnpFMGnqNUK3kr6waI0%3D Sniffed authorization header: oauth_consumer_key=rHYIlqotmSfiGc6OfFtw oauth_token=156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E oauth_nonce=6qzbdouhrz40dqs4 oauth_timestamp=1277735291 oauth_signature_method=HMAC-SHA1 oauth_signature=2yRkYN7j8YpS0%2FgrFSNKnoCrk7Y%3D oauth_version=1.0 You're right, something seems to be wrong with the signature. I'll continue to investigate this Regards, Wil On Jun 28, 10:23 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Wil: Can you retrieve the signature base string (again, from your current work) from your library when attempting the call that returns 401? There must be something minor going amiss there with this parameter for some reason. Thanks, Taylor On Sat, Jun 26, 2010 at 12:08 PM, John Kalucki j...@twitter.com wrote: An invalid delimited parameter is ignored, and won't cause a 401. On Sat, Jun 26, 2010 at 2:04 AM, Wil willi...@gmail.com wrote: Hi, @John: I removed the delimited=1 parameter and it still gave me 401's. @Taylor: I checked my system clock and does not differ from the server time by more than 5 minutes. The code works with the following which I've used: 1)OAuthauthentication methods 2) statuses/user_timeline 3) 1/favorites/create (3) is a bit wierd since TweetSharp sends favorite requests in this form: http://api.twitter.com/1/favorites/create/##.json and the POST body contains this: source=Wildfire%20by%20Implication Yet it still works. I haven't tried other things in TweetSharp that does POST though. I
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Hi Wil, Did some more tests. Why are you passing source in this context? I don't recall this being an operator for the Streaming API. If you're passing it as some kind of analogue to a source parameter you'd pass in basic auth on tweet creation, it's unnecessary here unless there's some other use for it that I'm unaware of. Without the source parameter, I'm able to make this call work. Taylor On Mon, Jun 28, 2010 at 9:40 AM, Wil willi...@gmail.com wrote: Hi again, I made a real request this time because in the previous one, I couldn't control the nonce and timestamp generation directly so I copy- pasted the code it used and modified it a bit. This is the real generated data which has a non-mock nonce and timestamp. Timestamp: 1277742686 Nonce: ufywbndxv0qevuh0 Base String: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DTwitterConsumerKey%26oauth_nonce %3Dufywbndxv0qevuh0%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1277742686%26oauth_token%3DTwitterAccessToken %26oauth_version%3D1.0%26source%3DWildfire%2520by%2520Implication Signature: YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D Packet Capture: - Http: Request, POST /1/statuses/filter.json , Using OAuth Authorization Command: POST + URI: /1/statuses/filter.json ProtocolVersion: HTTP/1.1 - Authorization: OAuth + Authorization: OAuth oauth_consumer_key=TwitterConsumerKey,oauth_token=TwitterAccessToken,oauth_nonce=ufywbndxv0qevuh0,oauth_timestamp=1277742686,oauth_signature_method=HMAC- SHA1,oauth_signature=YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D,oauth_version=1.0, + ContentType: application/x-www-form-urlencoded Host: stream.twitter.com ContentLength: 51 - Http: HTTP Payload, URL: /1/statuses/filter.json - payload: HttpContentType = application/x-www-form-urlencoded source: Wildfire%20by%20Implication follow: 156934710 It still looks correct though... Regards, Wil On Jun 29, 12:21 am, Wil willi...@gmail.com wrote: Hi, I got exactly the same values: Base string: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DTwitterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1277739588%26oauth_token %3DTwitterAccessToken%26oauth_version%3D1.0%26source%3DWildfire%2520by %2520Implication Signature (escaped): rYGiA6H2UXog0nYOzTeUKwJSssM%3D Authorization Header: oauth_consumer_key=TwitterConsumerKey,oauth_token=TwitterAccessToken,oa uth_nonce=abcdefgh,oauth_timestamp=1277739588,oauth_signature_method=H MAC- SHA1,oauth_signature=rYGiA6H2UXog0nYOzTeUKwJSssM %3D,oauth_version=1.0 Post content: source=Wildfire%20by%20Implicationfollow=156934710 On Jun 28, 11:45 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Let's start from a common point. By using the same inputs, we can try and meet in the middle with exactly the same signature, signature base string, and authorization header. Using the following values: Consumer Key: TwitterConsumerKey Consumer Secret: TwitterConsumerSecret Access Token: TwitterAccessToken Access Token Secret: TwitterAccessTokenScret OAuth Nonce: abcdefgh OAuth Timestamp: 1277739588 URL:http://stream.twitter.com/1/statuses/filter.json POST Body: follow=156934710source=Wildfire%20by%20Implication Assuming these exact values, the following should be the result: POST body: follow=156934710source=Wildfire%20by%20Implication Signature Base String: POSThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key%3DTwi tterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method%3DHMAC-SH A1%26oauth_timestamp%3D1277739588%26oauth_token%3DTwitterAccessToken%26oaut h_version%3D1.0%26source%3DWildfire%2520by%2520Implication Signing Secret TwitterConsumerSecretTwitterAccessTokenSecret Signature rYGiA6H2UXog0nYOzTeUKwJSssM= Authorization Header OAuth oauth_nonce=abcdefgh, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1277739588, oauth_consumer_key=TwitterConsumerKey, oauth_token=TwitterAccessToken, oauth_signature=rYGiA6H2UXog0nYOzTeUKwJSssM%3D, oauth_version=1.0 Using these values do you get the same signature and other values? Taylor On Mon, Jun 28, 2010 at 8:21 AM, Wil willi...@gmail.com wrote: Oh wait, it does include them I just missed it. So much for premature celebration... On Jun 28, 11:10 pm, Wil willi...@gmail.com wrote: The thing wasn't including the POST parameters in the signing! I think I got it! On Jun 28, 10:54 pm, Wil willi...@gmail.com wrote: Ah wait, I ran a couple more tests just to be sure and the signatures match the sent sniffed one guess I missed something previously... Base:
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Wil, Fantastic. So glad you got it working, and thanks for sharing the solution which worked for you. Matt On Mon, Jun 28, 2010 at 10:10 AM, Wil willi...@gmail.com wrote: Hi Taylor, Finally! It now works. TweetSharp includes the source parameter by default on all requests (I think). Thus, I overrode the TwitterClientInfo just for that request and cleared out the ClientName field. Now it works! I guess on your side, the code filters out unknown parameters before doing the signature verification thing huh? Thanks a lot for helping! (though TweetSharp has another problem of dropping off the stream connection prematurely... that's another topic to discuss after I do more poking) Regards, Wil On Jun 29, 12:49 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Wil, Did some more tests. Why are you passing source in this context? I don't recall this being an operator for the Streaming API. If you're passing it as some kind of analogue to a source parameter you'd pass in basic auth on tweet creation, it's unnecessary here unless there's some other use for it that I'm unaware of. Without the source parameter, I'm able to make this call work. Taylor On Mon, Jun 28, 2010 at 9:40 AM, Wil willi...@gmail.com wrote: Hi again, I made a real request this time because in the previous one, I couldn't control the nonce and timestamp generation directly so I copy- pasted the code it used and modified it a bit. This is the real generated data which has a non-mock nonce and timestamp. Timestamp: 1277742686 Nonce: ufywbndxv0qevuh0 Base String: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DTwitterConsumerKey%26oauth_nonce %3Dufywbndxv0qevuh0%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1277742686%26oauth_token%3DTwitterAccessToken %26oauth_version%3D1.0%26source%3DWildfire%2520by%2520Implication Signature: YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D Packet Capture: - Http: Request, POST /1/statuses/filter.json , Using OAuth Authorization Command: POST + URI: /1/statuses/filter.json ProtocolVersion: HTTP/1.1 - Authorization: OAuth + Authorization: OAuth oauth_consumer_key=TwitterConsumerKey,oauth_token=TwitterAccessToken,oa uth_nonce=ufywbndxv0qevuh0,oauth_timestamp=1277742686,oauth_signature_m ethod=HMAC- SHA1,oauth_signature=YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D,oauth_version=1.0, + ContentType: application/x-www-form-urlencoded Host: stream.twitter.com ContentLength: 51 - Http: HTTP Payload, URL: /1/statuses/filter.json - payload: HttpContentType = application/x-www-form-urlencoded source: Wildfire%20by%20Implication follow: 156934710 It still looks correct though... Regards, Wil On Jun 29, 12:21 am, Wil willi...@gmail.com wrote: Hi, I got exactly the same values: Base string: POSThttp%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key %3DTwitterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1277739588%26oauth_token %3DTwitterAccessToken%26oauth_version%3D1.0%26source%3DWildfire%2520by %2520Implication Signature (escaped): rYGiA6H2UXog0nYOzTeUKwJSssM%3D Authorization Header: oauth_consumer_key=TwitterConsumerKey,oauth_token=TwitterAccessToken,oa uth_nonce=abcdefgh,oauth_timestamp=1277739588,oauth_signature_method=H MAC- SHA1,oauth_signature=rYGiA6H2UXog0nYOzTeUKwJSssM %3D,oauth_version=1.0 Post content: source=Wildfire%20by%20Implicationfollow=156934710 On Jun 28, 11:45 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Let's start from a common point. By using the same inputs, we can try and meet in the middle with exactly the same signature, signature base string, and authorization header. Using the following values: Consumer Key: TwitterConsumerKey Consumer Secret: TwitterConsumerSecret Access Token: TwitterAccessToken Access Token Secret: TwitterAccessTokenScret OAuth Nonce: abcdefgh OAuth Timestamp: 1277739588 URL:http://stream.twitter.com/1/statuses/filter.json POST Body: follow=156934710source=Wildfire%20by%20Implication Assuming these exact values, the following should be the result: POST body: follow=156934710source=Wildfire%20by%20Implication Signature Base String: POSThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Ffilter.jsonfollow%3D156934710%26oauth_consumer_key%3DTwi tterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method%3DHMAC-SH A1%26oauth_timestamp%3D1277739588%26oauth_token%3DTwitterAccessToken%26oaut h_version%3D1.0%26source%3DWildfire%2520by%2520Implication Signing Secret
Re: [twitter-dev] Re: Streaming API OAuth explanation?
An invalid delimited parameter is ignored, and won't cause a 401. On Sat, Jun 26, 2010 at 2:04 AM, Wil willi...@gmail.com wrote: Hi, @John: I removed the delimited=1 parameter and it still gave me 401's. @Taylor: I checked my system clock and does not differ from the server time by more than 5 minutes. The code works with the following which I've used: 1) OAuth authentication methods 2) statuses/user_timeline 3) 1/favorites/create (3) is a bit wierd since TweetSharp sends favorite requests in this form: http://api.twitter.com/1/favorites/create/##.json and the POST body contains this: source=Wildfire%20by%20Implication Yet it still works. I haven't tried other things in TweetSharp that does POST though. I thought that it was probably the read/write permissions that's causing the problem because I initially set the App as read-only (I changed it to write-access when I implemented the favorite). I then recreated the client information with readwrite access. So I guess permissions weren't the problem. I did some packet sniffing to be extra sure that it's sending the data as POST... and I got this: (using Microsoft NetMon 3.3) - Http: Request, POST /1/statuses/filter.json , Using OAuth Authorization Command: POST + URI: /1/statuses/filter.json ProtocolVersion: HTTP/1.1 - Authorization: OAuth - Authorization: OAuth oauth_consumer_key=##,oauth_token=34216267- BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo,oauth_nonce=d8qtvqz2sefipbsu,oauth_timestamp=1277542341,oauth_signature_method=HMAC- SHA1,oauth_signature=PeKBoS3uYgL9p7oJ%2 WhiteSpace: AuthorizationData: OAuth oauth_consumer_key=###,oauth_token=34216267- BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo,oauth_nonce=d8qtvqz2sefipbsu,oauth_timestamp=1277542341,oauth_signature_method=HMAC- SHA1,oauth_signature=PeKBoS3uYgL9p7o + ContentType: application/x-www-form-urlencoded Host: stream.twitter.com ContentLength: 51 Connection: Keep-Alive HeaderEnd: CRLF The next frame was the HTTP payload - Http: HTTP Payload, URL: /1/statuses/filter.json - payload: HttpContentType = application/x-www-form-urlencoded source: softwarename follow: ### On Jun 26, 5:50 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Wil, Does your OAuth code work against other aspects of the Twitter API? Can you verify if your system's clock is within 5 minutes or so of the times returned by our system? (You can see the current server time in an HTTP header of any of our responses). Are you sure that your code is actually POSTing the POST body along with the request? Seems like you are really close. On Fri, Jun 25, 2010 at 10:10 AM, Wil willi...@gmail.com wrote: Hi John, Uhh, care to elaborate? I don't quite get what you meant... Thanks, Wil On Jun 24, 11:17 pm, John Kalucki j...@twitter.com wrote: Aside from the oAuth issue, which others can address, the only valid delimited value is length. -John On Thu, Jun 24, 2010 at 7:58 AM, Wil willi...@gmail.com wrote: I'm getting this response: HTTP/1.1 401 Unauthorized Content-Length: 1296 Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html; charset=iso-8859-1 Server: Jetty(6.1.17) WWW-Authenticate: Basic realm=Firehose html head meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1/ titleError 401 UNAUTHORIZED/title /head body h2HTTP ERROR: 401/h2 pProblem accessing /1/statuses/filter.json. Reason: preUNAUTHORIZED/pre/p hr /ismallPowered by Jetty:///small/i Here's what I POSTed(oauth tokens are filtered out): REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json Authorization: OAuth oauth_consumer_key=#,oauth_token=,oauth_nonce=#,oauth _timestamp=#,oauth_signature_method=HMAC- SHA1,oauth_signature=,oauth_version=1.0, Content-Type: application/x-www-form-urlencoded Vary: Accept-Encoding Connection: close source=softwarenamedelimited=1follow=156934710 On Jun 23, 1:33 am, John Kalucki j...@twitter.com wrote: OAuthshould work fine onstream.twitter.com -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Jun 22, 2010 at 10:00 AM, Wil willi...@gmail.com wrote: I'm a bit dumbfounded here... I've been trying to login tostream.twitter.com usingOAuth (particularly, I've been trying to access http://stream.twitter.com/1/statuses/filter.json?follow=). I used the access keys obtained fromhttps:// api.twitter.com/oauth/access_token however, I've been getting 401 errors. I've tried basic authentication and it works fine. Does that mean thatstream:statuses/filter is still can only accept basic authentication?
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Wil, Does your OAuth code work against other aspects of the Twitter API? Can you verify if your system's clock is within 5 minutes or so of the times returned by our system? (You can see the current server time in an HTTP header of any of our responses). Are you sure that your code is actually POSTing the POST body along with the request? Seems like you are really close. On Fri, Jun 25, 2010 at 10:10 AM, Wil willi...@gmail.com wrote: Hi John, Uhh, care to elaborate? I don't quite get what you meant... Thanks, Wil On Jun 24, 11:17 pm, John Kalucki j...@twitter.com wrote: Aside from the oAuth issue, which others can address, the only valid delimited value is length. -John On Thu, Jun 24, 2010 at 7:58 AM, Wil willi...@gmail.com wrote: I'm getting this response: HTTP/1.1 401 Unauthorized Content-Length: 1296 Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html; charset=iso-8859-1 Server: Jetty(6.1.17) WWW-Authenticate: Basic realm=Firehose html head meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1/ titleError 401 UNAUTHORIZED/title /head body h2HTTP ERROR: 401/h2 pProblem accessing /1/statuses/filter.json. Reason: preUNAUTHORIZED/pre/p hr /ismallPowered by Jetty:///small/i Here's what I POSTed(oauth tokens are filtered out): REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json Authorization: OAuth oauth_consumer_key=#,oauth_token=,oauth_nonce=#,oauth _timestamp=#,oauth_signature_method=HMAC- SHA1,oauth_signature=,oauth_version=1.0, Content-Type: application/x-www-form-urlencoded Vary: Accept-Encoding Connection: close source=softwarenamedelimited=1follow=156934710 On Jun 23, 1:33 am, John Kalucki j...@twitter.com wrote: OAuthshould work fine onstream.twitter.com -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Jun 22, 2010 at 10:00 AM, Wil willi...@gmail.com wrote: I'm a bit dumbfounded here... I've been trying to login tostream.twitter.com usingOAuth (particularly, I've been trying to access http://stream.twitter.com/1/statuses/filter.json?follow=). I used the access keys obtained fromhttps:// api.twitter.com/oauth/access_token however, I've been getting 401 errors. I've tried basic authentication and it works fine. Does that mean thatstream:statuses/filter is still can only accept basic authentication? Regards, Wil On May 25, 5:51 am, John Kalucki j...@twitter.com wrote: We haven't announced our plans for streaming andoAuth, beyond stating that User Streams will only be onoAuth. On Mon, May 24, 2010 at 1:57 PM, 140dev 140...@gmail.com wrote: Does this mean that the streaming API will also make the switch from basic authentication toOAuthat the end of June? On Mon, May 24, 2010 at 4:50 PM, Mark McBride mmcbr...@twitter.com wrote: OAuthis now enabled onstream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enablingoauthonstream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled onstream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp:// stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin. .. to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status ofstream.twitter.comand oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests:
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Aside from the oAuth issue, which others can address, the only valid delimited value is length. -John On Thu, Jun 24, 2010 at 7:58 AM, Wil willi...@gmail.com wrote: I'm getting this response: HTTP/1.1 401 Unauthorized Content-Length: 1296 Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html; charset=iso-8859-1 Server: Jetty(6.1.17) WWW-Authenticate: Basic realm=Firehose html head meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1/ titleError 401 UNAUTHORIZED/title /head body h2HTTP ERROR: 401/h2 pProblem accessing /1/statuses/filter.json. Reason: preUNAUTHORIZED/pre/p hr /ismallPowered by Jetty:///small/i Here's what I POSTed(oauth tokens are filtered out): REQUEST: POST http://stream.twitter.com/1/statuses/filter.json Authorization: OAuth oauth_consumer_key=#,oauth_token=,oauth_nonce=#,oauth_timestamp=#,oauth_signature_method=HMAC- SHA1,oauth_signature=,oauth_version=1.0, Content-Type: application/x-www-form-urlencoded Vary: Accept-Encoding Connection: close source=softwarenamedelimited=1follow=156934710 On Jun 23, 1:33 am, John Kalucki j...@twitter.com wrote: OAuthshould work fine onstream.twitter.com -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Jun 22, 2010 at 10:00 AM, Wil willi...@gmail.com wrote: I'm a bit dumbfounded here... I've been trying to login tostream.twitter.com usingOAuth (particularly, I've been trying to access http://stream.twitter.com/1/statuses/filter.json?follow=). I used the access keys obtained fromhttps:// api.twitter.com/oauth/access_token however, I've been getting 401 errors. I've tried basic authentication and it works fine. Does that mean thatstream:statuses/filter is still can only accept basic authentication? Regards, Wil On May 25, 5:51 am, John Kalucki j...@twitter.com wrote: We haven't announced our plans for streaming andoAuth, beyond stating that User Streams will only be onoAuth. On Mon, May 24, 2010 at 1:57 PM, 140dev 140...@gmail.com wrote: Does this mean that the streaming API will also make the switch from basic authentication toOAuthat the end of June? On Mon, May 24, 2010 at 4:50 PM, Mark McBride mmcbr...@twitter.com wrote: OAuthis now enabled onstream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enablingoauthonstream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled onstream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp:// stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status ofstream.twitter.comand oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Hi Wil, I can help you with the OAuth component of this. Can you share your signature base string for the request? Here's an example of a few of the steps of a functioning OAuth request against this endpoint: POST body source=softwarenamedelimited=1follow=156934710 Signature Base String POSThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Ffilter.jsondelimited%3D1%26follow%3D156934710%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DVBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1277394877%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0%26source%3Dsoftwarename Authorization Header OAuth oauth_nonce=VBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1277394877, oauth_consumer_key=ri8JxYK2ddwSV5xIUfNNvQ, oauth_token=819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw, oauth_signature=cLdFEiEy16d2HdWnb5dPBtuxvko%3D, oauth_version=1.0 How do your values for signature base string differ, if at all? (other than the tokens, timestamp, and nonce being different). Thanks, Taylor On Thu, Jun 24, 2010 at 8:17 AM, John Kalucki j...@twitter.com wrote: Aside from the oAuth issue, which others can address, the only valid delimited value is length. -John On Thu, Jun 24, 2010 at 7:58 AM, Wil willi...@gmail.com wrote: I'm getting this response: HTTP/1.1 401 Unauthorized Content-Length: 1296 Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html; charset=iso-8859-1 Server: Jetty(6.1.17) WWW-Authenticate: Basic realm=Firehose html head meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1/ titleError 401 UNAUTHORIZED/title /head body h2HTTP ERROR: 401/h2 pProblem accessing /1/statuses/filter.json. Reason: preUNAUTHORIZED/pre/p hr /ismallPowered by Jetty:///small/i Here's what I POSTed(oauth tokens are filtered out): REQUEST: POST http://stream.twitter.com/1/statuses/filter.json Authorization: OAuth oauth_consumer_key=#,oauth_token=,oauth_nonce=#,oauth_timestamp=#,oauth_signature_method=HMAC- SHA1,oauth_signature=,oauth_version=1.0, Content-Type: application/x-www-form-urlencoded Vary: Accept-Encoding Connection: close source=softwarenamedelimited=1follow=156934710 On Jun 23, 1:33 am, John Kalucki j...@twitter.com wrote: OAuthshould work fine onstream.twitter.com -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Jun 22, 2010 at 10:00 AM, Wil willi...@gmail.com wrote: I'm a bit dumbfounded here... I've been trying to login tostream.twitter.com usingOAuth (particularly, I've been trying to access http://stream.twitter.com/1/statuses/filter.json?follow=). I used the access keys obtained fromhttps:// api.twitter.com/oauth/access_token however, I've been getting 401 errors. I've tried basic authentication and it works fine. Does that mean thatstream:statuses/filter is still can only accept basic authentication? Regards, Wil On May 25, 5:51 am, John Kalucki j...@twitter.com wrote: We haven't announced our plans for streaming andoAuth, beyond stating that User Streams will only be onoAuth. On Mon, May 24, 2010 at 1:57 PM, 140dev 140...@gmail.com wrote: Does this mean that the streaming API will also make the switch from basic authentication toOAuthat the end of June? On Mon, May 24, 2010 at 4:50 PM, Mark McBride mmcbr...@twitter.com wrote: OAuthis now enabled onstream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enablingoauthonstream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled onstream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp:// stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status ofstream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response!
Re: [twitter-dev] Re: Streaming API OAuth explanation?
OAuth should work fine on stream.twitter.com -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Jun 22, 2010 at 10:00 AM, Wil willi...@gmail.com wrote: I'm a bit dumbfounded here... I've been trying to login to stream.twitter.com using OAuth (particularly, I've been trying to access http://stream.twitter.com/1/statuses/filter.json?follow=). I used the access keys obtained from https://api.twitter.com/oauth/access_token however, I've been getting 401 errors. I've tried basic authentication and it works fine. Does that mean that stream:statuses/filter is still can only accept basic authentication? Regards, Wil On May 25, 5:51 am, John Kalucki j...@twitter.com wrote: We haven't announced our plans for streaming and oAuth, beyond stating that User Streams will only be on oAuth. On Mon, May 24, 2010 at 1:57 PM, 140dev 140...@gmail.com wrote: Does this mean that the streaming API will also make the switch from basic authentication to OAuth at the end of June? On Mon, May 24, 2010 at 4:50 PM, Mark McBride mmcbr...@twitter.com wrote: OAuth is now enabled on stream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enabling oauth on stream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp:// stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%2 6oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signatu re_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Streaming API OAuth explanation?
OAuth is now enabled on stream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enabling oauth on stream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp://stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Does this mean that the streaming API will also make the switch from basic authentication to OAuth at the end of June? On Mon, May 24, 2010 at 4:50 PM, Mark McBride mmcbr...@twitter.com wrote: OAuth is now enabled on stream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enabling oauth on stream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp://stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Streaming API OAuth explanation?
We haven't announced our plans for streaming and oAuth, beyond stating that User Streams will only be on oAuth. On Mon, May 24, 2010 at 1:57 PM, 140dev 140...@gmail.com wrote: Does this mean that the streaming API will also make the switch from basic authentication to OAuth at the end of June? On Mon, May 24, 2010 at 4:50 PM, Mark McBride mmcbr...@twitter.com wrote: OAuth is now enabled on stream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enabling oauth on stream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp:// stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Streaming API OAuth explanation?
The format is fairly simple and almost self explanatory. Check out this for a working sample: http://github.com/zbowling/earlybird Zac Bowling On Mon, May 24, 2010 at 7:23 PM, Jonathon Hill jhill9...@gmail.com wrote: Hey we need documentation! Jonathon On May 24, 4:50 pm, Mark McBride mmcbr...@twitter.com wrote: OAuth is now enabled on stream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enabling oauth on stream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp://stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Streaming API OAuth explanation?
OAuth is not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ based OAuth library. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to access http://stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that the streaming server even supports oauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Streaming API OAuth explanation?
Excellent, it works! thanks On Thu, May 13, 2010 at 2:11 PM, John Kalucki j...@twitter.com wrote: OAuth is not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ based OAuth library. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to access http://stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that the streaming server even supports oauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
