Re: [twitter-dev] Problems with oauth request_token
Yes, I will generate a new pair of keys (I was aware of it when I put it on the email), thanks for the reminder. So far I'm the only real user. You help is really appreciate, I did two mistakes (well pointed out - in case someone else fall in the same problem): timestamp in millis instead of seconds and POST body (I was really send the post data). Thanks a lot Taylor! On Fri, Jun 11, 2010 at 10:19 AM, Taylor Singletary < taylorsinglet...@twitter.com> wrote: > First Leonardo, > > If that's your real consumer secret, you're going to want to go and > regenerate your API keys *ASAP*. > > Looking at what you've sent along, it looks like you're pretty close to > getting this right. > > Your timestamp is verbose as far as the OAuth standard is concerned -- it > should be in seconds and not in milliseconds. Also ensure that your server > time is in sync with Twitter's: we return our current server time in a > header on every response. > > I notice you have your signature base string at the end of the email: is > this being sent as a POST body or is it just in your email? It shouldn't be > sent, if so. > > Taylor Singletary > Developer Advocate, Twitter > http://twitter.com/episod > > > On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles < > pite...@gmail.com> wrote: > >> Hello gentlemans, >> >> I'm working on a client twitter that uses HTTP proxy in Java. I struggling >> with the OAuth request_token that returns me HTTP 401 Unauthorized. >> >> Consumer key="3P1dah6urSdAo9voKDJDA" >> >> twitterURL=[https://api.twitter.com/oauth/request_token] >> >> authorizationData=[OAuth realm="api.twitter.com", >> oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA", >> oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", >> oauth_signature_method="HMAC-SHA1", >> oaut >> h_timestamp="1276235403668", oauth_version="1.0", >> oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"] >> >> basedata=[POST&https%3A%2F%2Fapi.twitter.com >> %2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me >> thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] >> >> And it returns the error: errorStream=[Failed to validate oauth signature >> and token] >> >> In order to check what I'm sending, I create a HttpListener and redirected >> the "api.twitter.com" to localhost:8000 and here is the header. >> >> Any suggestion is very welcome. >> >> POST /oauth/request_token HTTP/1.1 >> Authorization: OAuth realm="api.twitter.com", oauth_callback="oob", >> oauth_consumer_key="3P1dah6urSdAo9voKDJDA", >> oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd", >> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594", >> oauth_version="1.0", >> oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D" >> User-Agent: Java/1.6.0_20 >> Host: localhost:8000 >> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 >> Connection: keep-alive >> Content-type: application/x-www-form-urlencoded >> Content-Length: 266 >> >> >> POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau >> th_version%3D1.0. >> >> Best regards, >> Leo Meirelles >> > > -- Do you know the difference between look something amazing and touch it? Think about Jennifer Aniston... (K.V.)
Re: [twitter-dev] Problems with oauth request_token
First Leonardo, If that's your real consumer secret, you're going to want to go and regenerate your API keys *ASAP*. Looking at what you've sent along, it looks like you're pretty close to getting this right. Your timestamp is verbose as far as the OAuth standard is concerned -- it should be in seconds and not in milliseconds. Also ensure that your server time is in sync with Twitter's: we return our current server time in a header on every response. I notice you have your signature base string at the end of the email: is this being sent as a POST body or is it just in your email? It shouldn't be sent, if so. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles < pite...@gmail.com> wrote: > Hello gentlemans, > > I'm working on a client twitter that uses HTTP proxy in Java. I struggling > with the OAuth request_token that returns me HTTP 401 Unauthorized. > > Consumer key="3P1dah6urSdAo9voKDJDA" > > twitterURL=[https://api.twitter.com/oauth/request_token] > > authorizationData=[OAuth realm="api.twitter.com", > oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA", > oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", > oauth_signature_method="HMAC-SHA1", > oaut > h_timestamp="1276235403668", oauth_version="1.0", > oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"] > > basedata=[POST&https%3A%2F%2Fapi.twitter.com > %2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me > thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] > > And it returns the error: errorStream=[Failed to validate oauth signature > and token] > > In order to check what I'm sending, I create a HttpListener and redirected > the "api.twitter.com" to localhost:8000 and here is the header. > > Any suggestion is very welcome. > > POST /oauth/request_token HTTP/1.1 > Authorization: OAuth realm="api.twitter.com", oauth_callback="oob", > oauth_consumer_key="3P1dah6urSdAo9voKDJDA", > oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594", > oauth_version="1.0", > oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D" > User-Agent: Java/1.6.0_20 > Host: localhost:8000 > Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 > Connection: keep-alive > Content-type: application/x-www-form-urlencoded > Content-Length: 266 > > > POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau > th_version%3D1.0. > > Best regards, > Leo Meirelles >
[twitter-dev] Problems with oauth request_token
Hello gentlemans, I'm working on a client twitter that uses HTTP proxy in Java. I struggling with the OAuth request_token that returns me HTTP 401 Unauthorized. Consumer key="3P1dah6urSdAo9voKDJDA" Consumer secret="kMYprvWb0UQ0L8oAin2dQJArUQfMcjuVSjOjyHzTv8E&" <-- I already added the "&" in the end of it twitterURL=[https://api.twitter.com/oauth/request_token] authorizationData=[OAuth realm="api.twitter.com", oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA", oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", oauth_signature_method="HMAC-SHA1", oaut h_timestamp="1276235403668", oauth_version="1.0", oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"] basedata=[POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] And it returns the error: errorStream=[Failed to validate oauth signature and token] In order to check what I'm sending, I create a HttpListener and redirected the "api.twitter.com" to localhost:8000 and here is the header. Any suggestion is very welcome. POST /oauth/request_token HTTP/1.1 Authorization: OAuth realm="api.twitter.com", oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA", oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594", oauth_version="1.0", oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D" User-Agent: Java/1.6.0_20 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 266 POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau th_version%3D1.0. Best regards, Leo Meirelles