Re: [twitter-dev] Re: twitter keeps refusing my token request
Thanks for finding that, but twitter still refuses it basestring: POSThttp%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest%5Ftokenoauth_consumer_key%3DdHbWZ6idD9VEuQ5tNUufA%26oauth_nonce%3D6739551275477403%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275477403%26oauth_version%3D1.0 authorization tag: Authorization: OAuth oauth_consumer_key=dHbWZ6idD9VEuQ5tNUufA, oauth_nonce=6739551275477403, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1275477403, oauth_version=1.0, oauth_signature=jRYBO%2B1Nh88v3YrJgCGl5vHpAh4%3D 2010/6/2 Ramy Daghstani ramy.daghst...@gmail.com i double checked the encryption of your base string against your consumer key and your consumer secret and everything seems in order. except your base string has enoauth_consumer_key=dHbWZ6id when it should be enoauth_consumer_key%3DdHbWZ6id byebye r.d. On Tue, 2010-06-01 at 20:30 -0700, arthurprs wrote: Nevermind, sooner after posting this i found - Twitter requires that all OAuth requests be signed using the HMAC-SHA1 algorithm But i can't get it to work with hmac either :/ CONSUMERKEY = 'dHbWZ6idD9VEuQ5tNUufA'; CONSUMERSECRET = '5ZzUafGDoFcAqOEubv3TAa01xb0Z326NMK6fLLrmk0'; basestring: POSThttp%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest %5Ftokenoauth_consumer_key=dHbWZ6idD9VEuQ5tNUufA%26oauth_nonce %3D248256711275449040%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1275449040%26oauth_version%3D1.0 authorization tag: Authorization: OAuth oauth_consumer_key=dHbWZ6idD9VEuQ5tNUufA, oauth_nonce=248256711275449040, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1275449040, oauth_version=1.0, oauth_signature=SaG5KExe2frRkFMvZjJqHoZEp%2Bk%3D Someone can spot the problem? Thanks in advance Arthur.
Re: [twitter-dev] Re: twitter keeps refusing my token request
You are right, the encoded _ was the problem. Thank you very much, now i can move to the other requests ^^ Arthur. 2010/6/2 Taylor Singletary taylorsinglet...@twitter.com Hi Arthur, Unrelated: recommend using SSL for all the OAuth dance operations like request_token, access_token, and authorize Is there any chance you are providing the OAuth-related parameters as query parameters in addition to providing them in the HTTP header? Have you compared the timestamp you are using to the datetime Twitter sends on each response in HTTP headers (up to around a 5 minute variance is tolerated). Also, and likely the culprit, underscore is not a reserved character in OAuth -- I notice in your base string your are percent-encoding it in the request_token part of your path -- you should be sending that without any kind of encoding (instead of %5F). Taylor On Wed, Jun 2, 2010 at 4:22 AM, Arthur Pires arthur...@gmail.com wrote: Thanks for finding that, but twitter still refuses it basestring: POSThttp%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest%5Ftokenoauth_consumer_key%3DdHbWZ6idD9VEuQ5tNUufA%26oauth_nonce%3D6739551275477403%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275477403%26oauth_version%3D1.0 authorization tag: Authorization: OAuth oauth_consumer_key=dHbWZ6idD9VEuQ5tNUufA, oauth_nonce=6739551275477403, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1275477403, oauth_version=1.0, oauth_signature=jRYBO%2B1Nh88v3YrJgCGl5vHpAh4%3D 2010/6/2 Ramy Daghstani ramy.daghst...@gmail.com i double checked the encryption of your base string against your consumer key and your consumer secret and everything seems in order. except your base string has enoauth_consumer_key=dHbWZ6id when it should be enoauth_consumer_key%3DdHbWZ6id byebye r.d. On Tue, 2010-06-01 at 20:30 -0700, arthurprs wrote: Nevermind, sooner after posting this i found - Twitter requires that all OAuth requests be signed using the HMAC-SHA1 algorithm But i can't get it to work with hmac either :/ CONSUMERKEY = 'dHbWZ6idD9VEuQ5tNUufA'; CONSUMERSECRET = '5ZzUafGDoFcAqOEubv3TAa01xb0Z326NMK6fLLrmk0'; basestring: POSThttp%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest %5Ftokenoauth_consumer_key=dHbWZ6idD9VEuQ5tNUufA%26oauth_nonce %3D248256711275449040%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1275449040%26oauth_version%3D1.0 authorization tag: Authorization: OAuth oauth_consumer_key=dHbWZ6idD9VEuQ5tNUufA, oauth_nonce=248256711275449040, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1275449040, oauth_version=1.0, oauth_signature=SaG5KExe2frRkFMvZjJqHoZEp%2Bk%3D Someone can spot the problem? Thanks in advance Arthur.
[twitter-dev] Using oauth in a desktop app
After some work (and some help from the group) my implementation works, but... The QUEST to get an access token 1. app gets a request token from twitter 2. user clicks a button on the ap 3. app opens a twitter page, user types username/password 4. twitter gives user a PIN 5. user use this PIN in the application 6. GREAT, finally app exchange the request token for an access token This token belongs to who? I mean, i don't even know his username! The user will have to repeat the steps above *every time*? I have no idea on how to fit oauth in a real application, i'm probably missing something :/ Thanks in advance. Arthur.
Re: [twitter-dev] Using oauth in a desktop app
Thanks for clarifying ^^ Arthur. 2010/6/2 Taylor Singletary taylorsinglet...@twitter.com Hi Arthur, Indeed it is a Quest. You don't need to do this entire round trip every single time. In Twitter's OAuth implementation, when we respond with the access token to you in the access token step, we also include the screen_name and id of the user. You in turn should store the id, screen_name, oauth_token, and oauth_token_secret for the user in whatever representation you like. Then, you use the access token to perform your resource-based API calls from that point forward. You only need to do the whole OAuth song dance once for each user (or until the access token is revoked by the user, or if you otherwise want to validate identity for some reason). Some OAuth libraries make it difficult to consume the additional query parameters returned to you in the access token step. If this is the case, you can make your first API call to http://api.twitter.com/1/account/verify_credentials.json or .xml, which will return information you need about the user in a format you can easily consume. Taylor On Wed, Jun 2, 2010 at 1:19 PM, Arthur Pires arthur...@gmail.com wrote: After some work (and some help from the group) my implementation works, but... The QUEST to get an access token 1. app gets a request token from twitter 2. user clicks a button on the ap 3. app opens a twitter page, user types username/password 4. twitter gives user a PIN 5. user use this PIN in the application 6. GREAT, finally app exchange the request token for an access token This token belongs to who? I mean, i don't even know his username! The user will have to repeat the steps above *every time*? I have no idea on how to fit oauth in a real application, i'm probably missing something :/ Thanks in advance. Arthur.
