[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs
Update: It works now. Thanks to everyone who tried to help me diagnose
the issue.
Today, Hedley posted about the system being off can cause the request
token to fail. This was my exact problem it turns out.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/aadee92bc5c34f29?pli=1
Thanks again!
~Blaine
On Jul 9, 10:57 pm, JDG wrote:
> No. According to the oauth spec, your signature key is always
> "consumer_secret&token_secret", even if token_secret is empty, so when you
> first call request_token, your key will be "consumer_secret&"
>
> On Thu, Jul 9, 2009 at 21:24, Blaine Garrett wrote:
>
>
>
>
>
> > Hi,
>
> > Thanks for the quick reply Matt. Below is a recap of the setup with a
> > bit more clarity as well as the keys, url, and pre-encoded data.
> > Hopefully this sheds some light on the issue. I also tried the PHP lib
> > someone recommended with the same results - i.e 401 error. So again, I
> > am thinking it is something external to the Django setup - be it on
> > either end of the requests.
>
> > Thanks again!
> > Blaine
>
> >
>
> > 1. Url I am trying to call the twitter API:
> >http://articulture.blainegarrett.com/signin/
>
> > 2. View Code being called:
> > [python_code]
> > def signin(request):
> > from acsite.people import oauthtwitter
> > import acsite.settings as settings
>
> > # Step 1: Create an anonymous twitter oauth consumer
> > oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
> > 'MY_SECRET_KEY') # Blaine's Personal Dev Site keys
>
> > # Step 2: Fetch Request Token From Twitter
> > request_token = oauth_consumer.getRequestToken() # In here I get
> > the 401 error
> > raise Exception(request_token) # Never gets here
> > [/python_code]
>
> > 3: I installed fresh copies:
> > python-twitter :http://code.google.com/p/python-twitter/
> > oauth-python-twitter:
> >http://code.google.com/p/oauth-python-twitter/
> > oauth :http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
>
> > In the oauth.py, I changed the line 36:
> > SIGNATURE_METHOD = 'HMAC-SHA1'
>
> > 4. With no other changes, I get: the urllib2 exception: HTTPError at /
> > signin/ "HTTP Error 401: Unauthorized"
> > 5. When I wrap the url opener code in oauthtwitter.py on approx line
> > 102 in:
> > try:
> > url_data = opener.open(url).read()
> > except urllib2.HTTPError, e:
> > raise Exception('GET REQUEST VERSION : Unable to connect to the
> > oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url,
> > e.msg))
>
> > I get the exception:
> > GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
> > 401 - Url:
>
> >https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_ti...
> > : Content - Unauthorized
>
> > 6. Trying again with a new request, adding an exception of the key,raw
> > returned from build_signature_base_string in build_signature in
> > oauth.py line 563, I get:
> > key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
> > %2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
> > %26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"
>
> > Note trailing ampersand on the key returned. Could this be a query
> > string artifact?
>
> > On Jul 6, 10:59 am, Matt Sanford wrote:
> > > Hi Blaine,
>
> > > Failing the validate the signature when getting a request token
> > > is pretty rare. As you said the fact this all works from other
> > > libraries seems to point to a library issue. The most helpful things
> > > to see in these cases are:
>
> > > • The actual HTTP request and response that fails. By seeing the URL
> > > requested I can try and recreate the signature and find the mismatch.
> > > • The "signature base string" used to create the oauth_signature
> > > parameter. This usually requires adding some print statements to the
> > > oauth library you're using but can be really helpful.
>
> > > If you can send the HTTP request and response (headers and
> > > bodies) that will be a good start. If you're not sure how to get them
> > > from your library I recommend using a debugging proxy like Charles [1].
>
> > > Thanks;
> > > – Matt Sanford / @mzsanford
> > > Twitter Dev
>
> > > [1] -http://www.charlesproxy.com/
>
> > > On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
>
> > > > Hi,
>
> > > > I get the 401:Unauthorized Error every time I attempt to get a request
> > > > token. When I attempt to go to the URL directly in the browser (not
> > > > yet accessed to preserve nonce) I get a body of "Failed to validate
> > > > oauth signature and token".
>
> > > > I am using the Leah's oauth client listed athttp://oauth.net/code
> > > > as well as the python-twitter (0.7-devel) and oauth-python-twitter
> > > > (v0.1)
>
> > > > I was able to get these same libraries to work on a different project
> > > > but not on the current one I am working on.
[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs
No. According to the oauth spec, your signature key is always
"consumer_secret&token_secret", even if token_secret is empty, so when you
first call request_token, your key will be "consumer_secret&"
On Thu, Jul 9, 2009 at 21:24, Blaine Garrett wrote:
>
> Hi,
>
> Thanks for the quick reply Matt. Below is a recap of the setup with a
> bit more clarity as well as the keys, url, and pre-encoded data.
> Hopefully this sheds some light on the issue. I also tried the PHP lib
> someone recommended with the same results - i.e 401 error. So again, I
> am thinking it is something external to the Django setup - be it on
> either end of the requests.
>
> Thanks again!
> Blaine
>
>
>
>
> 1. Url I am trying to call the twitter API:
> http://articulture.blainegarrett.com/signin/
>
> 2. View Code being called:
> [python_code]
> def signin(request):
>from acsite.people import oauthtwitter
>import acsite.settings as settings
>
># Step 1: Create an anonymous twitter oauth consumer
>oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
> 'MY_SECRET_KEY') # Blaine's Personal Dev Site keys
>
># Step 2: Fetch Request Token From Twitter
>request_token = oauth_consumer.getRequestToken() # In here I get
> the 401 error
>raise Exception(request_token) # Never gets here
> [/python_code]
>
> 3: I installed fresh copies:
> python-twitter : http://code.google.com/p/python-twitter/
> oauth-python-twitter:
> http://code.google.com/p/oauth-python-twitter/
> oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
>
> In the oauth.py, I changed the line 36:
> SIGNATURE_METHOD = 'HMAC-SHA1'
>
> 4. With no other changes, I get: the urllib2 exception: HTTPError at /
> signin/ "HTTP Error 401: Unauthorized"
> 5. When I wrap the url opener code in oauthtwitter.py on approx line
> 102 in:
> try:
>url_data = opener.open(url).read()
> except urllib2.HTTPError, e:
>raise Exception('GET REQUEST VERSION : Unable to connect to the
> oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url,
> e.msg))
>
> I get the exception:
> GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
> 401 - Url:
>
> https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_timestamp=1247173406&oauth_consumer_key=Vx43QEmSCP1whLq1OSPg&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D
> : Content - Unauthorized
>
> 6. Trying again with a new request, adding an exception of the key,raw
> returned from build_signature_base_string in build_signature in
> oauth.py line 563, I get:
> key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
> %2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
> %26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"
>
> Note trailing ampersand on the key returned. Could this be a query
> string artifact?
>
>
>
> On Jul 6, 10:59 am, Matt Sanford wrote:
> > Hi Blaine,
> >
> > Failing the validate the signature when getting a request token
> > is pretty rare. As you said the fact this all works from other
> > libraries seems to point to a library issue. The most helpful things
> > to see in these cases are:
> >
> > • The actual HTTP request and response that fails. By seeing the URL
> > requested I can try and recreate the signature and find the mismatch.
> > • The "signature base string" used to create the oauth_signature
> > parameter. This usually requires adding some print statements to the
> > oauth library you're using but can be really helpful.
> >
> > If you can send the HTTP request and response (headers and
> > bodies) that will be a good start. If you're not sure how to get them
> > from your library I recommend using a debugging proxy like Charles [1].
> >
> > Thanks;
> > – Matt Sanford / @mzsanford
> > Twitter Dev
> >
> > [1] -http://www.charlesproxy.com/
> >
> > On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
> >
> >
> >
> > > Hi,
> >
> > > I get the 401:Unauthorized Error every time I attempt to get a request
> > > token. When I attempt to go to the URL directly in the browser (not
> > > yet accessed to preserve nonce) I get a body of "Failed to validate
> > > oauth signature and token".
> >
> > > I am using the Leah's oauth client listed athttp://oauth.net/code
> > > as well as the python-twitter (0.7-devel) and oauth-python-twitter
> > > (v0.1)
> >
> > > I was able to get these same libraries to work on a different project
> > > but not on the current one I am working on.
> > > I have refreshed my tokens numerous times and also tried the working
> > > ones from the other project. I also tried the tokens from this project
> > > on the other project that was working and that WORKED.
> >
> > > As such, I am guessing it is an issue with my setup or some other lib
> > > I am working with.
> > > Both projects however have Python Ve
[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs
Hi,
Thanks for the quick reply Matt. Below is a recap of the setup with a
bit more clarity as well as the keys, url, and pre-encoded data.
Hopefully this sheds some light on the issue. I also tried the PHP lib
someone recommended with the same results - i.e 401 error. So again, I
am thinking it is something external to the Django setup - be it on
either end of the requests.
Thanks again!
Blaine
1. Url I am trying to call the twitter API:
http://articulture.blainegarrett.com/signin/
2. View Code being called:
[python_code]
def signin(request):
from acsite.people import oauthtwitter
import acsite.settings as settings
# Step 1: Create an anonymous twitter oauth consumer
oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
'MY_SECRET_KEY') # Blaine's Personal Dev Site keys
# Step 2: Fetch Request Token From Twitter
request_token = oauth_consumer.getRequestToken() # In here I get
the 401 error
raise Exception(request_token) # Never gets here
[/python_code]
3: I installed fresh copies:
python-twitter : http://code.google.com/p/python-twitter/
oauth-python-twitter : http://code.google.com/p/oauth-python-twitter/
oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
In the oauth.py, I changed the line 36:
SIGNATURE_METHOD = 'HMAC-SHA1'
4. With no other changes, I get: the urllib2 exception: HTTPError at /
signin/ "HTTP Error 401: Unauthorized"
5. When I wrap the url opener code in oauthtwitter.py on approx line
102 in:
try:
url_data = opener.open(url).read()
except urllib2.HTTPError, e:
raise Exception('GET REQUEST VERSION : Unable to connect to the
oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url,
e.msg))
I get the exception:
GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
401 - Url:
https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_timestamp=1247173406&oauth_consumer_key=Vx43QEmSCP1whLq1OSPg&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D
: Content - Unauthorized
6. Trying again with a new request, adding an exception of the key,raw
returned from build_signature_base_string in build_signature in
oauth.py line 563, I get:
key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
%26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"
Note trailing ampersand on the key returned. Could this be a query
string artifact?
On Jul 6, 10:59 am, Matt Sanford wrote:
> Hi Blaine,
>
> Failing the validate the signature when getting a request token
> is pretty rare. As you said the fact this all works from other
> libraries seems to point to a library issue. The most helpful things
> to see in these cases are:
>
> • The actual HTTP request and response that fails. By seeing the URL
> requested I can try and recreate the signature and find the mismatch.
> • The "signature base string" used to create the oauth_signature
> parameter. This usually requires adding some print statements to the
> oauth library you're using but can be really helpful.
>
> If you can send the HTTP request and response (headers and
> bodies) that will be a good start. If you're not sure how to get them
> from your library I recommend using a debugging proxy like Charles [1].
>
> Thanks;
> – Matt Sanford / @mzsanford
> Twitter Dev
>
> [1] -http://www.charlesproxy.com/
>
> On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
>
>
>
> > Hi,
>
> > I get the 401:Unauthorized Error every time I attempt to get a request
> > token. When I attempt to go to the URL directly in the browser (not
> > yet accessed to preserve nonce) I get a body of "Failed to validate
> > oauth signature and token".
>
> > I am using the Leah's oauth client listed athttp://oauth.net/code
> > as well as the python-twitter (0.7-devel) and oauth-python-twitter
> > (v0.1)
>
> > I was able to get these same libraries to work on a different project
> > but not on the current one I am working on.
> > I have refreshed my tokens numerous times and also tried the working
> > ones from the other project. I also tried the tokens from this project
> > on the other project that was working and that WORKED.
>
> > As such, I am guessing it is an issue with my setup or some other lib
> > I am working with.
> > Both projects however have Python Versions 2.5.2 and should otherwise
> > be the same setups.
>
> > Domain the project is on ishttp://articulture.blainegarrett.comif
> > the matters for some odd reason.
>
> > Any thoughts?
>
> > Here is the code I am using to call the libs if it helps:
> > oauth_consumer = oauthtwitter.OAuthApi(consumer_token,
> > consumer_secret)
> > request_token = oauth_consumer.getRequestToken() # httplib exception
> > bubbles from within here
> > authorization_url = oauth_consumer.getAuthorizationURL(request_token)
>
> > Thank
[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs
Hi Blaine, Failing the validate the signature when getting a request token is pretty rare. As you said the fact this all works from other libraries seems to point to a library issue. The most helpful things to see in these cases are: • The actual HTTP request and response that fails. By seeing the URL requested I can try and recreate the signature and find the mismatch. • The "signature base string" used to create the oauth_signature parameter. This usually requires adding some print statements to the oauth library you're using but can be really helpful. If you can send the HTTP request and response (headers and bodies) that will be a good start. If you're not sure how to get them from your library I recommend using a debugging proxy like Charles [1]. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://www.charlesproxy.com/ On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote: Hi, I get the 401:Unauthorized Error every time I attempt to get a request token. When I attempt to go to the URL directly in the browser (not yet accessed to preserve nonce) I get a body of "Failed to validate oauth signature and token". I am using the Leah's oauth client listed at http://oauth.net/code as well as the python-twitter (0.7-devel) and oauth-python-twitter (v0.1) I was able to get these same libraries to work on a different project but not on the current one I am working on. I have refreshed my tokens numerous times and also tried the working ones from the other project. I also tried the tokens from this project on the other project that was working and that WORKED. As such, I am guessing it is an issue with my setup or some other lib I am working with. Both projects however have Python Versions 2.5.2 and should otherwise be the same setups. Domain the project is on is http://articulture.blainegarrett.com if the matters for some odd reason. Any thoughts? Here is the code I am using to call the libs if it helps: oauth_consumer = oauthtwitter.OAuthApi(consumer_token, consumer_secret) request_token = oauth_consumer.getRequestToken() # httplib exception bubbles from within here authorization_url = oauth_consumer.getAuthorizationURL(request_token) Thank you! ~Blaine -- Blaine Garrett gchat : bla...@jrcorps.com aim: zombiediv y!: zombiediv
