Re: [twitter-dev] twaud.io api: anyone manage to get it working?
I have done some more digging around (WireShark is amazing!) and I have gotten past a big initial hurdle: I was building the signature base string wrong (building it, then setting more parameters, which should have been part of the base string in the first place). As a sanity check, at this point my code can, using xAuth, post twitter status updates. But I'm incredibly confused as to what I need to send to twaud.io's server. It says x_verify_credentials_authorization should contain the Authorization header. That authorization header is built with a base string of POSThttp[All those oauth_* params and the encoded twaud.io params] but if the base string is supposed to include all the post form parameters, x_auth_service_provider and x_verify_credentials_authorization are form parameters, but I can't include authorization, since that is defined as something that contains the output of this whole thing. So what SHOULD be in the base string's params? I tried just putting in everything except the x_verify_credentials_authorization and x_auth_service_provider and get the very opaque 403 Forbidden / Not Authorized. I mean, the account is Authorized by twaud.io and twitter, and we have an xAuth token from twitter, so that doesn't seem very informative. Here's a sample base string: POSThttp%3A%2F%2Ftwaud.io%2Fapi%2Fv2%2Fupload.jsonoauth_consumer_key%3DofEzSNkKNMzu4ANhII5g%26oauth_nonce%3D8BE06737-9C9C-4EB1-A3B7-CDFCDAD7DF13%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1298633580%26oauth_token%3D257264155-voUkUaayPjhrtW4a1Aid2lS2LshC5JDIM9p2LMXO%26oauth_version%3D1.0%26sound%255Bmessage%255D%3DTESTING123 containing POST, then http:// (tried https as well, but http is helpful while debugging), the all the oauth_* params, then sound[message]. One thing that jumps out at me is that I'm not sure what to do about the sound[file] part, as that parameter is a multipart encoded thing, not just another normal post parameter. Maybe that has to be part of the base string? On Thu, Feb 24, 2011 at 6:43 AM, Matt Harris thematthar...@twitter.com wrote: Hi Seth, Twaud.io isn't part of the Twitter API but i'll try and help you anyway. The first thing to note is the Headers should be of the format X-Verify-Credentials-Authorization. The x_verify_credentials_authorization is mentioned because Twaud.io supports the OAuth Echo parameters in the header or POST body. Looking at your sample X-Verify-Credentials-Authorization I notice you are sending the realm as http://api.twitter.com . What i'm wondering is whether you are sending the X-Auth-Service-Provider as https://api.twitter.com/1/account/verify_credentials.json . According to the twaud.io API documentation the X-Auth-Service-Provider must be: https://api.twitter.com/1/account/verify_credentials.json If you change the protocol to http, or use .xml instead of .json, the request will not succeed. Double check that the verify_credentials request fits that pattern. The other thing to ensure is the request to verify_credentials isn't being sent to the Twitter API servers by your application. If the request is being sent, the OAuth Echo provider cannot use it. Check those things out and let us know how it goes, Best, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Mon, Feb 21, 2011 at 2:57 AM, Seth seth.delack...@gmail.com wrote: I've tried discussing with the author of twaud.io, but he says he doesn't really have time to look. I've tried sending even a minimal test iPhone app Xcode project to twitter api support, but a week later no response. Our app is xAuth authorized, the app sends the username and password and gets a token, we produce all the intended headers and post up to twaud.io's api as described at twaud.io/api and yet just get the below totally opaque response: response: HTTP/1.1 403 Forbidden / Not Authorized Made sure that the twitter account I used for testing has given both our app and twaud.io read/write authorization. Here's a sample of what I am putting in X-Verify-Credentials- Authorization (which we've tried naming that way and also, per the twaud.io api page, x_verify_credentials_authorization). We've also tried sending the value as either post values or as a request header: OAuth realm=http%3A%2F%2Fapi.twitter.com, oauth_consumer_key=ofEzSNkKNMzu4ANhII5g, oauth_token=123520286-U3RXmbgPPF0i4lDkVBdSCx9MEJhHMu8KvzAyosXI, oauth_signature_method=HMAC-SHA1, oauth_signature=9Z5VMPeL4QoGHCtpiMcUxF%2FPiXI%3D, oauth_timestamp=1297141216, oauth_nonce=A20C6AB4-AAF9-46A5-B1F0-574A5BD3B538, oauth_version=1.0 I would be more than happy to send a minimal Xcode project to anyone who is willing to try running it in the iOS simulator. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change
Re: [twitter-dev] twaud.io api: anyone manage to get it working?
Some more debug output for completeness:
Since this is multipart form data, the oauth signature base string
would be just
httpMethod + +
url_encode( base_uri ) + +
sorted_query_params.each { | k, v |
url_encode ( k ) + %3D +
url_encode ( v )
}.join(%26)
where the params is just oauth_* stuff (not the POST params, since we
aren't url-encoded)
so something like:
POSThttp%3A%2F%2Ftwaud.io%2Fapi%2Fv2%2Fupload.jsonoauth_consumer_key%3DofEzSNkKNMzu4ANhII5g%26oauth_nonce%3D0F9ABB3E-1CC9-4124-8BDF-DEDA50AE5A6B%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1298635432%26oauth_token%3D257264155-voUkUaayPjhrtW4a1Aid2lS2LshC5JDIM9p2LMXO%26oauth_version%3D1.0
(I've tried both https and http, yes being careful to make all the
various urls use the same one)
Here for instance is the WireShark output for my multipart fields:
MIME Multipart Media Encapsulation, Type: multipart/form-data,
Boundary: 0xKhTmLbOuNdArY
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name=x_auth_service_provider
http://api.twitter.com/1/account/verify_credentials.json
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name=x_verify_credentials_authorization
OAuth realm=, oauth_consumer_key=ofEzSNkKNMzu4ANhII5g,
oauth_token=257264155-voUkUaayPjhrtW4a1Aid2lS2LshC5JDIM9p2LMXO,
oauth_signature_method=HMAC-SHA1,
oauth_signature=vKxokk1Yqi4OCE%2B5GBIjw/Q2/G0%3D,
oauth_timestamp=1298635367,
oauth_nonce=F8FF0143-97B2-4693-9EA0-4D96297F1194,
oauth_version=1.0
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name=sound[message]
Testing ECHO
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name=sound[file];
filename=StrumStage_Song.m4a
Content-Type: application/octet-stream
ftypM4A M4A mp42[elided for brevity. lots of text]
--0xKhTmLbOuNdArY--
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] twaud.io api: anyone manage to get it working?
Hi Seth, Twaud.io isn't part of the Twitter API but i'll try and help you anyway. The first thing to note is the Headers should be of the format X-Verify-Credentials-Authorization. The x_verify_credentials_authorization is mentioned because Twaud.io supports the OAuth Echo parameters in the header or POST body. Looking at your sample X-Verify-Credentials-Authorization I notice you are sending the realm as http://api.twitter.com . What i'm wondering is whether you are sending the X-Auth-Service-Provider as https://api.twitter.com/1/account/verify_credentials.json . According to the twaud.io API documentation the X-Auth-Service-Provider must be: https://api.twitter.com/1/account/verify_credentials.json If you change the protocol to http, or use .xml instead of .json, the request will not succeed. Double check that the verify_credentials request fits that pattern. The other thing to ensure is the request to verify_credentials isn't being sent to the Twitter API servers by your application. If the request is being sent, the OAuth Echo provider cannot use it. Check those things out and let us know how it goes, Best, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Mon, Feb 21, 2011 at 2:57 AM, Seth seth.delack...@gmail.com wrote: I've tried discussing with the author of twaud.io, but he says he doesn't really have time to look. I've tried sending even a minimal test iPhone app Xcode project to twitter api support, but a week later no response. Our app is xAuth authorized, the app sends the username and password and gets a token, we produce all the intended headers and post up to twaud.io's api as described at twaud.io/api and yet just get the below totally opaque response: response: HTTP/1.1 403 Forbidden / Not Authorized Made sure that the twitter account I used for testing has given both our app and twaud.io read/write authorization. Here's a sample of what I am putting in X-Verify-Credentials- Authorization (which we've tried naming that way and also, per the twaud.io api page, x_verify_credentials_authorization). We've also tried sending the value as either post values or as a request header: OAuth realm=http%3A%2F%2Fapi.twitter.com, oauth_consumer_key=ofEzSNkKNMzu4ANhII5g, oauth_token=123520286-U3RXmbgPPF0i4lDkVBdSCx9MEJhHMu8KvzAyosXI, oauth_signature_method=HMAC-SHA1, oauth_signature=9Z5VMPeL4QoGHCtpiMcUxF%2FPiXI%3D, oauth_timestamp=1297141216, oauth_nonce=A20C6AB4-AAF9-46A5-B1F0-574A5BD3B538, oauth_version=1.0 I would be more than happy to send a minimal Xcode project to anyone who is willing to try running it in the iOS simulator. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
