Re: [twitter-dev] Re: xAuth Request gives Error from samsung tv maple browser
HI Tom Thank you very much for Your kind Support.Still i could not able to get Response from Twitter from firefox and samsung TV app. But it is working in Safari.Here i am sending the clean code as an attachment please help me out where the hurdle exist. If you make it work in firefox surely works in samsung TV. So please help me Tom. Thanks. On Tue, Dec 7, 2010 at 3:52 PM, Tom van der Woerdt i...@tvdw.eu wrote: That code is really a mess, but I think I found a few issues and solved them. I'm not sure about the Signature itself, but the Base String is fine now. I've attached a new version of your .html file. I won't paste the code here because it may break the code. Tom PS: I really recommend keeping your code clean. This file is a mess. On 12/7/10 6:07 AM, umamahesh G. wrote: HI Tom, Thanks for you kind support.I had all required privileges from twitter for my app.The thing is i can able to post the message from safari but same code not working in firefox,IE as well as samsung Tv.Please help me out from this problem.I tried maximum ways still i don't have any solution. On Tue, Dec 7, 2010 at 5:48 AM, Bess bess...@gmail.com mailto:bess...@gmail.com wrote: I am interested in solving this too. Let's say Samsung TV is same as desk top. You should be able to use xAuth. You need to create a new Twitter app to get Consumer key and Consumer secret. Make sure you select client method and read/write. On Dec 6, 1:23 am, umamahesh G. g.umamahesh...@gmail.com mailto:g.umamahesh...@gmail.com wrote: HI Tom, Thanks for your support. I am using javascript for samsung TV Applicaiton not for normal browser so there is no way to know about keys and secret key.Actually Samsung SDK uses Maple browser and application runs on this browser. I hope you help me out from this issue. Please find the below code. html head lt;script type =text/Javascript language=Javascript src=sha1.js/script lt;script type=text/javascript charset=utf-8 /*To authorize on Twitter API through xAuth, you need HMAC-SHA1 I'm using the following lib for that:http://jssha.sourceforge.net http://jssha.sourceforge.net/ Make sure you have sha.js included!Also, you need to email a...@twitter.comto get xAuth access I cannot do that for you - seehttp://dev.twitter.com/pages/xauth http://dev.twitter.com/pages/xauth cross-domain XHRs only work on file:// protocol pages use PhoneGap! */ var TwitterApiRequest = function() { this.nonce = this.generateNonce(); this.timestamp = this.getUTCtimestamp(); this.postBody = null; this.signature = null; this.signatureBaseString = null; this.consumerSecret=MY consumerSecret ; } TwitterApiRequest.prototype.generateNonce = function () { var nonce = []; var length = 6; // arbitrary - looks like a good length for (length; length 0; length--) nonce.push1+Math.random())*0x1)|0).toString(16).substring(1)); return nonce.join(); } // could possibly do without UTC, but here we are TwitterApiRequest.prototype.getUTCtimestamp = function () { //var currentTime = new Date(); //var currentUTCTimeInSecs = Math.floor(Date.parse(currentTime.toUTCString()) / 1000); //return currentUTCTimeInSecs; return (new Date((new Date).toUTCString())).getTime() / 1000; } // don't forget trailing ! //TwitterApiRequest.prototype.consumerSecret = MY consumerSecret ; TwitterApiRequest.prototype.signatureBaseStringTemplate = POST + https%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/ http://2fapi.twitter.com/ http://2fapi.twitter.com/%2Foauth%2Faccess_token + // oauth_path oauth_consumer_key%3DMY CONSUMER KEY%26 + oauth_nonce%3D + {{ nonce }} + %26 + oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D + {{ time }} + %26 + oauth_version%3D1.0%26 + x_auth_mode%3Dclient_auth%26 + x_auth_password%3D + {{ password }} + %26 + x_auth_username%3D + {{ username }} TwitterApiRequest.prototype.authHeaderTemplate = OAuth + oauth_nonce=\ + {{ nonce }} + \, + oauth_signature_method=\HMAC-SHA1\, + oauth_timestamp=\ + {{ time }} + \, + oauth_consumer_key=\MY CONSUMER KEY\, + oauth_signature=\ + {{ signature }} + \, + oauth_version=\1.0\; TwitterApiRequest.prototype.processCredentials = function (user, pw) { this.signatureBaseString = this.signatureBaseStringTemplate .split({{ nonce }}).join(this.nonce) .split({{ time }}).join(this.timestamp) .split({{ password }}).join(encodeURIComponent(pw)) .split({{ username
Re: [twitter-dev] Re: xAuth Request gives Error from samsung tv maple browser
That code is really a mess, but I think I found a few issues and solved them. I'm not sure about the Signature itself, but the Base String is fine now. I've attached a new version of your .html file. I won't paste the code here because it may break the code. Tom PS: I really recommend keeping your code clean. This file is a mess. On 12/7/10 6:07 AM, umamahesh G. wrote: HI Tom, Thanks for you kind support.I had all required privileges from twitter for my app.The thing is i can able to post the message from safari but same code not working in firefox,IE as well as samsung Tv.Please help me out from this problem.I tried maximum ways still i don't have any solution. On Tue, Dec 7, 2010 at 5:48 AM, Bess bess...@gmail.com mailto:bess...@gmail.com wrote: I am interested in solving this too. Let's say Samsung TV is same as desk top. You should be able to use xAuth. You need to create a new Twitter app to get Consumer key and Consumer secret. Make sure you select client method and read/write. On Dec 6, 1:23 am, umamahesh G. g.umamahesh...@gmail.com mailto:g.umamahesh...@gmail.com wrote: HI Tom, Thanks for your support. I am using javascript for samsung TV Applicaiton not for normal browser so there is no way to know about keys and secret key.Actually Samsung SDK uses Maple browser and application runs on this browser. I hope you help me out from this issue. Please find the below code. html head lt;script type =text/Javascript language=Javascript src=sha1.js/script lt;script type=text/javascript charset=utf-8 /*To authorize on Twitter API through xAuth, you need HMAC-SHA1 I'm using the following lib for that:http://jssha.sourceforge.net http://jssha.sourceforge.net/ Make sure you have sha.js included!Also, you need to email a...@twitter.comto get xAuth access I cannot do that for you - seehttp://dev.twitter.com/pages/xauth http://dev.twitter.com/pages/xauth cross-domain XHRs only work on file:// protocol pages use PhoneGap! */ var TwitterApiRequest = function() { this.nonce = this.generateNonce(); this.timestamp = this.getUTCtimestamp(); this.postBody = null; this.signature = null; this.signatureBaseString = null; this.consumerSecret=MY consumerSecret ; } TwitterApiRequest.prototype.generateNonce = function () { var nonce = []; var length = 6; // arbitrary - looks like a good length for (length; length 0; length--) nonce.push1+Math.random())*0x1)|0).toString(16).substring(1)); return nonce.join(); } // could possibly do without UTC, but here we are TwitterApiRequest.prototype.getUTCtimestamp = function () { //var currentTime = new Date(); //var currentUTCTimeInSecs = Math.floor(Date.parse(currentTime.toUTCString()) / 1000); //return currentUTCTimeInSecs; return (new Date((new Date).toUTCString())).getTime() / 1000; } // don't forget trailing ! //TwitterApiRequest.prototype.consumerSecret = MY consumerSecret ; TwitterApiRequest.prototype.signatureBaseStringTemplate = POST + https%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/ http://2fapi.twitter.com/%2Foauth%2Faccess_token + // oauth_path oauth_consumer_key%3DMY CONSUMER KEY%26 + oauth_nonce%3D + {{ nonce }} + %26 + oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D + {{ time }} + %26 + oauth_version%3D1.0%26 + x_auth_mode%3Dclient_auth%26 + x_auth_password%3D + {{ password }} + %26 + x_auth_username%3D + {{ username }} TwitterApiRequest.prototype.authHeaderTemplate = OAuth + oauth_nonce=\ + {{ nonce }} + \, + oauth_signature_method=\HMAC-SHA1\, + oauth_timestamp=\ + {{ time }} + \, + oauth_consumer_key=\MY CONSUMER KEY\, + oauth_signature=\ + {{ signature }} + \, + oauth_version=\1.0\; TwitterApiRequest.prototype.processCredentials = function (user, pw) { this.signatureBaseString = this.signatureBaseStringTemplate .split({{ nonce }}).join(this.nonce) .split({{ time }}).join(this.timestamp) .split({{ password }}).join(encodeURIComponent(pw)) .split({{ username }}).join(encodeURIComponent(user)); this.postBody = x_auth_mode=client_auth + x_auth_password= + encodeURIComponent(pw) + + x_auth_username= + encodeURIComponent(user); } TwitterApiRequest.prototype.sign = function () { //var shaObj = new jsSHA(base_string, ASCII); //var oauth_signature = shaObj.getHMAC(consumersecret, ASCII, B64); alert(this.signatureBaseString
Re: [twitter-dev] Re: xAuth Request gives Error from samsung tv maple browser
HI Tom, Thanks for you kind support.I had all required privileges from twitter for my app.The thing is i can able to post the message from safari but same code not working in firefox,IE as well as samsung Tv.Please help me out from this problem.I tried maximum ways still i don't have any solution. On Tue, Dec 7, 2010 at 5:48 AM, Bess bess...@gmail.com wrote: I am interested in solving this too. Let's say Samsung TV is same as desk top. You should be able to use xAuth. You need to create a new Twitter app to get Consumer key and Consumer secret. Make sure you select client method and read/write. On Dec 6, 1:23 am, umamahesh G. g.umamahesh...@gmail.com wrote: HI Tom, Thanks for your support. I am using javascript for samsung TV Applicaiton not for normal browser so there is no way to know about keys and secret key.Actually Samsung SDK uses Maple browser and application runs on this browser. I hope you help me out from this issue. Please find the below code. html head lt;script type =text/Javascript language=Javascript src=sha1.js/script lt;script type=text/javascript charset=utf-8 /*To authorize on Twitter API through xAuth, you need HMAC-SHA1 I'm using the following lib for that:http://jssha.sourceforge.net Make sure you have sha.js included!Also, you need to email a...@twitter.comto get xAuth access I cannot do that for you - seehttp://dev.twitter.com/pages/xauth cross-domain XHRs only work on file:// protocol pages use PhoneGap! */ var TwitterApiRequest = function() { this.nonce = this.generateNonce(); this.timestamp = this.getUTCtimestamp(); this.postBody = null; this.signature = null; this.signatureBaseString = null; this.consumerSecret=MY consumerSecret ; } TwitterApiRequest.prototype.generateNonce = function () { var nonce = []; var length = 6; // arbitrary - looks like a good length for (length; length 0; length--) nonce.push1+Math.random())*0x1)|0).toString(16).substring(1)); return nonce.join(); } // could possibly do without UTC, but here we are TwitterApiRequest.prototype.getUTCtimestamp = function () { //var currentTime = new Date(); //var currentUTCTimeInSecs = Math.floor(Date.parse(currentTime.toUTCString()) / 1000); //return currentUTCTimeInSecs; return (new Date((new Date).toUTCString())).getTime() / 1000; } // don't forget trailing ! //TwitterApiRequest.prototype.consumerSecret = MY consumerSecret ; TwitterApiRequest.prototype.signatureBaseStringTemplate = POST + https%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/ http://2fapi.twitter.com/%2Foauth%2Faccess_token + // oauth_path oauth_consumer_key%3DMY CONSUMER KEY%26 + oauth_nonce%3D + {{ nonce }} + %26 + oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D + {{ time }} + %26 + oauth_version%3D1.0%26 + x_auth_mode%3Dclient_auth%26 + x_auth_password%3D + {{ password }} + %26 + x_auth_username%3D + {{ username }} TwitterApiRequest.prototype.authHeaderTemplate = OAuth + oauth_nonce=\ + {{ nonce }} + \, + oauth_signature_method=\HMAC-SHA1\, + oauth_timestamp=\ + {{ time }} + \, + oauth_consumer_key=\MY CONSUMER KEY\, + oauth_signature=\ + {{ signature }} + \, + oauth_version=\1.0\; TwitterApiRequest.prototype.processCredentials = function (user, pw) { this.signatureBaseString = this.signatureBaseStringTemplate .split({{ nonce }}).join(this.nonce) .split({{ time }}).join(this.timestamp) .split({{ password }}).join(encodeURIComponent(pw)) .split({{ username }}).join(encodeURIComponent(user)); this.postBody = x_auth_mode=client_auth + x_auth_password= + encodeURIComponent(pw) + + x_auth_username= + encodeURIComponent(user); } TwitterApiRequest.prototype.sign = function () { //var shaObj = new jsSHA(base_string, ASCII); //var oauth_signature = shaObj.getHMAC(consumersecret, ASCII, B64); alert(this.signatureBaseString :+this.signatureBaseString); var hmacGen = new jsSHA(this.signatureBaseString,ASCII); this.signature = hmacGen.getHMAC(this.consumerSecret,ASCII,B64)+%3D; this.authHeader = this.authHeaderTemplate .split({{ nonce }}).join(this.nonce) .split({{ time }}).join(this.timestamp) .split({{ signature }}).join(this.signature); } function ajaxrequest() { var authorizeRequest = new TwitterApiRequest(); authorizeRequest.processCredentials(suyambu.vikn...@gmail.com, simcard00); authorizeRequest.sign(); var twitterUrl = 'https://api.twitter.com/oauth/access_token?'+ authorizeRequest.postBody; var req = new XMLHttpRequest(); alert(this.postBody : +authorizeRequest.postBody); alert(header :+authorizeRequest.authHeader); // sync for testing purposes, not required req.open('POST', twitterUrl, false); req.setRequestHeader(Authorization, authorizeRequest.authHeader); req.send(); alert(Response :+req.responseText); // should be 200
Re: [twitter-dev] Re: xAuth request returns 401, need help
Hey Chrys, The order of the parameters in the base string matter and they should be in lexicollexicographical order. For ease of debugging and to remove any ambiguity it would be better to have the authorization header use the same order too. Can you tell me what the body content of the 401 error is? Best, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Thu, Nov 18, 2010 at 6:55 PM, Chrys Bader chr...@gmail.com wrote: Does the order of the params in either the Authorization or Base string matter? Here are my Request Headers: Authorization = OAuth oauth_timestamp=\1290134876\, oauth_nonce= \D3EC42D2-A37F-4298-987D-0F9603B0C9C7\, oauth_version=\1.0\, oauth_consumer_key=\xxx\, oauth_signature_method=\HMAC-SHA1\, oauth_signature=\MOWT%2BaSs35RhzvRRMVxRG0Y5p0E%3D\; Content-Length = 71; Content-Type = application/x-www-form-urlencoded; charset=utf-8; Here is my actual base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dxxx%26oauth_nonce%3DD3EC42D2- A37F-4298-987D-0F9603B0C9C7%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1290134876%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3Dxxx%26x_auth_username%3Dchrysb On Nov 18, 6:47 pm, Chrys Bader chr...@gmail.com wrote: Yes I compared the UTC timestamp that my phone is generating with the actual UTC timestamp, and they were the same. Is there anything else I can show you for more information? No matter what, I just keep getting a 401 response from Twitter. On Nov 18, 6:41 pm, Matt Harris thematthar...@twitter.com wrote: OK, but is the UTC timestamp actually accurate? we've heard of a number of phones whose date/time are wildly wrong. It maybe find but it's quite common. Your content-type is fine. Matt On Thu, Nov 18, 2010 at 6:03 PM, Chrys Bader chr...@gmail.com wrote: Ok, I looked into it. According to the iPhone SDK documentation, I am indeed sending the UTC (GMT) timestamp. Still not sure what else could be wrong? Is this the right Content-Type? Content-Type = application/x-www-form-urlencoded; charset=utf-8; On Nov 18, 5:53 pm, themattharris thematthar...@twitter.com wrote: Hey Chrys, A couple of things to check first: 1. Have you been granted xAuth access? 2. Double check the timestamp of your request is within 10 or so minutes of the time returned by Twitter's servers. Our server time is in UTC. 3. Verify your encoding is correct. For example: a password like ab$ %123 should be in your basestring as ab%2524%2525%2526123 and in your post body as ab%24%25%26123. Best, Matt On Nov 18, 5:31 pm, Chrys Bader chr...@gmail.com wrote: *bump* I've run my base string through an oAuth verifier ( http://quonos.nl/ oauthTester/), and it all checks out! Any ideas? On Oct 27, 4:50 pm, Chrys Bader chr...@gmail.com wrote: Hey all, This is my first post in this group, hi! I am having trouble making a request onhttps:// api.twitter.com/oauth/access_token. I've been at this for 2 days and I can't make any progress. I feel like everything matches up with all examples, documentation, and other forum posts perfectly. Here is my post body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Here is my base string (using the example's test credentials): POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Here is my Authorization header: OAuth oauth_timestamp=1288223176, oauth_nonce=E0E37C06- F12A-407B-8D80-20C78FF6183A, oauth_version=1.0, oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature_method=HMAC-SHA1, oauth_signature=IwPFrvb0PExyS %2F2QQvtbelsWk48%3D -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources:
Re: [twitter-dev] Re: xAuth request returns 401, need help
Hey Chrys, Agreed. The authentication header doesn't have to be in order but as said previously, it helps with debugging. It is really strange that the response body is empty. It maybe easier if you email me the full request headers, with response headers and content so I can debug further. For security it'll be easier if you email me that directly. Best, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Fri, Nov 19, 2010 at 12:20 PM, Chrys Bader chr...@gmail.com wrote: Also, the example here shows that the Auth header and the base string aren't in the same order: http://dev.twitter.com/pages/xauth On Nov 19, 11:04 am, Matt Harris thematthar...@twitter.com wrote: Hey Chrys, The order of the parameters in the base string matter and they should be in lexicollexicographical order. For ease of debugging and to remove any ambiguity it would be better to have the authorization header use the same order too. Can you tell me what the body content of the 401 error is? Best, @themattharris Developer Advocate, Twitterhttp://twitter.com/themattharris On Thu, Nov 18, 2010 at 6:55 PM, Chrys Bader chr...@gmail.com wrote: Does the order of the params in either the Authorization or Base string matter? Here are my Request Headers: Authorization = OAuth oauth_timestamp=\1290134876\, oauth_nonce= \D3EC42D2-A37F-4298-987D-0F9603B0C9C7\, oauth_version=\1.0\, oauth_consumer_key=\xxx\, oauth_signature_method=\HMAC-SHA1\, oauth_signature=\MOWT%2BaSs35RhzvRRMVxRG0Y5p0E%3D\; Content-Length = 71; Content-Type = application/x-www-form-urlencoded; charset=utf-8; Here is my actual base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dxxx%26oauth_nonce%3DD3EC42D2- A37F-4298-987D-0F9603B0C9C7%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1290134876%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3Dxxx%26x_auth_username%3Dchrysb On Nov 18, 6:47 pm, Chrys Bader chr...@gmail.com wrote: Yes I compared the UTC timestamp that my phone is generating with the actual UTC timestamp, and they were the same. Is there anything else I can show you for more information? No matter what, I just keep getting a 401 response from Twitter. On Nov 18, 6:41 pm, Matt Harris thematthar...@twitter.com wrote: OK, but is the UTC timestamp actually accurate? we've heard of a number of phones whose date/time are wildly wrong. It maybe find but it's quite common. Your content-type is fine. Matt On Thu, Nov 18, 2010 at 6:03 PM, Chrys Bader chr...@gmail.com wrote: Ok, I looked into it. According to the iPhone SDK documentation, I am indeed sending the UTC (GMT) timestamp. Still not sure what else could be wrong? Is this the right Content-Type? Content-Type = application/x-www-form-urlencoded; charset=utf-8; On Nov 18, 5:53 pm, themattharris thematthar...@twitter.com wrote: Hey Chrys, A couple of things to check first: 1. Have you been granted xAuth access? 2. Double check the timestamp of your request is within 10 or so minutes of the time returned by Twitter's servers. Our server time is in UTC. 3. Verify your encoding is correct. For example: a password like ab$ %123 should be in your basestring as ab%2524%2525%2526123 and in your post body as ab%24%25%26123. Best, Matt On Nov 18, 5:31 pm, Chrys Bader chr...@gmail.com wrote: *bump* I've run my base string through an oAuth verifier ( http://quonos.nl/ oauthTester/), and it all checks out! Any ideas? On Oct 27, 4:50 pm, Chrys Bader chr...@gmail.com wrote: Hey all, This is my first post in this group, hi! I am having trouble making a request onhttps:// api.twitter.com/oauth/access_token. I've been at this for 2 days and I can't make any progress. I feel like everything matches up with all examples, documentation, and other forum posts perfectly. Here is my post body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Here is my base string (using the example's test credentials): POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Here is my Authorization header: OAuth oauth_timestamp=1288223176,
Re: [twitter-dev] Re: xAuth request returns 401, need help
OK, but is the UTC timestamp actually accurate? we've heard of a number of phones whose date/time are wildly wrong. It maybe find but it's quite common. Your content-type is fine. Matt On Thu, Nov 18, 2010 at 6:03 PM, Chrys Bader chr...@gmail.com wrote: Ok, I looked into it. According to the iPhone SDK documentation, I am indeed sending the UTC (GMT) timestamp. Still not sure what else could be wrong? Is this the right Content-Type? Content-Type = application/x-www-form-urlencoded; charset=utf-8; On Nov 18, 5:53 pm, themattharris thematthar...@twitter.com wrote: Hey Chrys, A couple of things to check first: 1. Have you been granted xAuth access? 2. Double check the timestamp of your request is within 10 or so minutes of the time returned by Twitter's servers. Our server time is in UTC. 3. Verify your encoding is correct. For example: a password like ab$ %123 should be in your basestring as ab%2524%2525%2526123 and in your post body as ab%24%25%26123. Best, Matt On Nov 18, 5:31 pm, Chrys Bader chr...@gmail.com wrote: *bump* I've run my base string through an oAuth verifier (http://quonos.nl/ oauthTester/), and it all checks out! Any ideas? On Oct 27, 4:50 pm, Chrys Bader chr...@gmail.com wrote: Hey all, This is my first post in this group, hi! I am having trouble making a request onhttps:// api.twitter.com/oauth/access_token. I've been at this for 2 days and I can't make any progress. I feel like everything matches up with all examples, documentation, and other forum posts perfectly. Here is my post body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Here is my base string (using the example's test credentials): POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Here is my Authorization header: OAuth oauth_timestamp=1288223176, oauth_nonce=E0E37C06- F12A-407B-8D80-20C78FF6183A, oauth_version=1.0, oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature_method=HMAC-SHA1, oauth_signature=IwPFrvb0PExyS %2F2QQvtbelsWk48%3D -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re:[twitter-dev] Re: XAuth authentication fail on Chinese machine
Have you test your singnatrue by the way http://quonos.nl/oauthTester support ? (not only the base) And have you captured your request ? Maybe youshould do this job first, and then again on a non-chinesemachine, you will get the answer. At 2010-11-04 16:20:05,pawan pawanrajsingh2...@gmail.com wrote: Hi, Thanx for reply but still in reply I got same problem (The remote server returned an error: (401) Unauthorized.). I add this line in my web request webRequest.Headers.Add(Accept-Language: zh-CN,en,*); But no sucess. :( On Nov 3, 11:03 am, engine.start 477914...@163.com wrote: Hi, Your problem maybe same as mine. chang url to another website, do not use ssl, wireshark your request, and then compare with this, maybe it will work. (I use libcurl, and add User-Agent: Mozilla/5.0 to httpheader, and it work) POST ?x_auth_username=###x_auth_password=x_auth_mode=client_auth HTTP/1.1 Authorization: OAuth oauth_consumer_key=#,oauth_signature_method=HMAC-SHA1,oauth_signature=,oauth_timestamp=1288593077,oauth_nonce=9TPwvl28NeTtKLZH,oauth_version=1.0 Content-Length: 0 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: zh-CN,en,* User-Agent: Mozilla/5.0 Host:www.XX.com Content-Type: application/x-www-form-urlencoded At 2010-11-03 13:18:16,pawan pawanrajsingh2...@gmail.com wrote: Thanks for reply but after using thishttp://quonos.nl/oauthTesterURL I got my base string is ok and still I not able to find out how to resolve this issue. On Nov 2, 12:32 am, Tom van der Woerdt i...@tvdw.eu wrote: Hi, Most 401 Unauthorized errors (and especially the ones involving UTF8 characters) are because of errors in the Base String, used to generate the signature. Please use the validation tool at http://quonos.nl/oauthTester, it may help you a lot with validating your Base String. As access_token always involves usernames and passwords, please do substitute them with dummy ones for security reasons - just make sure that they at least look like the previous ones, because otherwise it would be hard to detect encoding issues. Tom PS: When dealing with encoding issues, XX'ing the values really doesn't help. On 11/1/10 6:58 PM, pawan wrote: Hi, We have created a Desktop Twitter application, In this application I have usedXAuthfeature to get data from Twitter API. It works fine on Win 7 Ultimatemachine. However when I run my application's exe on core Chinese Win 7machine, I got The remote server returned an error: (401) Unauthorized. error from following request: https://api.twitter.com/oauth/access_token?oauth_consumer_key=XXX... Can anyone help me out to know how to resolve this issue. Thanks, Pawan -- Twitter developer documentation and resources:http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list Change your membership to this group:http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re:[twitter-dev] Re: XAuth authentication fail on Chinese machine
Hi, Your problem maybe same as mine. chang url to another website, do not use ssl, wireshark your request, and then compare with this, maybe it will work. (I use libcurl, and add User-Agent: Mozilla/5.0 to httpheader, and it work) POST ?x_auth_username=###x_auth_password=x_auth_mode=client_auth HTTP/1.1 Authorization: OAuth oauth_consumer_key=#,oauth_signature_method=HMAC-SHA1,oauth_signature=,oauth_timestamp=1288593077,oauth_nonce=9TPwvl28NeTtKLZH,oauth_version=1.0 Content-Length: 0 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: zh-CN,en,* User-Agent: Mozilla/5.0 Host: www.XX.com Content-Type: application/x-www-form-urlencoded At 2010-11-03 13:18:16,pawan pawanrajsingh2...@gmail.com wrote: Thanks for reply but after using this http://quonos.nl/oauthTester URL I got my base string is ok and still I not able to find out how to resolve this issue. On Nov 2, 12:32 am, Tom van der Woerdt i...@tvdw.eu wrote: Hi, Most 401 Unauthorized errors (and especially the ones involving UTF8 characters) are because of errors in the Base String, used to generate the signature. Please use the validation tool at http://quonos.nl/oauthTester, it may help you a lot with validating your Base String. As access_token always involves usernames and passwords, please do substitute them with dummy ones for security reasons - just make sure that they at least look like the previous ones, because otherwise it would be hard to detect encoding issues. Tom PS: When dealing with encoding issues, XX'ing the values really doesn't help. On 11/1/10 6:58 PM, pawan wrote: Hi, We have created a Desktop Twitter application, In this application I have usedXAuthfeature to get data from Twitter API. It works fine on Win 7 Ultimatemachine. However when I run my application's exe on core Chinese Win 7machine, I got The remote server returned an error: (401) Unauthorized. error from following request: https://api.twitter.com/oauth/access_token?oauth_consumer_key=XXX... Can anyone help me out to know how to resolve this issue. Thanks, Pawan -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Re: xAuth problem
I don't know what's going on and need more information to be able to tell you. What's the name of the Twitter account that you have used to register your application? Taylor On Wed, Sep 22, 2010 at 8:35 PM, privatejava ngmm...@gmail.com wrote: I 'm suprised..today when I came to compile my all classfile and changed my library of twitter api to new version. Also as you said i changed date first to Jan 01 2010 and again at Sept 22 the xAuth worked fine without any exception. Can you tell me what is happening on me.. I don't know how it was fixed my date was already at Sept 22 .Has Twitter blocked my keys or secret? I use xAuth everytime the user logins. I don't save any information neither tokens for user's privacy. So i don't think it's cause of twitter is it? Thanks.. On Sep 22, 7:06 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Narayan, I'd like to help, but I need more information in order to debug. Can you verify that your consumer key and secret are correct (and the same as what you have stored currently on dev.twitter.com)? Is there any reason you can think of that your application may have become suspended? Taylor On Tue, Sep 21, 2010 at 9:13 PM, Narayan Maharjan ngmm...@gmail.com wrote: Hello Taylor, I 've already checked my timestamp before couple of days. The exception occurs on all of the user who are using my application.So I think it may be due to my own application. I use twitter4j api. It shows exception every time i try to login. Please help. Thanks. On Tue, Sep 21, 2010 at 8:36 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, Has anything changed about your environment? Perhaps your clocks have changed and you aren't generating valid timestamps? When you applied and were approved for xAuth, was it a conditional approval meant for transitional purposes? Have you tried utilizing xAuth from another code base? What is the specific Twitter API exception that you are receiving? Taylor On Tue, Sep 21, 2010 at 4:22 AM, privatejava ngmm...@gmail.com wrote: Since many days i can see my xAuth is not working .It gives me error/ exception while i try to login my twitter user via xauth method.My application is a standalone app with api twitter4j.I've even already verified my xAuth but why isn't it working? Please help! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Re: XAuth 401 error
You shouldn't synchronize to Twitter. You (and Twitter) should synchronize to the World Time Standard using NTP. It's a simple process on Linux - you just install a package or two and read your distro's system administration manual on how to configure it. It's point and click on openSUSE with YaST. On a Windows desktop, it's usually done for you by default. On Windows Servers, there's some configuration required which is documented to painful excess in the Microsoft Knowledge Base. This is a *solved* and *documented* problem. ;-) -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Farrukh Javeid farruk...@gmail.com: I have been trying to get the time synchronized with the twitter server but could not attain it so far. Can anyone help me with code. It'll be real help as I have already wasted 3 days for this task. Warm Regards, On Sep 2, 6:11 am, MigrantP migra...@gmail.com wrote: Scratch that, it was simply a bonehead error on my part.. carry on =) On Sep 1, 5:25 pm, MigrantP migra...@gmail.com wrote: I should mention that I am having no problem posting updates to twitter itself, but I cannot post pictures through twitpic or yfrog due to this error.. and it was working earlier with no code change since. On Sep 1, 5:02 pm, MigrantP migra...@gmail.com wrote: I am also getting this problem, despite it working perfectly yesterday. I've added a timestamp offset adjustment as you recommended just in case, and am sending an accurate GMT timestamp, but still getting 401 errors. There is no additional information included in the error, so I'm at a loss. Was anything else changed? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: XAuth 401 error
Yeah, well, that doesn't work very well for desktop apps ;-) Users would go mad if you suddenly change their clocks. Tom On 9/6/10 10:22 PM, M. Edward (Ed) Borasky wrote: You shouldn't synchronize to Twitter. You (and Twitter) should synchronize to the World Time Standard using NTP. It's a simple process on Linux - you just install a package or two and read your distro's system administration manual on how to configure it. It's point and click on openSUSE with YaST. On a Windows desktop, it's usually done for you by default. On Windows Servers, there's some configuration required which is documented to painful excess in the Microsoft Knowledge Base. This is a *solved* and *documented* problem. ;-) -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: XAuth 401 error
We have fixed a bug in our OAuth implementation that allowed timestamps in the future to be accepted. We've now corrected this such that timetsamps must be within a reasonable amount of time in cosideration to Twitter's server clocks. We return our current time in the Date HTTP header of every response. One easy way to fixate an application's clock with our servers is to issue a HTTP HEAD request to http://api.twitter.com/1/help/test.xml -- it's a non-rate-limited request and will allow you to adjust your clock in relation to ours. Make sure that you're keeping to the OAuth spec and using UTC-based epoch time in seconds. Taylor On Wed, Sep 1, 2010 at 9:15 AM, Steve Loft kettletoft@googlemail.comwrote: Users of my xAuth application are also getting 401, since about 12 hours ago. Steve -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: xAuth not Working (Help)
You should sort the fields in the Base String. Tom On 9/1/10 6:35 PM, Karthik wrote: Dear Taylor, I am developing an twitter app in MTK (Mediatek platform and my app has the x-auth privilages) My Issue: I am getting errocode 401 (Failed to validate oauth signature and token), only in the mobile (MTK - media tek - where I am not using proxy). I ma getting the x-auth access token and all other api's are working fine in the simualtor (where I am using proxy) So when I look in to the TCP packets : In simulator: POST https:api.twitter.com/oauth/access_token HTTP/1.1 (Absolute URL) Host: api.twitter.com authorization: OAuth oauth_consumer_key=abcdefghijklm, oauth_nonce=1262304257, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1262304256, oauth_version=1.0, oauth_signature=4vvYMzqy1BBixGRh4bpeA5xa%2BPo%3D but in target I ma getting as : POST /oauth/access_token HTTP/1.1 (Relative URL) Other than this , no other changes I have found between simulator and target. My Signature simple string : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%abcdefghijklm%26oauth_nonce %3D1262304257%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1262304256%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtest1234%26x_auth_username%3Dnareshs %2540google.com I am using the platform provided sha1-hmac algorithm which is same in target and simulator. Please help me find out the issue which is only occuring in my target. Regards, Karthik -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: XAuth 401 error
This is true of all applications running to spec. We've always denied requests that were behind our system clock by an unreasonable amont -- you would be presented with this conundrum in that scenario as well, regardless of our recent change to also apply this restriction to timestamps in the future. Many developers have implemented this pattern to keep their clocks in sync. It's unwise to trust your system clock. Taylor On Wed, Sep 1, 2010 at 9:44 AM, J.D. jeremy.d.mul...@gmail.com wrote: For desktop apps using oAuth, the timestamp issue causing 401 errors is a big problem. People's desktops have all sorts of crazy times set on them. This means now every application that uses Twitter oAuth needs to have code written to sync/modify its time with Twitter's. It's a pain. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: xAuth not Working (Help)
Oh, sorry, you are right. You replaced the consumer key with some random value but apparently you also replaced the 3D in %3D so my validator didn't catch it properly. Tom On 9/1/10 6:42 PM, Karthik wrote: Dear Tom, its is in sorted order only. And moreover the same order working fine in Simualtor On Sep 1, 9:37 pm, Tom van der Woerdt i...@tvdw.eu wrote: You should sort the fields in the Base String. Tom On 9/1/10 6:35 PM, Karthik wrote: Dear Taylor, I am developing an twitter app in MTK (Mediatek platform and my app has the x-auth privilages) My Issue: I am getting errocode 401 (Failed to validate oauth signature and token), only in the mobile (MTK - media tek - where I am not using proxy). I ma getting the x-auth access token and all other api's are working fine in the simualtor (where I am using proxy) So when I look in to the TCP packets : In simulator: POST https:api.twitter.com/oauth/access_token HTTP/1.1 (Absolute URL) Host: api.twitter.com authorization: OAuth oauth_consumer_key=abcdefghijklm, oauth_nonce=1262304257, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1262304256, oauth_version=1.0, oauth_signature=4vvYMzqy1BBixGRh4bpeA5xa%2BPo%3D but in target I ma getting as : POST /oauth/access_token HTTP/1.1 (Relative URL) Other than this , no other changes I have found between simulator and target. My Signature simple string : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%abcdefghijklm%26oauth_nonce %3D1262304257%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1262304256%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtest1234%26x_auth_username%3Dnareshs %2540google.com I am using the platform provided sha1-hmac algorithm which is same in target and simulator. Please help me find out the issue which is only occuring in my target. Regards, Karthik -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: XAuth 401 error
Sorry for the trouble our alignment has caused. Honestly, we should have announced we were going to harden this, but -- and really we should have learned our lesson on this -- we were operating under the assumption that OAuth clients develop to spec, which includes presenting the current epoch time in UTC seconds with every issued request. We already were enforcing that timestamps could not be more than 15 minutes old -- and in the interests of limiting potential security exploits or continued erroneous utilization of the API, we decided to enforce that timestamps must also be no more than 15 minutes ahead of our clock. So now we have balance where previously there was lopsidedness. In other news, as we've reminded developers a few times, now's a great time to make sure that all of your applications are using api.twitter.com with versioning in the path for all REST resource requests. It would be terrible to wake up some morning to find that none of your API calls work any more because you're using unsupported API end points. Taylor On Wed, Sep 1, 2010 at 12:04 PM, bjcoredev jme...@gmail.com wrote: I m agree with you On 1 sep, 20:08, mostafa farghaly keepon...@gmail.com wrote: i'm on my way to fix this, but i wonder why you didn't let us know about this change ??? On Sep 1, 8:44 pm, Steve Loft kettletoft@googlemail.com wrote: Thanks - the problem was that the library routine I used for the Unix timestamp didn't take Daylight Savings into account! Steve On Sep 1, 5:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: We have fixed a bug in our OAuth implementation that allowed timestamps in the future to be accepted. We've now corrected this such that timetsamps must be within a reasonable amount of time in cosideration to Twitter's server clocks. We return our current time in the Date HTTP header of every response. One easy way to fixate an application's clock with our servers is to issue a HTTP HEAD request tohttp:// api.twitter.com/1/help/test.xml-- it's a non-rate-limited request and will allow you to adjust your clock in relation to ours. Make sure that you're keeping to the OAuth spec and using UTC-based epoch time in seconds. Taylor On Wed, Sep 1, 2010 at 9:15 AM, Steve Loft kettletoft@googlemail.comwrote: Users of my xAuth application are also getting 401, since about 12 hours ago. Steve -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en-Masquer le texte des messages précédents - - Afficher le texte des messages précédents - -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: XAuth 401 error
Peoples' desktops are almost all Windows (90%) or MacOS X (9%). I don't know about Macs but I know for a fact that Windows XP and later desktops can be *easily* syncronized to world time via NTP - in fact, Microsoft has servers! And for the 1% outliers like me (openSUSE 11.3) there are usually desktop tools (YaST2) that make it point-and-click. As long as your users are following their desktop maker's religion about viruses, software updates, firewalls, etc., and aren't running something ancient like Windows Millenium Edition or a PowerPC Mac with a dial-up Internet connection, they should have clocks that are right as long as they're on line. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting J.D. jeremy.d.mul...@gmail.com: For desktop apps using oAuth, the timestamp issue causing 401 errors is a big problem. People's desktops have all sorts of crazy times set on them. This means now every application that uses Twitter oAuth needs to have code written to sync/modify its time with Twitter's. It's a pain. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: xAuth
Hi folks, Sorry to hear you're having trouble getting xAuth to work. First question: Have you applied for and been approved for xAuth privileges? Second question: If so, was this previously functioning for you and only now not working? Third question: Can you share, without compromising your consumer secret or logins and passwords, an example of your failing requests? (The URL you are executing, the HTTP headers you are sending, the OAuth signature base string, and any other relevant information such as HTTP method, OAuth/Twitter library being used?) Thanks, Taylor On Mon, Jul 26, 2010 at 8:18 AM, David Tavárez davidftava...@gmail.comwrote: I got the same problem. On Jul 23, 4:19 pm, DrewC drew.cogb...@smallplanet.com wrote: I'm getting a 401 when I try to usexAuthin my iPhone app. Is this occurring for others?
Re: [twitter-dev] Re: xauth token exchange failing
As far as we know this is resolved and things should be working fine. I'm not familiar with your setup so need to ask if you applied for xAuth and were granted it? If not that will be the causes of the 401. If you did what API call are you trying to make and what does your signature base string look like? (Remember to remove any secrets and passwords) Best, Matt On Fri, Jul 23, 2010 at 1:20 PM, DrewC drew.cogb...@smallplanet.com wrote: Guys- did this get resolved for you? Or are you still having issues? I'm getting a 401 error with xauth. On Jul 19, 6:10 pm, Isaiah Carew isa...@me.com wrote: OK, good to know. Just want to make sure it's not just me. Misery loves company, I guess. :-P isaiahhttp://twitter.com/isaiah On Jul 19, 2010, at 2:54 PM, Tim Davies wrote: Im getting the same isalah. Twitter are aware of the issue. its during handshake for creating new tokens and maybe linked to several other OAuth issues that came to attention this morning. Im hoping it will be fixed shortly! -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] Re: xauth token exchange failing
OK, good to know. Just want to make sure it's not just me. Misery loves company, I guess. :-P isaiah http://twitter.com/isaiah On Jul 19, 2010, at 2:54 PM, Tim Davies wrote: Im getting the same isalah. Twitter are aware of the issue. its during handshake for creating new tokens and maybe linked to several other OAuth issues that came to attention this morning. Im hoping it will be fixed shortly!
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
favorites/create should be a POST. Try: $response = $connection-post( 'favorites/create', array ('id' = $status_id ) ); Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Wed, Jun 16, 2010 at 12:57, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
Let us continue this on the issue tracker so we don't spam the list as much: http://github.com/abraham/twitteroauth/issues#issue/33 Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Wed, Jun 16, 2010 at 14:42, chiu ming luk lukchium...@gmail.com wrote: The signature base string is the following zZyk1NxKlpXZEapSszao6PCIAQM= $signature = $this-build_signature($signature_method, $consumer, $token); thanks -chiu On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com wrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
The URL to create a favorite using the API is a POST to: /1/favorites/create/id.format So in your case it would be: /1/favorites/create/16170711730.json Give that a try and let us know how it goes. I know the docs on dev.twitter.com are incorrect for this so i'll be updating them soon. On Wed, Jun 16, 2010 at 2:46 PM, chiu ming luk lukchium...@gmail.comwrote: Request = /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=6c2b0e1a7af3dd0b60680c8860e63454oauth_signature=zZyk1NxKlpXZEapSszao6PCIAQM %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276724507oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 signature base string = zZyk1NxKlpXZEapSszao6PCIAQM= $signature = $this-build_signature($signature_method, $consumer, $token); thanks -chiu On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com wrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] Re: xAuth Permissions
On Tue, Jun 1, 2010 at 10:06, jsleuth jsle...@gmail.com wrote: Abraham, is it usually a couple days from when the email is received or from the successful creation of a ticket? They should both happen within minutes of each other so my answer is yes. Abraham -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: xAuth Permissions
Really good question! Maybe there should be a diff way to request access, like a separate category in the why are you contacting us drop-down on the support ticketing system. Just a thought. J On Jun 1, 2010, at 12:55 PM, jsleuth wrote: Well played. :-) However, I fear the issue I'm facing is that no service ticket is being created when I submit my request-- the twitter ticket system says that I do not have access to request my ticket (and that it 'may' have been deleted). Is a ticket automatically created when I send an email to a...@twitter.com (even if I am told I can't access it and it probably doesn't exist)? Another way to ask the same question is, can I be confident that twitter will respond to one of my sent requests or should I keep sending requests until I successfully create a ticket? thx, Jeff On Jun 1, 1:15 pm, Abraham Williams 4bra...@gmail.com wrote: On Tue, Jun 1, 2010 at 10:06, jsleuth jsle...@gmail.com wrote: Abraham, is it usually a couple days from when the email is received or from the successful creation of a ticket? They should both happen within minutes of each other so my answer is yes. Abraham -- Abraham Williams | Developer for hire |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: xAuth Permissions
Hey Everyone! We know there are some issues with tickets right now -- they aren't being lost, but the conversion to our new version of the help center has not been without some hiccups. We have a very large backlog of xAuth requests right now and only very few resources available to process the queue. They'll be handled as quickly as we can. Can any of you see your pending tickets on this page? http://support.twitter.com/tickets Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Jun 1, 2010 at 1:04 PM, jsleuth jsle...@gmail.com wrote: Yeah, Jann, exactly. Something along those lines would be great. At least I wouldn't be flooding their inbox with redundant requests out of concern that my request went into a black hole... JS On Jun 1, 4:00 pm, Jann Gobble janngob...@gmail.com wrote: Really good question! Maybe there should be a diff way to request access, like a separate category in the why are you contacting us drop-down on the support ticketing system. Just a thought. J On Jun 1, 2010, at 12:55 PM, jsleuth wrote: Well played. :-) However, I fear the issue I'm facing is that no service ticket is being created when I submit my request-- the twitter ticket system says that I do not have access to request my ticket (and that it 'may' have been deleted). Is a ticket automatically created when I send an email to a...@twitter.com (even if I am told I can't access it and it probably doesn't exist)? Another way to ask the same question is, can I be confident that twitter will respond to one of my sent requests or should I keep sending requests until I successfully create a ticket? thx, Jeff On Jun 1, 1:15 pm, Abraham Williams 4bra...@gmail.com wrote: On Tue, Jun 1, 2010 at 10:06, jsleuth jsle...@gmail.com wrote: Abraham, is it usually a couple days from when the email is received or from the successful creation of a ticket? They should both happen within minutes of each other so my answer is yes. Abraham -- Abraham Williams | Developer for hire |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: xAuth Permissions
Taylor, I only see the second one. The first: 1008949 is lost in the ether. Again, here is the issue: We email a request to api@ from whatever email address.. A support request confirmation comes back to us with a link that forces us to log in. When we log in, ticket searches are limited only to tickets for that account, with no way to search for tickets from a specific email address. That is my problem with the above ticket. Yes, the second ticket: 1009858 shows up under my login (cos i created it through the support site. Can someone there assign it to the API@ queue? Thanks! Jann On Jun 1, 2010, at 1:08 PM, Taylor Singletary wrote: Hey Everyone! We know there are some issues with tickets right now -- they aren't being lost, but the conversion to our new version of the help center has not been without some hiccups. We have a very large backlog of xAuth requests right now and only very few resources available to process the queue. They'll be handled as quickly as we can. Can any of you see your pending tickets on this page? http://support.twitter.com/tickets Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Jun 1, 2010 at 1:04 PM, jsleuth jsle...@gmail.com wrote: Yeah, Jann, exactly. Something along those lines would be great. At least I wouldn't be flooding their inbox with redundant requests out of concern that my request went into a black hole... JS On Jun 1, 4:00 pm, Jann Gobble janngob...@gmail.com wrote: Really good question! Maybe there should be a diff way to request access, like a separate category in the why are you contacting us drop-down on the support ticketing system. Just a thought. J On Jun 1, 2010, at 12:55 PM, jsleuth wrote: Well played. :-) However, I fear the issue I'm facing is that no service ticket is being created when I submit my request-- the twitter ticket system says that I do not have access to request my ticket (and that it 'may' have been deleted). Is a ticket automatically created when I send an email to a...@twitter.com (even if I am told I can't access it and it probably doesn't exist)? Another way to ask the same question is, can I be confident that twitter will respond to one of my sent requests or should I keep sending requests until I successfully create a ticket? thx, Jeff On Jun 1, 1:15 pm, Abraham Williams 4bra...@gmail.com wrote: On Tue, Jun 1, 2010 at 10:06, jsleuth jsle...@gmail.com wrote: Abraham, is it usually a couple days from when the email is received or from the successful creation of a ticket? They should both happen within minutes of each other so my answer is yes. Abraham -- Abraham Williams | Developer for hire |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: xAuth Permissions
I'll see what I can do about getting the other ticket assigned correctly -- As a general rule/advice, always send your support requests to a...@twitter.com from the email address of the account associated with the applications you are trying to whitelist -- for this reason, among others (it makes it much easier to verify your identity, ownership of an application, and assures us the right contact path to complete the request). Be as crystal clear as possible as to what application you want whitelisted, what devices/platforms your application runs on, and why xAuth is the right choice for your application. At this time, whitelisting is only available for native mobile applications (non-web based), and desktop applications. Short-term access to xAuth for bulk conversion of logins and passwords are considered as well for web-based applications in good standing, with the understanding that all stored logins and passwords will be purged once the conversion is complete. There are many ways we can make this process easier on you, but we don't have the resources right now to revolutionize the API grants/whitelisting process to maximum efficiency. Jeff -- Yes all tickets have been received, they are just masked by the current kinks in the system. Our support team will process and reply to all requests as timely as possible. Thanks for your patience everyone. Taylor On Tue, Jun 1, 2010 at 1:16 PM, Jann Gobble janngob...@gmail.com wrote: Taylor, I only see the second one. The first: 1008949 is lost in the ether. Again, here is the issue: We email a request to api@ from whatever email address.. A support request confirmation comes back to us with a link that forces us to log in. When we log in, ticket searches are limited only to tickets for that account, with no way to search for tickets from a specific email address. That is my problem with the above ticket. Yes, the second ticket: 1009858 shows up under my login (cos i created it through the support site. Can someone there assign it to the API@ queue? Thanks! Jann On Jun 1, 2010, at 1:08 PM, Taylor Singletary wrote: Hey Everyone! We know there are some issues with tickets right now -- they aren't being lost, but the conversion to our new version of the help center has not been without some hiccups. We have a very large backlog of xAuth requests right now and only very few resources available to process the queue. They'll be handled as quickly as we can. Can any of you see your pending tickets on this page? http://support.twitter.com/tickets Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Jun 1, 2010 at 1:04 PM, jsleuth jsle...@gmail.com wrote: Yeah, Jann, exactly. Something along those lines would be great. At least I wouldn't be flooding their inbox with redundant requests out of concern that my request went into a black hole... JS On Jun 1, 4:00 pm, Jann Gobble janngob...@gmail.com wrote: Really good question! Maybe there should be a diff way to request access, like a separate category in the why are you contacting us drop-down on the support ticketing system. Just a thought. J On Jun 1, 2010, at 12:55 PM, jsleuth wrote: Well played. :-) However, I fear the issue I'm facing is that no service ticket is being created when I submit my request-- the twitter ticket system says that I do not have access to request my ticket (and that it 'may' have been deleted). Is a ticket automatically created when I send an email to a...@twitter.com (even if I am told I can't access it and it probably doesn't exist)? Another way to ask the same question is, can I be confident that twitter will respond to one of my sent requests or should I keep sending requests until I successfully create a ticket? thx, Jeff On Jun 1, 1:15 pm, Abraham Williams 4bra...@gmail.com wrote: On Tue, Jun 1, 2010 at 10:06, jsleuth jsle...@gmail.com wrote: Abraham, is it usually a couple days from when the email is received or from the successful creation of a ticket? They should both happen within minutes of each other so my answer is yes. Abraham -- Abraham Williams | Developer for hire |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: xAuth Permissions
On Tue, 1 Jun 2010 13:08:12 -0700 Taylor Singletary taylorsinglet...@twitter.com wrote: Hey Everyone! We know there are some issues with tickets right now -- they aren't being lost, but the conversion to our new version of the help center has not been without some hiccups. We have a very large backlog of xAuth requests right now and only very few resources available to process the queue. They'll be handled as quickly as we can. Can any of you see your pending tickets on this page? http://support.twitter.com/tickets yes I can see mine. It contains the email I sent. -- Bernd Stramm bernd.str...@gmail.com
Re: [twitter-dev] Re: xAuth problems
Great Fernando, I'm glad you got it figured it out! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 9:26 PM, Fernando Olivares aeris@gmail.comwrote: Got it. The signatureBaseString has to include the parameters, so after the oauth version I was missing the x_auth_mode and the other 2 parameters. Thanks for your help!
Re: [twitter-dev] Re: xAuth Approval?
On Thu, Apr 29, 2010 at 03:17, Ivo ivo.wet...@googlemail.com wrote: Also I can't find the word Browser in Twitter Client, and what's so secure about the Browser anyway? There's no reason to trust it! It's just another program, like the Twitter Client of your choice is too. Or can you make Mozilla responsible if someone gets his Accounts hacked while using Firefox? :P How is Google Chrome, a browser built by one of the largest corporations on the planet based off an open source project of which I can audit the code anytime I wish, not more trustworthy than Generic Twitter Client 5000™ built by Bob in his mom's basement? Abraham -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: xauth error -1012
Yes, a...@twitter.com granted my app for xAuth... Any suggestion on what I should do to fix the issue? I did all I can and I'm STUCK at the point. A little easy googling (for NSURLErrorDomain error 1012) turned up http://stackoverflow.com/questions/501231/can-i-use-nsurlcredentialstorage-for-http-basic-authentication, which might be helpful for you. Also, again, some very easy searching in the Xcode docs yields NSURLErrorDomain error -1012 as: NSURLErrorUserCancelledAuthentication Returned when an asynchronous request for authentication is cancelled by the user. This is typically incurred by clicking a “Cancel” button in a username/password dialog, rather than the user making an attempt to authenticate. So it looks like you're getting an auth request in the http response and you're not handling it correctly / at all. So either the auth request is incorrect -- in which case you should probably post the full http request and response to this list -- or you need to handle it. (If you don't know how to handle it, and you can't figure it out from the docs, it's probably a question better suited for an iPhone dev list.) -josh On Apr 20, 1:27 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Sae, Have you received approval for using xAuth in your application yet by emailing a...@twitter.com ? I'm not familiar enough with Objective-C to understand the error, but your signature base string and authorization header look otherwise correct on first glance. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 1:13 PM, sae twitp...@gmail.com wrote: Hi, I just set up my application for xauth and started testing. It keeps failing with error message: Error Domain=NSURLErrorDomain Code=-1012 UserInfo=0x268d70 Operation could not be completed. (NSURLErrorDomain error -1012.) What is this error? Is anything wrong with my app setting, or my parameter may not be correct? Any clue will be really appreciated... Here is the copy of signature-base-string and authorization header, which all look ok to me: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dxx%26oauth_nonce %3D684B1D0C-4276-47BD-9A43-C31FDDD0DD8A%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1271708678%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dxx %26x_auth_username%3Dy OAuth realm=\\, oauth_consumer_key=\\, oauth_signature_method=\HMAC-SHA1\, oauth_signature=\rg5s%2BW8wMxSx5MJt0wV3idqjriI%3D\, oauth_timestamp=\1271708678\, oauth_nonce=\684B1D0C-4276-47BD-9A43-C31FDDD0DD8A\, oauth_version=\1.0\; -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: xAuth
Hi Berto, I can confirm that using POST operations over HTTPs will work for XAuth. Your URL should only contain: https://api.twitter.com/oauth/access_token Your signature base string should contain the x_auth_* parameters. Your authorization string should not contain the x_auth_* parameters. Here's a replay of a successful request: Full Request URI: https://api.twitter.com/oauth/access_token Signature Base String: POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3Dri8JxxxdwSV5xIUfNNvQ%26oauth_nonce%3DNI14r4hzKMlslKakhjeOaHoIeWw53ZMeTJb4zAaZh2o%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1267826670%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%Dxxx%26x_auth_username%3De Example response: oauth_token=1234-torCkTs0XK7H2Y2i1ee5iofXyzp7aayeEXRTmlwoauth_token_secret=Xyz0gOZHNQKPooBiWCZRY81klwS3kLZGa2wcuser_id=1234screen_name=ex_auth_expires=0 Keep in mind that your signing secret will not include an oauth_token_secret, so will be the equivalent of {consumer_secret} Taylor On Fri, Mar 5, 2010 at 12:09 PM, Berto mstbe...@gmail.com wrote: Three days and I still can't get this to work. I even tried switching over to GET instead of POST and it tells me Failed to validate oauth signature and token. This is fully functional for regular oauth. Signature Base String is: Signature Base String: Signature Base String: GEThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DCONSUMER KEY%26oauth_nonce %3D1267819560%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1267819217%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dpass%26x_auth_username%3Duser I'm sending oauth parameters via the Authorization header and the three xAuth parameters as GET parameters (? x_auth_username=userx_auth_pass=passx_auth_mode=client_auth). It appears as though everyone who had oauth working before had an easy transition so I'm just a little curious why mine isn't working when I literally have only changed the URL and three parameters. I've verified this is going over SSL as well. Any help is appreciated. Thanks. On Mar 4, 3:34 pm, Anton Krasovsky anton.krasov...@gmail.com wrote: In case if anyone's interested (though I doubt there are many Erlang'ers on the list), I just addedxAuthsupport to twerl. http://github.com/ak1394/twerl Regards, Anton On Wed, Mar 3, 2010 at 4:57 PM, Berto mstbe...@gmail.com wrote: Raffi, Can you comment on the first part of Marc's last reply? Thanks! On Mar 3, 9:24 am, Marc Mims marc.m...@gmail.com wrote: * Berto mstbe...@gmail.com [100303 06:42]: Isn't that using a GET request versus the docs saying POST? And I thought parameters were supposed to be normalized except for signature which gets attached at the end? Hmmm. I completely missed the fact that the documentation specifies POST. I used GET and it worked. When I use a POST, I get a 401. Doc bug? The order you *send* the parameters doesn't matter---the order of the base string used for generating the signature does. The underlying libraries I use assemble the parameters in an arbitrary order. Generation of the signature is a separate call and builds it's own base string from a hash (associative array). @semifor
Re: [twitter-dev] Re: xAuth
In case if anyone's interested (though I doubt there are many Erlang'ers on the list), I just added xAuth support to twerl. http://github.com/ak1394/twerl Regards, Anton On Wed, Mar 3, 2010 at 4:57 PM, Berto mstbe...@gmail.com wrote: Raffi, Can you comment on the first part of Marc's last reply? Thanks! On Mar 3, 9:24 am, Marc Mims marc.m...@gmail.com wrote: * Berto mstbe...@gmail.com [100303 06:42]: Isn't that using a GET request versus the docs saying POST? And I thought parameters were supposed to be normalized except for signature which gets attached at the end? Hmmm. I completely missed the fact that the documentation specifies POST. I used GET and it worked. When I use a POST, I get a 401. Doc bug? The order you *send* the parameters doesn't matter---the order of the base string used for generating the signature does. The underlying libraries I use assemble the parameters in an arbitrary order. Generation of the signature is a separate call and builds it's own base string from a hash (associative array). @semifor
Re: [twitter-dev] Re: xAuth
* Berto mstbe...@gmail.com [100303 06:42]: Isn't that using a GET request versus the docs saying POST? And I thought parameters were supposed to be normalized except for signature which gets attached at the end? Hmmm. I completely missed the fact that the documentation specifies POST. I used GET and it worked. When I use a POST, I get a 401. Doc bug? The order you *send* the parameters doesn't matter---the order of the base string used for generating the signature does. The underlying libraries I use assemble the parameters in an arbitrary order. Generation of the signature is a separate call and builds it's own base string from a hash (associative array). @semifor
Re: [twitter-dev] Re: xAuth
Try passing in nil as the token. The access token request should be similar to how you used to perform the request token request. The best explanation (and they one that helped me) is from Steve Reynolds: http://ke-we.net/7u isaiah http://twitter.com/isaiah On Mar 1, 2010, at 1:26 PM, Berto wrote: Hey Isaiah, What do you mean by default token? I'm working on getting xAuth implemented, but I seem to get a 401 even though I received an email I was approved. I've tried using a token I get from request_token (which from your reply, doesn't seem like I need to be doing) and not passing a token at all. On Feb 27, 1:45 pm, Isaiah Carew isa...@me.com wrote: i did manage to get xauth working this morning thanks to @SteveReynolds. the big epiphany (Steve's, not mine) was that there is no token exchange at all. in fact you don't even seem to need to acquire a request token ever. you simply jump directly to the auth token request and pass in your default token. it seems to make sense to me now, it was just a leap that i didn't make on my own. i just thought i'd post this in case anyone else out there is stuck too. when it's a bit more cleaned up, i'll post my results to github. isaiahhttp://twitter.com/isaiah On Feb 27, 2010, at 9:37 AM, Aral Balkan wrote: Like a n00b, I didn't include the id of my app in my original support request (I hadn't registered it since I wasn't using oAuth previously) and so it looks like I've missed the initial boat :( Got a message back asking for my app id so I registered Feathers and got back to the ticket but apparently the Twitter helpdesk/zendesk is down (http://help.twitter.com) so not sure if my ticket was updated. Would really appreciate it if anyone can look into the ticket (Ticket #863920) Thanks :) Aral On Sat, Feb 27, 2010 at 6:47 AM, Isaiah Carew isa...@me.com wrote: So, I received the xAuth green light. Yeah!!! Unfortunately, the email was not very detailed about which app was enabled (I have 3). (and for the record I was very detailed in my request about which one I was requesting access for). snip
Re: [twitter-dev] Re: xAuth
* Berto mstbe...@gmail.com [100302 13:28]: At first I thought this might be because HttpURLConnection wasn't handling SSL, but then I switched over to HttpPost (this code is in Java) which I know will handle SSL and I'm still getting a 401. I'm doing everything the same as with oauth, except passing the request token (I'm not even getting a request token any more) and I'm passing the x_auth_* parameters as regular parameters in the POST body. The three x_auth_* parameters are my only parameters and the normal OAuth header is in the Authorization field. I'm POSTing to the new access URL as specified in the xAuth docs with no success . Thoughts anyone? I feel like such a noob asking for so much help with oAuth/xAuth :\. I have successfully implemented xAuth in the Perl Net::Twitter library. Here's what a Net::Twitter generated xAuth request looks like: GET https://twitter.com/oauth/access_token?oauth_consumer_key=CONSUMER_KEYoauth_nonce=t7exD9FGmYkMfi0PIYGdlXnlF04oauth_signature=E3ef0zZ%2B%2Btnaf7tQdTDu2znFyjI%3Doauth_signature_method=HMAC-SHA1oauth_timestamp=1267565624oauth_version=1.0x_auth_mode=client_authx_auth_password=secretx_auth_username=fred User-Agent: Net::Twitter/3.11008 (Perl) X-Twitter-Client: Perl Net::Twitter X-Twitter-Client-URL: http://search.cpan.org/dist/Net-Twitter/ X-Twitter-Client-Version: 3.11008 For this example, I used: consumer_key= 'CONSUMER_KEY' consumer_secret = 'CONSUMER_SECRET' x_auth_username = 'fred' x_auth_secret = 'secret' Hope this helps. @semifor