[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error
Thanks Thomas... I did look at TwitterVB as a possible way to find the answer to this particular function call... but the API says it doesn't yet cover account/updateprofileimage... Thanks Simon On Oct 19, 3:39 pm, Thomas Hübner thueb...@gmx.de wrote: You can use TwitterVB which covers nearly the complete API in .NET (OAuth included). U find it on codeplexhttp://twittervb.codeplex.com/ Cheers, Thomas Nicholas Granado schrieb: Simon, You would sign the request with all of the usual oauth param suspects. If I recall correctly this endpoint has no other params other than the 'image' param in the multi-part post body whose value would be the bytes of the image file. Typically I've only seen the post params passed into the oauth signing rigmarole when the post body is urlencoded. I hope this helps, this whole OAuth thing can be very confusing at first glance. If you are in C# I have my own lib for twitter basic auth/oauth that I've baked up, if you like I could pass you the bits. Nicholas --- Nicholas Granado email: ngran...@gmail.com mailto:ngran...@gmail.com twitter: heatxsink web:http://nickgranado.com On Mon, Oct 19, 2009 at 6:38 AM, Zaudio si...@z-audio.co.uk mailto:si...@z-audio.co.uk wrote: Nicholas, That's great feedback! In you opinion, how do I then sign the request? Do I use all the usual for the signaturebase... ie postmethodurlnonceetc etc or just postmethodurl as David suggested? I trust that the image data does not come into the signing process, and that I still can post the data using iso-8859-1 encoding as I would normally do for uploading files? If you have these answers, then I should be able to nail this for our .net case.Oauth's been working great for us until this hitch... Thanks Simon On Oct 18, 6:11 pm, Nicholas Granado ngran...@gmail.com mailto:ngran...@gmail.com wrote: Simon, I believe the body of your post might be incorrect. It should look like this: POST /account/update_profile_image.xml HTTP/1.1 Content-Type: multipart/form-data; boundary=8cbed79c91b24f3 Host: twitter.com http://twitter.com Content-Length: 3863(this will probably change now..) --8cbed79c91b24f3 Content-Disposition: form-data; name=image; filename=test.jpg Content-Type: image/jpeg (there's a few K of binary data here, the contents of the file) --8cbed79c91b24f3 The rest of the OAuth variables should be passed on the query string. I hope this helps. Cheers, Nicholas --- Nicholas Granado email: ngran...@gmail.com mailto:ngran...@gmail.com twitter: heatxsink web:http://nickgranado.com On Sun, Oct 18, 2009 at 2:42 PM, Zaudio si...@z-audio.co.uk mailto:si...@z-audio.co.uk wrote: Hi David, I found your excellent post hoping that it would solve the same challenge for my app: updating profile image via Oauth... using similar .net base to yourself... BUT I just get the 401 all the time... despite taking your advice to just sign with the HTTPmethod URL My post data is laid out much like yours... though I never got that 500 error... I've tried all sorts... dropping the off the end different encodings... What encoding did you use to encode your image, and then to post the request? Does it still work for you... or did this get broken when Twitter 'fixed' their Oauth implementation? Can anyone else advise if they have got this working and where I might be going wrong? Thanks Simon (Zaudio) On Aug 19, 11:40 pm, David Carson carson63...@gmail.com mailto:carson63...@gmail.com wrote: Got this sorted out and working, and thought I should share the two pitfalls which were causing me problems. First of all, unbelievably, the 500 Internal Server Error was being caused by an extra carriage return between my last HTTP header and the first multipart boundary. Seriously. I had two blank lines in there instead of one. Removed the extra carriage return, and my 500 vanished, being replaced by a more reasonable (401) Unauthorized - Incorrect signature error. Secondly, the OAuth documentation seems a bit shaky when it comes to multipart/form-data POSTs. But basically, you do NOT use any of the POST parameters when creating your signature. And this includes all of the OAuth-specific parameters like oauth_consumer_key, oauth_signature_method, etc. Bit of a security hole imho, OAuth
[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error
Hi Nicholas, Sounds like you have this particular method cracked (account/ updateprofileimage) in Oauth Our code does use C# for all twitter layers... And thanks for your offer.. all I'm really after is the logic to get the correctly signed POST for this method... You seem to suggest I don't need to sign the image data as it is not urlencoded... So I'll try from there. If you can send me snippets that show the logic to make this work... that might help. Thanks again Simon On Oct 19, 8:32 am, Nicholas Granado ngran...@gmail.com wrote: Simon, You would sign the request with all of the usual oauth param suspects. If I recall correctly this endpoint has no other params other than the 'image' param in the multi-part post body whose value would be the bytes of the image file. Typically I've only seen the post params passed into the oauth signing rigmarole when the post body is urlencoded. I hope this helps, this whole OAuth thing can be very confusing at first glance. If you are in C# I have my own lib for twitter basic auth/oauth that I've baked up, if you like I could pass you the bits. Nicholas --- Nicholas Granado email: ngran...@gmail.com twitter: heatxsink web:http://nickgranado.com On Mon, Oct 19, 2009 at 6:38 AM, Zaudio si...@z-audio.co.uk wrote: Nicholas, That's great feedback! In you opinion, how do I then sign the request? Do I use all the usual for the signaturebase... ie postmethodurlnonceetc etc or just postmethodurl as David suggested? I trust that the image data does not come into the signing process, and that I still can post the data using iso-8859-1 encoding as I would normally do for uploading files? If you have these answers, then I should be able to nail this for our .net case.Oauth's been working great for us until this hitch... Thanks Simon On Oct 18, 6:11 pm, Nicholas Granado ngran...@gmail.com wrote: Simon, I believe the body of your post might be incorrect. It should look like this: POST /account/update_profile_image.xml HTTP/1.1 Content-Type: multipart/form-data; boundary=8cbed79c91b24f3 Host: twitter.com Content-Length: 3863(this will probably change now..) --8cbed79c91b24f3 Content-Disposition: form-data; name=image; filename=test.jpg Content-Type: image/jpeg (there's a few K of binary data here, the contents of the file) --8cbed79c91b24f3 The rest of the OAuth variables should be passed on the query string. I hope this helps. Cheers, Nicholas --- Nicholas Granado email: ngran...@gmail.com twitter: heatxsink web:http://nickgranado.com On Sun, Oct 18, 2009 at 2:42 PM, Zaudio si...@z-audio.co.uk wrote: Hi David, I found your excellent post hoping that it would solve the same challenge for my app: updating profile image via Oauth... using similar .net base to yourself... BUT I just get the 401 all the time... despite taking your advice to just sign with the HTTPmethod URL My post data is laid out much like yours... though I never got that 500 error... I've tried all sorts... dropping the off the end different encodings... What encoding did you use to encode your image, and then to post the request? Does it still work for you... or did this get broken when Twitter 'fixed' their Oauth implementation? Can anyone else advise if they have got this working and where I might be going wrong? Thanks Simon (Zaudio) On Aug 19, 11:40 pm, David Carson carson63...@gmail.com wrote: Got this sorted out and working, and thought I should share the two pitfalls which were causing me problems. First of all, unbelievably, the 500 Internal Server Error was being caused by an extra carriage return between my last HTTP header and the first multipart boundary. Seriously. I had two blank lines in there instead of one. Removed the extra carriage return, and my 500 vanished, being replaced by a more reasonable (401) Unauthorized - Incorrect signature error. Secondly, the OAuth documentation seems a bit shaky when it comes to multipart/form-data POSTs. But basically, you do NOT use any of the POST parameters when creating your signature. And this includes all of the OAuth-specific parameters like oauth_consumer_key, oauth_signature_method, etc. Bit of a security hole imho, OAuth implements all this complexity to avoid man-in-the-middle or replay attacks, and as soon as you do a multipart POST it's all negated. So, my signature base was literally: POSThttp%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml Just the HTTP method and the URL. No parameters. Once I made that change to the signature generation, my request went through fine and my avatar changed. Hope this helps
[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error
Nicholas, That's great feedback! In you opinion, how do I then sign the request? Do I use all the usual for the signaturebase... ie postmethodurlnonceetc etc or just postmethodurl as David suggested? I trust that the image data does not come into the signing process, and that I still can post the data using iso-8859-1 encoding as I would normally do for uploading files? If you have these answers, then I should be able to nail this for our .net case.Oauth's been working great for us until this hitch... Thanks Simon On Oct 18, 6:11 pm, Nicholas Granado ngran...@gmail.com wrote: Simon, I believe the body of your post might be incorrect. It should look like this: POST /account/update_profile_image.xml HTTP/1.1 Content-Type: multipart/form-data; boundary=8cbed79c91b24f3 Host: twitter.com Content-Length: 3863(this will probably change now..) --8cbed79c91b24f3 Content-Disposition: form-data; name=image; filename=test.jpg Content-Type: image/jpeg (there's a few K of binary data here, the contents of the file) --8cbed79c91b24f3 The rest of the OAuth variables should be passed on the query string. I hope this helps. Cheers, Nicholas --- Nicholas Granado email: ngran...@gmail.com twitter: heatxsink web:http://nickgranado.com On Sun, Oct 18, 2009 at 2:42 PM, Zaudio si...@z-audio.co.uk wrote: Hi David, I found your excellent post hoping that it would solve the same challenge for my app: updating profile image via Oauth... using similar .net base to yourself... BUT I just get the 401 all the time... despite taking your advice to just sign with the HTTPmethod URL My post data is laid out much like yours... though I never got that 500 error... I've tried all sorts... dropping the off the end different encodings... What encoding did you use to encode your image, and then to post the request? Does it still work for you... or did this get broken when Twitter 'fixed' their Oauth implementation? Can anyone else advise if they have got this working and where I might be going wrong? Thanks Simon (Zaudio) On Aug 19, 11:40 pm, David Carson carson63...@gmail.com wrote: Got this sorted out and working, and thought I should share the two pitfalls which were causing me problems. First of all, unbelievably, the 500 Internal Server Error was being caused by an extra carriage return between my last HTTP header and the first multipart boundary. Seriously. I had two blank lines in there instead of one. Removed the extra carriage return, and my 500 vanished, being replaced by a more reasonable (401) Unauthorized - Incorrect signature error. Secondly, the OAuth documentation seems a bit shaky when it comes to multipart/form-data POSTs. But basically, you do NOT use any of the POST parameters when creating your signature. And this includes all of the OAuth-specific parameters like oauth_consumer_key, oauth_signature_method, etc. Bit of a security hole imho, OAuth implements all this complexity to avoid man-in-the-middle or replay attacks, and as soon as you do a multipart POST it's all negated. So, my signature base was literally: POSThttp%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml Just the HTTP method and the URL. No parameters. Once I made that change to the signature generation, my request went through fine and my avatar changed. Hope this helps someone! Cheers, David...
[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error
You can use TwitterVB which covers nearly the complete API in .NET (OAuth included). U find it on codeplex http://twittervb.codeplex.com/ Cheers, Thomas Nicholas Granado schrieb: Simon, You would sign the request with all of the usual oauth param suspects. If I recall correctly this endpoint has no other params other than the 'image' param in the multi-part post body whose value would be the bytes of the image file. Typically I've only seen the post params passed into the oauth signing rigmarole when the post body is urlencoded. I hope this helps, this whole OAuth thing can be very confusing at first glance. If you are in C# I have my own lib for twitter basic auth/oauth that I've baked up, if you like I could pass you the bits. Nicholas --- Nicholas Granado email: ngran...@gmail.com mailto:ngran...@gmail.com twitter: heatxsink web:http://nickgranado.com On Mon, Oct 19, 2009 at 6:38 AM, Zaudio si...@z-audio.co.uk mailto:si...@z-audio.co.uk wrote: Nicholas, That's great feedback! In you opinion, how do I then sign the request? Do I use all the usual for the signaturebase... ie postmethodurlnonceetc etc or just postmethodurl as David suggested? I trust that the image data does not come into the signing process, and that I still can post the data using iso-8859-1 encoding as I would normally do for uploading files? If you have these answers, then I should be able to nail this for our .net case.Oauth's been working great for us until this hitch... Thanks Simon On Oct 18, 6:11 pm, Nicholas Granado ngran...@gmail.com mailto:ngran...@gmail.com wrote: Simon, I believe the body of your post might be incorrect. It should look like this: POST /account/update_profile_image.xml HTTP/1.1 Content-Type: multipart/form-data; boundary=8cbed79c91b24f3 Host: twitter.com http://twitter.com Content-Length: 3863(this will probably change now..) --8cbed79c91b24f3 Content-Disposition: form-data; name=image; filename=test.jpg Content-Type: image/jpeg (there's a few K of binary data here, the contents of the file) --8cbed79c91b24f3 The rest of the OAuth variables should be passed on the query string. I hope this helps. Cheers, Nicholas --- Nicholas Granado email: ngran...@gmail.com mailto:ngran...@gmail.com twitter: heatxsink web:http://nickgranado.com On Sun, Oct 18, 2009 at 2:42 PM, Zaudio si...@z-audio.co.uk mailto:si...@z-audio.co.uk wrote: Hi David, I found your excellent post hoping that it would solve the same challenge for my app: updating profile image via Oauth... using similar .net base to yourself... BUT I just get the 401 all the time... despite taking your advice to just sign with the HTTPmethod URL My post data is laid out much like yours... though I never got that 500 error... I've tried all sorts... dropping the off the end different encodings... What encoding did you use to encode your image, and then to post the request? Does it still work for you... or did this get broken when Twitter 'fixed' their Oauth implementation? Can anyone else advise if they have got this working and where I might be going wrong? Thanks Simon (Zaudio) On Aug 19, 11:40 pm, David Carson carson63...@gmail.com mailto:carson63...@gmail.com wrote: Got this sorted out and working, and thought I should share the two pitfalls which were causing me problems. First of all, unbelievably, the 500 Internal Server Error was being caused by an extra carriage return between my last HTTP header and the first multipart boundary. Seriously. I had two blank lines in there instead of one. Removed the extra carriage return, and my 500 vanished, being replaced by a more reasonable (401) Unauthorized - Incorrect signature error. Secondly, the OAuth documentation seems a bit shaky when it comes to multipart/form-data POSTs. But basically, you do NOT use any of the POST parameters when creating your signature. And this includes all of the OAuth-specific parameters like oauth_consumer_key, oauth_signature_method, etc. Bit of a security hole imho, OAuth implements all this complexity to avoid man-in-the-middle or replay attacks, and as soon as you do a multipart POST it's all negated. So, my signature base was literally:
[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error
On Thu, Aug 20, 2009 at 1:40 AM, David Carsoncarson63...@gmail.com wrote: Got this sorted out and working, and thought I should share the two pitfalls which were causing me problems. First of all, unbelievably, the 500 Internal Server Error was being caused by an extra carriage return between my last HTTP header and the first multipart boundary. Seriously. I had two blank lines in there instead of one. Removed the extra carriage return, and my 500 vanished, being replaced by a more reasonable (401) Unauthorized - Incorrect signature error. Secondly, the OAuth documentation seems a bit shaky when it comes to multipart/form-data POSTs. But basically, you do NOT use any of the POST parameters when creating your signature. And this includes all of the OAuth-specific parameters like oauth_consumer_key, oauth_signature_method, etc. Bit of a security hole imho, OAuth implements all this complexity to avoid man-in-the-middle or replay attacks, and as soon as you do a multipart POST it's all negated. So, my signature base was literally: POSThttp%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml Just the HTTP method and the URL. No parameters. Once I made that change to the signature generation, my request went through fine and my avatar changed. Hope this helps someone! Cheers, David... Gotta love HTTP. In many ways very forgiving, in other ways very, very picky. Glad you got it worked out. FYI I believe LinqToTwitter offers the same image upload/change functionality on top of the same OAuthBase work by Eran Shannon. ∞ Andy Badera ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)
[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error
Got this sorted out and working, and thought I should share the two pitfalls which were causing me problems. First of all, unbelievably, the 500 Internal Server Error was being caused by an extra carriage return between my last HTTP header and the first multipart boundary. Seriously. I had two blank lines in there instead of one. Removed the extra carriage return, and my 500 vanished, being replaced by a more reasonable (401) Unauthorized - Incorrect signature error. Secondly, the OAuth documentation seems a bit shaky when it comes to multipart/form-data POSTs. But basically, you do NOT use any of the POST parameters when creating your signature. And this includes all of the OAuth-specific parameters like oauth_consumer_key, oauth_signature_method, etc. Bit of a security hole imho, OAuth implements all this complexity to avoid man-in-the-middle or replay attacks, and as soon as you do a multipart POST it's all negated. So, my signature base was literally: POSThttp%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml Just the HTTP method and the URL. No parameters. Once I made that change to the signature generation, my request went through fine and my avatar changed. Hope this helps someone! Cheers, David...
