I have done some more digging around (WireShark is amazing!) and I
have gotten past a big initial hurdle: I was building the signature
base string wrong (building it, then setting more parameters, which
should have been part of the base string in the first place).
As a sanity check, at this point my code can, using xAuth, post
twitter status updates.
But I'm incredibly confused as to what I need to send to twaud.io's
server. It says x_verify_credentials_authorization should contain the
Authorization header.
That authorization header is built with a base string of
POSThttp[All those oauth_* params and the encoded twaud.io params]
but if the base string is supposed to include all the post form
parameters, x_auth_service_provider and
x_verify_credentials_authorization are form parameters, but I can't
include authorization, since that is defined as something that
contains the output of this whole thing.
So what SHOULD be in the base string's params? I tried just putting
in everything except the x_verify_credentials_authorization and
x_auth_service_provider and get the very opaque 403 Forbidden / Not
Authorized.
I mean, the account is Authorized by twaud.io and twitter, and we have
an xAuth token from twitter, so that doesn't seem very informative.
Here's a sample base string:
POSThttp%3A%2F%2Ftwaud.io%2Fapi%2Fv2%2Fupload.jsonoauth_consumer_key%3DofEzSNkKNMzu4ANhII5g%26oauth_nonce%3D8BE06737-9C9C-4EB1-A3B7-CDFCDAD7DF13%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1298633580%26oauth_token%3D257264155-voUkUaayPjhrtW4a1Aid2lS2LshC5JDIM9p2LMXO%26oauth_version%3D1.0%26sound%255Bmessage%255D%3DTESTING123
containing POST, then http:// (tried https as well, but http is
helpful while debugging), the all the oauth_* params, then
sound[message].
One thing that jumps out at me is that I'm not sure what to do about
the sound[file] part, as that parameter is a multipart encoded thing,
not just another normal post parameter. Maybe that has to be part of
the base string?
On Thu, Feb 24, 2011 at 6:43 AM, Matt Harris thematthar...@twitter.com wrote:
Hi Seth,
Twaud.io isn't part of the Twitter API but i'll try and help you anyway.
The first thing to note is the Headers should be of the
format X-Verify-Credentials-Authorization. The
x_verify_credentials_authorization is mentioned because Twaud.io supports the
OAuth Echo parameters in the header or POST body.
Looking at your sample X-Verify-Credentials-Authorization I notice you are
sending the realm as http://api.twitter.com . What i'm wondering is whether
you are sending the X-Auth-Service-Provider
as https://api.twitter.com/1/account/verify_credentials.json . According to
the twaud.io API documentation the X-Auth-Service-Provider must be:
https://api.twitter.com/1/account/verify_credentials.json
If you change the protocol to http, or use .xml instead of .json, the request
will not succeed. Double check that the verify_credentials request fits that
pattern. The other thing to ensure is the request to verify_credentials isn't
being sent to the Twitter API servers by your application. If the request is
being sent, the OAuth Echo provider cannot use it.
Check those things out and let us know how it goes,
Best,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris
On Mon, Feb 21, 2011 at 2:57 AM, Seth seth.delack...@gmail.com wrote:
I've tried discussing with the author of twaud.io, but he says he
doesn't really have time to look. I've tried sending even a minimal
test iPhone app Xcode project to twitter api support, but a week later
no response.
Our app is xAuth authorized, the app sends the username and password
and gets a token, we produce all the intended headers and post up to
twaud.io's api as described at twaud.io/api and yet just get the below
totally opaque response:
response: HTTP/1.1 403 Forbidden / Not Authorized
Made sure that the twitter account I used for testing has given both
our app and twaud.io read/write authorization.
Here's a sample of what I am putting in X-Verify-Credentials-
Authorization (which we've tried naming that way and also, per the
twaud.io api page, x_verify_credentials_authorization). We've also
tried sending the value as either post values or as a request header:
OAuth realm=http%3A%2F%2Fapi.twitter.com,
oauth_consumer_key=ofEzSNkKNMzu4ANhII5g,
oauth_token=123520286-U3RXmbgPPF0i4lDkVBdSCx9MEJhHMu8KvzAyosXI,
oauth_signature_method=HMAC-SHA1,
oauth_signature=9Z5VMPeL4QoGHCtpiMcUxF%2FPiXI%3D,
oauth_timestamp=1297141216,
oauth_nonce=A20C6AB4-AAF9-46A5-B1F0-574A5BD3B538,
oauth_version=1.0
I would be more than happy to send a minimal Xcode project to anyone
who is willing to try running it in the iOS simulator.
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change