[twitter-dev] Re: Incorrect signature with oAuth
Hi Carlos: It works!!! Thanks for the tips. I set the header to the one one the GoogleCode page. I also removed the spaces in the header. I was getting the same signature as the GoogleGode page (Im using pure C++ here so I have a set of libs for SHA/Base64) so there was some concern. While C++ shotguning I tried to update status with the footer line: status=woowow AND IT WORKS! NOTE: As you can see the footer is NOT url encoded. I think what Twitter wants is all of the characters AFTER the 'status=' to be url encoded. NOT the 'status=' Time for the C++ dance, Thanks Carlos! Vincent Collura (Inventor/Engineer) http://www.CeBeans.com Did you get your beans Today? On Jul 18, 12:54 am, Carlos carlosju...@gmail.com wrote: Don't know if it matters but you are adding a space after each comma in the Authorization Header. Also check your signature generation method using the following:http://oauth.googlecode.com/svn/code/javascript/example/signature.html and see if you are getting the same signature values. On Jul 17, 5:21 pm, CeBeans inven...@cebeans.com wrote: Hi Carlos: Thanks for the sniplet. I just converted my source to encode when *building* the parameter string and encode again when *adding* it. I tried on my proper app token codes and still signature error. This is with my base looks like now. NOTE: I changed the C++ source back to the older tokens for this report since this is a public newsgroup. I kept the new 'dual' encoding in the source: According to your pseudo code, my base is now: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dx80ZNISjmQ0Lxufp0QVM6w%26oauth_nonce %3D622476171724201%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1279401864%26oauth_token%3D63573892- Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK%26oauth_version %3D1.0%26status%3Dh I did try to urlencode the status parameter, just to see but changed it back to above. And the new HTTP header (with signature): Authorization: OAuth oauth_nonce=622476171724201, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279401864, oauth_consumer_key=x80ZNISjmQ0Lxufp0QVM6w, oauth_token=63573892- Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK, oauth_signature=nEOZNjNS0uyh58XzR2QH%2FPLK%2F7k%3D, oauth_version=1.0 Content-Type: application/x-www-form-urlencoded Host: api.twitter.com Content-Length: 10 Connection: Keep-Alive What am I missing? Vincent Collura CeBeans On Jul 17, 1:53 pm, Carlos carlosju...@gmail.com wrote: Are you doing this in PseudoCode? base = methodURLEncode(endpoint)URLEncode(URLParameterString) where URLParameterString = URLEncode(name)=URLEncode(value)URLEncode(name)=URLEncode(value)... On Jul 17, 11:01 am, CeBeans inven...@cebeans.com wrote: Im developing a DLL in eVC++3.0 (native C++) that uses the Twitter oAuth to update a status and have searched the web and support websites for over a week but still cant figure the signature problem out. NOTE: I have deleted the app in this example so Its safe to give out the correct codes. This way I can get a better response from support. The DLL is a simple call to update a users status: status=h (to get this thing started) My DELETED App Info: ConsumerKey,x80ZNISjmQ0Lxufp0QVM6w ConsumerSecret,AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc Token,63573892-Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK TokenSecret,6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44 Signature Base: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dx80ZNISjmQ0Lxufp0QVM6w%26oauth_nonce %3D4064976171056201%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1279378609%26oauth_token%3D63573892- Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK%26oauth_version %3D1.0%26status%3Dh Signature Key to Sign with: AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44 http Header: = Authorization: OAuth oauth_nonce=4064976171056201, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279378609, oauth_consumer_key=x80ZNISjmQ0Lxufp0QVM6w, oauth_token=63573892- Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK, oauth_signature=ZztcjuTr1oxmVpQPAltfxiUEwEw%3D, oauth_version=1.0 Content-Type: application/x-www-form-urlencoded Host: api.twitter.com Content-Length: 10 Connection: Keep-Alive Http Footer = status%3Dh Server Response == ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash I also tried the HTTPS in the signature base, and still the same error. NOTE: The DLL
[twitter-dev] Re: Incorrect signature with oAuth
Are you doing this in PseudoCode? base = methodURLEncode(endpoint)URLEncode(URLParameterString) where URLParameterString = URLEncode(name)=URLEncode(value)URLEncode(name)=URLEncode(value)... On Jul 17, 11:01 am, CeBeans inven...@cebeans.com wrote: Im developing a DLL in eVC++3.0 (native C++) that uses the Twitter oAuth to update a status and have searched the web and support websites for over a week but still cant figure the signature problem out. NOTE: I have deleted the app in this example so Its safe to give out the correct codes. This way I can get a better response from support. The DLL is a simple call to update a users status: status=h (to get this thing started) My DELETED App Info: ConsumerKey,x80ZNISjmQ0Lxufp0QVM6w ConsumerSecret,AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc Token,63573892-Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK TokenSecret,6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44 Signature Base: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dx80ZNISjmQ0Lxufp0QVM6w%26oauth_nonce %3D4064976171056201%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1279378609%26oauth_token%3D63573892- Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK%26oauth_version %3D1.0%26status%3Dh Signature Key to Sign with: AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44 http Header: = Authorization: OAuth oauth_nonce=4064976171056201, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279378609, oauth_consumer_key=x80ZNISjmQ0Lxufp0QVM6w, oauth_token=63573892- Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK, oauth_signature=ZztcjuTr1oxmVpQPAltfxiUEwEw%3D, oauth_version=1.0 Content-Type: application/x-www-form-urlencoded Host: api.twitter.com Content-Length: 10 Connection: Keep-Alive Http Footer = status%3Dh Server Response == ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash I also tried the HTTPS in the signature base, and still the same error. NOTE: The DLL callshttp://api.twitter.com/1/statuses/update.xml Vincent Collura CeBeans
[twitter-dev] Re: Incorrect Signature for oAuth
Thanks to all your replies helped I can now perform status updates via oAuth. I'm rather irritated that Uri.EscapeDataString doesn't escape all illegal characters. It just fails now if a status update contains exclamation marks, asterisk, dollar signs, single quotes and probably a few more. I'll solve that in the morning. Thanks again. Rhys On Jun 8, 1:57 am, StephenBnz stephenbro...@gmail.com wrote: Hi Rhys, - you're right status should be at the end of the base string. Even though it's sent as a POST, it still has to go in alpha order in the base string. - Also be careful of the leading %3F you've got after the update.xml - should just be (method)(baseURL+service)(list of params separated by %26) - Once you've signed with this string, your message will look like: (pseudo code not actual message) POST HTTP 1.1 /statuses/update.xml Host: api.twitter.com:443 Authorization: (list of params as normal, including oauth_signature but NOT including status) Content-type: application/x-www-form-urlencoded Body: status=test Also note that if you have non-alpha characters in the status string (eg. space, etc) you must URL encode them BEFORE compiling the base signature string, and also ensure they remain URL encoded in the POST body. Hope this helps Stephen On Jun 8, 7:36 am,rhysmeistertherhysmeis...@hotmail.com wrote: Hi, thanks to you both. I've removed the source parameter. There is something wrong with my signature base indeed. Here's what I am sending for a status update... POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml%3Fstatus %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1275946125%26oauth_token%3Dxx %26oauth_version%3D1.0 As far as I can gather from this linkhttp://dev.twitter.com/pages/auth#auth-request, I need to remove query parameter from the url and order them in the string. So in this case status would appear at the end. I can't find it now, but some poster in a group said to put the status paramter in the url rather than the post body. I think I must have been ordering the signature base incorrectly previous to this. Rhys On Jun 7, 3:09 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: To help you debug, it would be useful to see the signature base string that was generated for the request. Possible things going wrong: the signature base string isn't mentioning that this is a POST, or your OAuth-based parameters are leaking into your POST body.. As Hwee-Boon said, you also needn't include the source parameter, as it will be ignored. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar hweeb...@gmail.com wrote: Since it's GET works and POST, no. 1 reason is to make sure the base URI in the base signature string is constructed correctly. In your example, you don't need source= since it's OAuth. -- Hwee-Boon On Jun 6, 8:56 pm,rhysmeistertherhysmeis...@hotmail.com wrote: Hi All, I am having problems identifying what is wrong with converting my app to use oAuth. All my GET requests work fine but my POST requests all fail with an incorrect signature error. I am adding the oauth parameters to the authorisation header of my request. My authorisation header is build like below for GET requests (this works); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx My POST requests (these don't work); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx I get the below error returned... pre ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml?source=xx/request errorIncorrect signature/error /hash Would anyone be able to provide any pointers here? Cheers, Rhys
[twitter-dev] Re: Incorrect Signature for oAuth
Hi, thanks to you both. I've removed the source parameter. There is something wrong with my signature base indeed. Here's what I am sending for a status update... POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml%3Fstatus %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1275946125%26oauth_token%3Dxx %26oauth_version%3D1.0 As far as I can gather from this link http://dev.twitter.com/pages/auth#auth-request, I need to remove query parameter from the url and order them in the string. So in this case status would appear at the end. I can't find it now, but some poster in a group said to put the status paramter in the url rather than the post body. I think I must have been ordering the signature base incorrectly previous to this. Rhys On Jun 7, 3:09 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: To help you debug, it would be useful to see the signature base string that was generated for the request. Possible things going wrong: the signature base string isn't mentioning that this is a POST, or your OAuth-based parameters are leaking into your POST body.. As Hwee-Boon said, you also needn't include the source parameter, as it will be ignored. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar hweeb...@gmail.com wrote: Since it's GET works and POST, no. 1 reason is to make sure the base URI in the base signature string is constructed correctly. In your example, you don't need source= since it's OAuth. -- Hwee-Boon On Jun 6, 8:56 pm, rhysmeister therhysmeis...@hotmail.com wrote: Hi All, I am having problems identifying what is wrong with converting my app to use oAuth. All my GET requests work fine but my POST requests all fail with an incorrect signature error. I am adding the oauth parameters to the authorisation header of my request. My authorisation header is build like below for GET requests (this works); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx My POST requests (these don't work); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx I get the below error returned... pre ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml?source=xx/request errorIncorrect signature/error /hash Would anyone be able to provide any pointers here? Cheers, Rhys
[twitter-dev] Re: Incorrect Signature for oAuth
Hi Rhys, - you're right status should be at the end of the base string. Even though it's sent as a POST, it still has to go in alpha order in the base string. - Also be careful of the leading %3F you've got after the update.xml - should just be (method)(baseURL+service)(list of params separated by %26) - Once you've signed with this string, your message will look like: (pseudo code not actual message) POST HTTP 1.1 /statuses/update.xml Host: api.twitter.com:443 Authorization: (list of params as normal, including oauth_signature but NOT including status) Content-type: application/x-www-form-urlencoded Body: status=test Also note that if you have non-alpha characters in the status string (eg. space, etc) you must URL encode them BEFORE compiling the base signature string, and also ensure they remain URL encoded in the POST body. Hope this helps Stephen On Jun 8, 7:36 am, rhysmeister therhysmeis...@hotmail.com wrote: Hi, thanks to you both. I've removed the source parameter. There is something wrong with my signature base indeed. Here's what I am sending for a status update... POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml%3Fstatus %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1275946125%26oauth_token%3Dxx %26oauth_version%3D1.0 As far as I can gather from this linkhttp://dev.twitter.com/pages/auth#auth-request, I need to remove query parameter from the url and order them in the string. So in this case status would appear at the end. I can't find it now, but some poster in a group said to put the status paramter in the url rather than the post body. I think I must have been ordering the signature base incorrectly previous to this. Rhys On Jun 7, 3:09 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: To help you debug, it would be useful to see the signature base string that was generated for the request. Possible things going wrong: the signature base string isn't mentioning that this is a POST, or your OAuth-based parameters are leaking into your POST body.. As Hwee-Boon said, you also needn't include the source parameter, as it will be ignored. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar hweeb...@gmail.com wrote: Since it's GET works and POST, no. 1 reason is to make sure the base URI in the base signature string is constructed correctly. In your example, you don't need source= since it's OAuth. -- Hwee-Boon On Jun 6, 8:56 pm, rhysmeister therhysmeis...@hotmail.com wrote: Hi All, I am having problems identifying what is wrong with converting my app to use oAuth. All my GET requests work fine but my POST requests all fail with an incorrect signature error. I am adding the oauth parameters to the authorisation header of my request. My authorisation header is build like below for GET requests (this works); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx My POST requests (these don't work); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx I get the below error returned... pre ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml?source=xx/request errorIncorrect signature/error /hash Would anyone be able to provide any pointers here? Cheers, Rhys
[twitter-dev] Re: Incorrect Signature for oAuth
Since it's GET works and POST, no. 1 reason is to make sure the base URI in the base signature string is constructed correctly. In your example, you don't need source= since it's OAuth. -- Hwee-Boon On Jun 6, 8:56 pm, rhysmeister therhysmeis...@hotmail.com wrote: Hi All, I am having problems identifying what is wrong with converting my app to use oAuth. All my GET requests work fine but my POST requests all fail with an incorrect signature error. I am adding the oauth parameters to the authorisation header of my request. My authorisation header is build like below for GET requests (this works); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx My POST requests (these don't work); OAuth oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth _signature_method=HMAC- SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx xxx I get the below error returned... pre ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml?source=xx/request errorIncorrect signature/error /hash Would anyone be able to provide any pointers here? Cheers, Rhys