subject:"\[twitter\-dev\] Re\: C# \+ OAuth \+ account\/update_profile

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-10-20 Thread Zaudio


Hi Nicholas,

Sounds like you have this particular method cracked (account/
updateprofileimage) in Oauth

Our code does use C# for all twitter layers... And thanks for your
offer.. all I'm really after is the logic to get the correctly signed
POST for this method... You seem to suggest I don't need to sign the
image data as it is not urlencoded... So I'll try from there.
If you can send me snippets that show the logic to make this work...
that might help.

Thanks again

Simon

On Oct 19, 8:32 am, Nicholas Granado  wrote:
> Simon,
>
> You would sign the request with all of the usual "oauth param" suspects.  If
> I recall correctly this endpoint has no other params other than the 'image'
> param in the multi-part post body whose value would be the bytes of the
> image file.  Typically I've only seen the post params passed into the oauth
> signing rigmarole when the post body is urlencoded.
>
> I hope this helps, this whole OAuth thing can be very confusing at first
> glance.  If you are in C# I have my own lib for twitter basic auth/oauth
> that I've baked up, if you like I could pass you the bits.
>
> Nicholas
> ---
> Nicholas Granado
> email:  ngran...@gmail.com
> twitter: heatxsink
> web:http://nickgranado.com
>
> On Mon, Oct 19, 2009 at 6:38 AM, Zaudio  wrote:
>
> > Nicholas,
> > That's great feedback!
>
> > In you opinion, how do I then sign the request? Do I use all the usual
> > for the signaturebase... ie postmethod&url&nonce&etc etc
> > or just postmethod&url& as David suggested?
>
> > I trust that the image data does not come into the signing process,
> > and that I still can post the data using iso-8859-1 encoding as I
> > would normally do for uploading files?
>
> > If you have these answers, then I should be able to nail this for
> > our .net case.Oauth's been working great for us until this hitch...
>
> > Thanks
>
> > Simon
>
> > On Oct 18, 6:11 pm, Nicholas Granado  wrote:
> > > Simon,
>
> > > I believe the body of your post might be incorrect. It should look like
> > > this:
>
> > > POST /account/update_profile_image.xml HTTP/1.1
> > > Content-Type: multipart/form-data;
> > > boundary=8cbed79c91b24f3
> > > Host: twitter.com
> > > Content-Length: 3863(this will probably change now..)
>
> > > --8cbed79c91b24f3
> > > Content-Disposition: form-data; name="image"; filename="test.jpg"
> > > Content-Type: image/jpeg
>
> > > (there's a few K of binary data here, the contents of the file)
> > > --8cbed79c91b24f3
>
> > > The rest of the OAuth variables should be passed on the query string.
>
> > > I hope this helps.
>
> > > Cheers,
> > > Nicholas
> > > ---
> > > Nicholas Granado
> > > email:  ngran...@gmail.com
> > > twitter: heatxsink
> > > web:http://nickgranado.com
>
> > > On Sun, Oct 18, 2009 at 2:42 PM, Zaudio  wrote:
>
> > > > Hi David,
>
> > > > I found your excellent post hoping that it would solve the same
> > > > challenge for my app: updating profile image via Oauth... using
> > > > similar .net base to yourself...
> > > > BUT I just get the 401 all the time... despite taking your advice to
> > > > just sign with the HTTPmethod & URL My post data is laid out much
> > > > like yours... though I never got that 500 error...
>
> > > > I've tried all sorts... dropping the & off the end different
> > > > encodings...
>
> > > > What encoding did you use to encode your image, and then to post the
> > > > request?
>
> > > > Does it still work for you... or did this get broken when Twitter
> > > > 'fixed' their Oauth implementation?
>
> > > > Can anyone else advise if they have got this working and where I might
> > > > be going wrong?
>
> > > > Thanks
>
> > > > Simon (Zaudio)
>
> > > > On Aug 19, 11:40 pm, David Carson  wrote:
> > > > > Got this sorted out and working, and thought I should share the two
> > > > > pitfalls which were causing me problems.
>
> > > > > First of all, unbelievably, the 500 Internal Server Error was being
> > > > > caused by an extra carriage return between my last HTTP header and
> > the
> > > > > first multipart boundary. Seriously. I had two blank lines in there
> > > > > instead of one. Removed the extra carriage return, and my 500
> > > > > vanished, being replaced by a more reasonable "(401) Unauthorized -
> > > > > Incorrect signature" error.
>
> > > > > Secondly, the OAuth documentation seems a bit shaky when it comes to
> > > > > multipart/form-data POSTs. But basically, you do NOT use any of the
> > > > > POST parameters when creating your signature. And this includes all
> > of
> > > > > the OAuth-specific parameters like oauth_consumer_key,
> > > > > oauth_signature_method, etc. Bit of a security hole imho, OAuth
> > > > > implements all this complexity to avoid man-in-the-middle or replay
> > > > > attacks, and as soon as you do a multipart POST it's all negated.
>
> > > > > So, my signature base was literally:
>
> > > > > POST&http%3A%2F%2Ftwitter.com%2Facc

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-10-20 Thread Zaudio


Thanks Thomas... I did look at TwitterVB as a possible way to find the
answer to this particular function call... but the API says it doesn't
yet cover account/updateprofileimage...

Thanks

Simon

On Oct 19, 3:39 pm, Thomas Hübner  wrote:
> You can use TwitterVB which covers nearly the complete API in .NET
> (OAuth included). U find it on codeplexhttp://twittervb.codeplex.com/
>
> Cheers,
> Thomas
>
> Nicholas Granado schrieb:
>
> > Simon,
>
> > You would sign the request with all of the usual "oauth param"
> > suspects.  If I recall correctly this endpoint has no other params other
> > than the 'image' param in the multi-part post body whose value would be
> > the bytes of the image file.  Typically I've only seen the post params
> > passed into the oauth signing rigmarole when the post body is urlencoded.
>
> > I hope this helps, this whole OAuth thing can be very confusing at first
> > glance.  If you are in C# I have my own lib for twitter basic auth/oauth
> > that I've baked up, if you like I could pass you the bits.
>
> > Nicholas
> > ---
> > Nicholas Granado
> > email:  ngran...@gmail.com 
> > twitter: heatxsink
> > web:http://nickgranado.com
>
> > On Mon, Oct 19, 2009 at 6:38 AM, Zaudio  > > wrote:
>
> > Nicholas,
> > That's great feedback!
>
> > In you opinion, how do I then sign the request? Do I use all the usual
> > for the signaturebase... ie postmethod&url&nonce&etc etc
> > or just postmethod&url& as David suggested?
>
> > I trust that the image data does not come into the signing process,
> > and that I still can post the data using iso-8859-1 encoding as I
> > would normally do for uploading files?
>
> > If you have these answers, then I should be able to nail this for
> > our .net case.Oauth's been working great for us until this hitch...
>
> > Thanks
>
> > Simon
>
> > On Oct 18, 6:11 pm, Nicholas Granado  > > wrote:
> > > Simon,
>
> > > I believe the body of your post might be incorrect. It should look
> > like
> > > this:
>
> > > POST /account/update_profile_image.xml HTTP/1.1
> > > Content-Type: multipart/form-data;
> > > boundary=8cbed79c91b24f3
> > > Host: twitter.com 
> > > Content-Length: 3863(this will probably change now..)
>
> > > --8cbed79c91b24f3
> > > Content-Disposition: form-data; name="image"; filename="test.jpg"
> > > Content-Type: image/jpeg
>
> > > (there's a few K of binary data here, the contents of the file)
> > > --8cbed79c91b24f3
>
> > > The rest of the OAuth variables should be passed on the query string.
>
> > > I hope this helps.
>
> > > Cheers,
> > > Nicholas
> > > ---
> > > Nicholas Granado
> > > email:  ngran...@gmail.com 
> > > twitter: heatxsink
> > > web:http://nickgranado.com
>
> > > On Sun, Oct 18, 2009 at 2:42 PM, Zaudio  > > wrote:
>
> > > > Hi David,
>
> > > > I found your excellent post hoping that it would solve the same
> > > > challenge for my app: updating profile image via Oauth... using
> > > > similar .net base to yourself...
> > > > BUT I just get the 401 all the time... despite taking your advice to
> > > > just sign with the HTTPmethod & URL My post data is laid out
> > much
> > > > like yours... though I never got that 500 error...
>
> > > > I've tried all sorts... dropping the & off the end different
> > > > encodings...
>
> > > > What encoding did you use to encode your image, and then to post the
> > > > request?
>
> > > > Does it still work for you... or did this get broken when Twitter
> > > > 'fixed' their Oauth implementation?
>
> > > > Can anyone else advise if they have got this working and where I
> > might
> > > > be going wrong?
>
> > > > Thanks
>
> > > > Simon (Zaudio)
>
> > > > On Aug 19, 11:40 pm, David Carson  > > wrote:
> > > > > Got this sorted out and working, and thought I should share
> > the two
> > > > > pitfalls which were causing me problems.
>
> > > > > First of all, unbelievably, the 500 Internal Server Error was
> > being
> > > > > caused by an extra carriage return between my last HTTP header
> > and the
> > > > > first multipart boundary. Seriously. I had two blank lines in
> > there
> > > > > instead of one. Removed the extra carriage return, and my 500
> > > > > vanished, being replaced by a more reasonable "(401)
> > Unauthorized -
> > > > > Incorrect signature" error.
>
> > > > > Secondly, the OAuth documentation seems a bit shaky when it
> > comes to
> > > > > multipart/form-data POSTs. But basically, you do NOT use any
> >

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-10-19 Thread Thomas Hübner

You can use TwitterVB which covers nearly the complete API in .NET
(OAuth included). U find it on codeplex http://twittervb.codeplex.com/

Cheers,
Thomas

Nicholas Granado schrieb:
> Simon,
> 
> You would sign the request with all of the usual "oauth param"
> suspects.  If I recall correctly this endpoint has no other params other
> than the 'image' param in the multi-part post body whose value would be
> the bytes of the image file.  Typically I've only seen the post params
> passed into the oauth signing rigmarole when the post body is urlencoded.
> 
> I hope this helps, this whole OAuth thing can be very confusing at first
> glance.  If you are in C# I have my own lib for twitter basic auth/oauth
> that I've baked up, if you like I could pass you the bits.
> 
> Nicholas
> ---
> Nicholas Granado
> email:  ngran...@gmail.com 
> twitter: heatxsink
> web:http://nickgranado.com
> 
> 
> On Mon, Oct 19, 2009 at 6:38 AM, Zaudio  > wrote:
> 
> 
> Nicholas,
> That's great feedback!
> 
> In you opinion, how do I then sign the request? Do I use all the usual
> for the signaturebase... ie postmethod&url&nonce&etc etc
> or just postmethod&url& as David suggested?
> 
> I trust that the image data does not come into the signing process,
> and that I still can post the data using iso-8859-1 encoding as I
> would normally do for uploading files?
> 
> If you have these answers, then I should be able to nail this for
> our .net case.Oauth's been working great for us until this hitch...
> 
> Thanks
> 
> Simon
> 
> 
> On Oct 18, 6:11 pm, Nicholas Granado  > wrote:
> > Simon,
> >
> > I believe the body of your post might be incorrect. It should look
> like
> > this:
> >
> > POST /account/update_profile_image.xml HTTP/1.1
> > Content-Type: multipart/form-data;
> > boundary=8cbed79c91b24f3
> > Host: twitter.com 
> > Content-Length: 3863(this will probably change now..)
> >
> > --8cbed79c91b24f3
> > Content-Disposition: form-data; name="image"; filename="test.jpg"
> > Content-Type: image/jpeg
> >
> > (there's a few K of binary data here, the contents of the file)
> > --8cbed79c91b24f3
> >
> > The rest of the OAuth variables should be passed on the query string.
> >
> > I hope this helps.
> >
> > Cheers,
> > Nicholas
> > ---
> > Nicholas Granado
> > email:  ngran...@gmail.com 
> > twitter: heatxsink
> > web:http://nickgranado.com
> >
> > On Sun, Oct 18, 2009 at 2:42 PM, Zaudio  > wrote:
> >
> > > Hi David,
> >
> > > I found your excellent post hoping that it would solve the same
> > > challenge for my app: updating profile image via Oauth... using
> > > similar .net base to yourself...
> > > BUT I just get the 401 all the time... despite taking your advice to
> > > just sign with the HTTPmethod & URL My post data is laid out
> much
> > > like yours... though I never got that 500 error...
> >
> > > I've tried all sorts... dropping the & off the end different
> > > encodings...
> >
> > > What encoding did you use to encode your image, and then to post the
> > > request?
> >
> > > Does it still work for you... or did this get broken when Twitter
> > > 'fixed' their Oauth implementation?
> >
> > > Can anyone else advise if they have got this working and where I
> might
> > > be going wrong?
> >
> > > Thanks
> >
> > > Simon (Zaudio)
> >
> > > On Aug 19, 11:40 pm, David Carson  > wrote:
> > > > Got this sorted out and working, and thought I should share
> the two
> > > > pitfalls which were causing me problems.
> >
> > > > First of all, unbelievably, the 500 Internal Server Error was
> being
> > > > caused by an extra carriage return between my last HTTP header
> and the
> > > > first multipart boundary. Seriously. I had two blank lines in
> there
> > > > instead of one. Removed the extra carriage return, and my 500
> > > > vanished, being replaced by a more reasonable "(401)
> Unauthorized -
> > > > Incorrect signature" error.
> >
> > > > Secondly, the OAuth documentation seems a bit shaky when it
> comes to
> > > > multipart/form-data POSTs. But basically, you do NOT use any
> of the
> > > > POST parameters when creating your signature. And this
> includes all of
> > > > the OAuth-specific parameters like oauth_consumer_key,
> > > > oauth_signature_method, etc. Bit of a security hole imho, OAuth
> > > > implements all this complexity to avoid man-in-the-mi

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-10-19 Thread Nicholas Granado

Simon,

You would sign the request with all of the usual "oauth param" suspects.  If
I recall correctly this endpoint has no other params other than the 'image'
param in the multi-part post body whose value would be the bytes of the
image file.  Typically I've only seen the post params passed into the oauth
signing rigmarole when the post body is urlencoded.

I hope this helps, this whole OAuth thing can be very confusing at first
glance.  If you are in C# I have my own lib for twitter basic auth/oauth
that I've baked up, if you like I could pass you the bits.

Nicholas
---
Nicholas Granado
email:  ngran...@gmail.com
twitter: heatxsink
web:http://nickgranado.com


On Mon, Oct 19, 2009 at 6:38 AM, Zaudio  wrote:

>
> Nicholas,
> That's great feedback!
>
> In you opinion, how do I then sign the request? Do I use all the usual
> for the signaturebase... ie postmethod&url&nonce&etc etc
> or just postmethod&url& as David suggested?
>
> I trust that the image data does not come into the signing process,
> and that I still can post the data using iso-8859-1 encoding as I
> would normally do for uploading files?
>
> If you have these answers, then I should be able to nail this for
> our .net case.Oauth's been working great for us until this hitch...
>
> Thanks
>
> Simon
>
>
> On Oct 18, 6:11 pm, Nicholas Granado  wrote:
> > Simon,
> >
> > I believe the body of your post might be incorrect. It should look like
> > this:
> >
> > POST /account/update_profile_image.xml HTTP/1.1
> > Content-Type: multipart/form-data;
> > boundary=8cbed79c91b24f3
> > Host: twitter.com
> > Content-Length: 3863(this will probably change now..)
> >
> > --8cbed79c91b24f3
> > Content-Disposition: form-data; name="image"; filename="test.jpg"
> > Content-Type: image/jpeg
> >
> > (there's a few K of binary data here, the contents of the file)
> > --8cbed79c91b24f3
> >
> > The rest of the OAuth variables should be passed on the query string.
> >
> > I hope this helps.
> >
> > Cheers,
> > Nicholas
> > ---
> > Nicholas Granado
> > email:  ngran...@gmail.com
> > twitter: heatxsink
> > web:http://nickgranado.com
> >
> > On Sun, Oct 18, 2009 at 2:42 PM, Zaudio  wrote:
> >
> > > Hi David,
> >
> > > I found your excellent post hoping that it would solve the same
> > > challenge for my app: updating profile image via Oauth... using
> > > similar .net base to yourself...
> > > BUT I just get the 401 all the time... despite taking your advice to
> > > just sign with the HTTPmethod & URL My post data is laid out much
> > > like yours... though I never got that 500 error...
> >
> > > I've tried all sorts... dropping the & off the end different
> > > encodings...
> >
> > > What encoding did you use to encode your image, and then to post the
> > > request?
> >
> > > Does it still work for you... or did this get broken when Twitter
> > > 'fixed' their Oauth implementation?
> >
> > > Can anyone else advise if they have got this working and where I might
> > > be going wrong?
> >
> > > Thanks
> >
> > > Simon (Zaudio)
> >
> > > On Aug 19, 11:40 pm, David Carson  wrote:
> > > > Got this sorted out and working, and thought I should share the two
> > > > pitfalls which were causing me problems.
> >
> > > > First of all, unbelievably, the 500 Internal Server Error was being
> > > > caused by an extra carriage return between my last HTTP header and
> the
> > > > first multipart boundary. Seriously. I had two blank lines in there
> > > > instead of one. Removed the extra carriage return, and my 500
> > > > vanished, being replaced by a more reasonable "(401) Unauthorized -
> > > > Incorrect signature" error.
> >
> > > > Secondly, the OAuth documentation seems a bit shaky when it comes to
> > > > multipart/form-data POSTs. But basically, you do NOT use any of the
> > > > POST parameters when creating your signature. And this includes all
> of
> > > > the OAuth-specific parameters like oauth_consumer_key,
> > > > oauth_signature_method, etc. Bit of a security hole imho, OAuth
> > > > implements all this complexity to avoid man-in-the-middle or replay
> > > > attacks, and as soon as you do a multipart POST it's all negated.
> >
> > > > So, my signature base was literally:
> >
> > > > POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml&
> >
> > > > Just the HTTP method and the URL. No parameters.
> >
> > > > Once I made that change to the signature generation, my request went
> > > > through fine and my avatar changed.
> >
> > > > Hope this helps someone!
> >
> > > > Cheers,
> > > > David...
>

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-10-19 Thread Zaudio


Nicholas,
That's great feedback!

In you opinion, how do I then sign the request? Do I use all the usual
for the signaturebase... ie postmethod&url&nonce&etc etc
or just postmethod&url& as David suggested?

I trust that the image data does not come into the signing process,
and that I still can post the data using iso-8859-1 encoding as I
would normally do for uploading files?

If you have these answers, then I should be able to nail this for
our .net case.Oauth's been working great for us until this hitch...

Thanks

Simon


On Oct 18, 6:11 pm, Nicholas Granado  wrote:
> Simon,
>
> I believe the body of your post might be incorrect. It should look like
> this:
>
> POST /account/update_profile_image.xml HTTP/1.1
> Content-Type: multipart/form-data;
> boundary=8cbed79c91b24f3
> Host: twitter.com
> Content-Length: 3863(this will probably change now..)
>
> --8cbed79c91b24f3
> Content-Disposition: form-data; name="image"; filename="test.jpg"
> Content-Type: image/jpeg
>
> (there's a few K of binary data here, the contents of the file)
> --8cbed79c91b24f3
>
> The rest of the OAuth variables should be passed on the query string.
>
> I hope this helps.
>
> Cheers,
> Nicholas
> ---
> Nicholas Granado
> email:  ngran...@gmail.com
> twitter: heatxsink
> web:http://nickgranado.com
>
> On Sun, Oct 18, 2009 at 2:42 PM, Zaudio  wrote:
>
> > Hi David,
>
> > I found your excellent post hoping that it would solve the same
> > challenge for my app: updating profile image via Oauth... using
> > similar .net base to yourself...
> > BUT I just get the 401 all the time... despite taking your advice to
> > just sign with the HTTPmethod & URL My post data is laid out much
> > like yours... though I never got that 500 error...
>
> > I've tried all sorts... dropping the & off the end different
> > encodings...
>
> > What encoding did you use to encode your image, and then to post the
> > request?
>
> > Does it still work for you... or did this get broken when Twitter
> > 'fixed' their Oauth implementation?
>
> > Can anyone else advise if they have got this working and where I might
> > be going wrong?
>
> > Thanks
>
> > Simon (Zaudio)
>
> > On Aug 19, 11:40 pm, David Carson  wrote:
> > > Got this sorted out and working, and thought I should share the two
> > > pitfalls which were causing me problems.
>
> > > First of all, unbelievably, the 500 Internal Server Error was being
> > > caused by an extra carriage return between my last HTTP header and the
> > > first multipart boundary. Seriously. I had two blank lines in there
> > > instead of one. Removed the extra carriage return, and my 500
> > > vanished, being replaced by a more reasonable "(401) Unauthorized -
> > > Incorrect signature" error.
>
> > > Secondly, the OAuth documentation seems a bit shaky when it comes to
> > > multipart/form-data POSTs. But basically, you do NOT use any of the
> > > POST parameters when creating your signature. And this includes all of
> > > the OAuth-specific parameters like oauth_consumer_key,
> > > oauth_signature_method, etc. Bit of a security hole imho, OAuth
> > > implements all this complexity to avoid man-in-the-middle or replay
> > > attacks, and as soon as you do a multipart POST it's all negated.
>
> > > So, my signature base was literally:
>
> > > POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml&
>
> > > Just the HTTP method and the URL. No parameters.
>
> > > Once I made that change to the signature generation, my request went
> > > through fine and my avatar changed.
>
> > > Hope this helps someone!
>
> > > Cheers,
> > > David...

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-10-18 Thread Nicholas Granado

Simon,

I believe the body of your post might be incorrect. It should look like
this:

POST /account/update_profile_image.xml HTTP/1.1
Content-Type: multipart/form-data;
boundary=8cbed79c91b24f3
Host: twitter.com
Content-Length: 3863(this will probably change now..)

--8cbed79c91b24f3
Content-Disposition: form-data; name="image"; filename="test.jpg"
Content-Type: image/jpeg

(there's a few K of binary data here, the contents of the file)
--8cbed79c91b24f3


The rest of the OAuth variables should be passed on the query string.

I hope this helps.

Cheers,
Nicholas
---
Nicholas Granado
email:  ngran...@gmail.com
twitter: heatxsink
web:http://nickgranado.com


On Sun, Oct 18, 2009 at 2:42 PM, Zaudio  wrote:

>
> Hi David,
>
> I found your excellent post hoping that it would solve the same
> challenge for my app: updating profile image via Oauth... using
> similar .net base to yourself...
> BUT I just get the 401 all the time... despite taking your advice to
> just sign with the HTTPmethod & URL My post data is laid out much
> like yours... though I never got that 500 error...
>
> I've tried all sorts... dropping the & off the end different
> encodings...
>
> What encoding did you use to encode your image, and then to post the
> request?
>
> Does it still work for you... or did this get broken when Twitter
> 'fixed' their Oauth implementation?
>
> Can anyone else advise if they have got this working and where I might
> be going wrong?
>
> Thanks
>
> Simon (Zaudio)
>
>
>
> On Aug 19, 11:40 pm, David Carson  wrote:
> > Got this sorted out and working, and thought I should share the two
> > pitfalls which were causing me problems.
> >
> > First of all, unbelievably, the 500 Internal Server Error was being
> > caused by an extra carriage return between my last HTTP header and the
> > first multipart boundary. Seriously. I had two blank lines in there
> > instead of one. Removed the extra carriage return, and my 500
> > vanished, being replaced by a more reasonable "(401) Unauthorized -
> > Incorrect signature" error.
> >
> > Secondly, the OAuth documentation seems a bit shaky when it comes to
> > multipart/form-data POSTs. But basically, you do NOT use any of the
> > POST parameters when creating your signature. And this includes all of
> > the OAuth-specific parameters like oauth_consumer_key,
> > oauth_signature_method, etc. Bit of a security hole imho, OAuth
> > implements all this complexity to avoid man-in-the-middle or replay
> > attacks, and as soon as you do a multipart POST it's all negated.
> >
> > So, my signature base was literally:
> >
> > POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml&
> >
> > Just the HTTP method and the URL. No parameters.
> >
> > Once I made that change to the signature generation, my request went
> > through fine and my avatar changed.
> >
> > Hope this helps someone!
> >
> > Cheers,
> > David...
>

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-10-18 Thread Zaudio

Hi David,

I found your excellent post hoping that it would solve the same
challenge for my app: updating profile image via Oauth... using
similar .net base to yourself...
BUT I just get the 401 all the time... despite taking your advice to
just sign with the HTTPmethod & URL My post data is laid out much
like yours... though I never got that 500 error...

I've tried all sorts... dropping the & off the end different
encodings...

What encoding did you use to encode your image, and then to post the
request?

Does it still work for you... or did this get broken when Twitter
'fixed' their Oauth implementation?

Can anyone else advise if they have got this working and where I might
be going wrong?

Thanks

Simon (Zaudio)

On Aug 19, 11:40 pm, David Carson  wrote:
> Got this sorted out and working, and thought I should share the two
> pitfalls which were causing me problems.
>
> First of all, unbelievably, the 500 Internal Server Error was being
> caused by an extra carriage return between my last HTTP header and the
> first multipart boundary. Seriously. I had two blank lines in there
> instead of one. Removed the extra carriage return, and my 500
> vanished, being replaced by a more reasonable "(401) Unauthorized -
> Incorrect signature" error.
>
> Secondly, the OAuth documentation seems a bit shaky when it comes to
> multipart/form-data POSTs. But basically, you do NOT use any of the
> POST parameters when creating your signature. And this includes all of
> the OAuth-specific parameters like oauth_consumer_key,
> oauth_signature_method, etc. Bit of a security hole imho, OAuth
> implements all this complexity to avoid man-in-the-middle or replay
> attacks, and as soon as you do a multipart POST it's all negated.
>
> So, my signature base was literally:
>
> POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml&
>
> Just the HTTP method and the URL. No parameters.
>
> Once I made that change to the signature generation, my request went
> through fine and my avatar changed.
>
> Hope this helps someone!
>
> Cheers,
> David...

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-08-20 Thread Andrew Badera


On Thu, Aug 20, 2009 at 1:40 AM, David Carson wrote:
>
> Got this sorted out and working, and thought I should share the two
> pitfalls which were causing me problems.
>
> First of all, unbelievably, the 500 Internal Server Error was being
> caused by an extra carriage return between my last HTTP header and the
> first multipart boundary. Seriously. I had two blank lines in there
> instead of one. Removed the extra carriage return, and my 500
> vanished, being replaced by a more reasonable "(401) Unauthorized -
> Incorrect signature" error.
>
> Secondly, the OAuth documentation seems a bit shaky when it comes to
> multipart/form-data POSTs. But basically, you do NOT use any of the
> POST parameters when creating your signature. And this includes all of
> the OAuth-specific parameters like oauth_consumer_key,
> oauth_signature_method, etc. Bit of a security hole imho, OAuth
> implements all this complexity to avoid man-in-the-middle or replay
> attacks, and as soon as you do a multipart POST it's all negated.
>
> So, my signature base was literally:
>
> POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml&
>
> Just the HTTP method and the URL. No parameters.
>
> Once I made that change to the signature generation, my request went
> through fine and my avatar changed.
>
> Hope this helps someone!
>
> Cheers,
> David...
>

Gotta love HTTP. In many ways very forgiving, in other ways very, very
picky. Glad you got it worked out. FYI I believe LinqToTwitter offers
the same image upload/change functionality on top of the same
OAuthBase work by Eran & Shannon.

∞ Andy Badera
∞ This email is: [ ] bloggable [x] ask first [ ] private
∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

2009-08-19 Thread David Carson


Got this sorted out and working, and thought I should share the two
pitfalls which were causing me problems.

First of all, unbelievably, the 500 Internal Server Error was being
caused by an extra carriage return between my last HTTP header and the
first multipart boundary. Seriously. I had two blank lines in there
instead of one. Removed the extra carriage return, and my 500
vanished, being replaced by a more reasonable "(401) Unauthorized -
Incorrect signature" error.

Secondly, the OAuth documentation seems a bit shaky when it comes to
multipart/form-data POSTs. But basically, you do NOT use any of the
POST parameters when creating your signature. And this includes all of
the OAuth-specific parameters like oauth_consumer_key,
oauth_signature_method, etc. Bit of a security hole imho, OAuth
implements all this complexity to avoid man-in-the-middle or replay
attacks, and as soon as you do a multipart POST it's all negated.

So, my signature base was literally:

POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml&

Just the HTTP method and the URL. No parameters.

Once I made that change to the signature generation, my request went
through fine and my avatar changed.

Hope this helps someone!

Cheers,
David...

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error

9 matches

Site Navigation

Mail list logo

Footer information