[twitter-dev] Re: Incorrect signature with oAuth

2010-07-18 Thread CeBeans
Hi Carlos:

It works!!! Thanks for the tips.

I set the header to the one one the GoogleCode page.  I also removed
the spaces in the header.
I was getting the same signature as the GoogleGode page (Im using pure
C++ here so I have a set of libs for SHA/Base64) so there was some
concern.

While C++ shotguning I tried to update status with the footer line:

status=woowow

AND IT WORKS!

NOTE: As you can see the footer is NOT url encoded.   I think what
Twitter wants is all of the characters AFTER the 'status=' to be url
encoded.  NOT the 'status='

Time for the C++ dance,

Thanks Carlos!

Vincent Collura
(Inventor/Engineer)

http://www.CeBeans.com
Did you get your beans Today?


On Jul 18, 12:54 am, Carlos carlosju...@gmail.com wrote:
 Don't know if it matters but you are adding a space after each comma
 in the Authorization Header.

 Also check your signature generation method using the 
 following:http://oauth.googlecode.com/svn/code/javascript/example/signature.html
 and see if you are getting the same signature values.

 On Jul 17, 5:21 pm, CeBeans inven...@cebeans.com wrote:

  Hi Carlos:

  Thanks for the sniplet. I just converted my source to encode when
  *building* the parameter string and encode again when *adding* it.  I
  tried on my proper app token codes and still signature error.

  This is with my base looks like now.  NOTE: I changed the C++ source
  back to the older tokens for this report since this is a public
  newsgroup.  I kept the new 'dual' encoding in the source:

  According to your pseudo code, my base is now:

  POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
  %2Fupdate.xmloauth_consumer_key%3Dx80ZNISjmQ0Lxufp0QVM6w%26oauth_nonce
  %3D622476171724201%26oauth_signature_method%3DHMAC-
  SHA1%26oauth_timestamp%3D1279401864%26oauth_token%3D63573892-
  Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK%26oauth_version
  %3D1.0%26status%3Dh

  I did try to urlencode the status parameter, just to see but changed
  it back to above.

  And the new HTTP header (with signature):

  Authorization: OAuth oauth_nonce=622476171724201,
  oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279401864,
  oauth_consumer_key=x80ZNISjmQ0Lxufp0QVM6w, oauth_token=63573892-
  Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK,
  oauth_signature=nEOZNjNS0uyh58XzR2QH%2FPLK%2F7k%3D,
  oauth_version=1.0
  Content-Type: application/x-www-form-urlencoded
  Host: api.twitter.com
  Content-Length: 10
  Connection: Keep-Alive

  What am I missing?

  Vincent Collura
  CeBeans

  On Jul 17, 1:53 pm, Carlos carlosju...@gmail.com wrote:

   Are you doing this in PseudoCode?

   base = methodURLEncode(endpoint)URLEncode(URLParameterString)
   where URLParameterString =
   URLEncode(name)=URLEncode(value)URLEncode(name)=URLEncode(value)...

   On Jul 17, 11:01 am, CeBeans inven...@cebeans.com wrote:

Im developing a DLL in eVC++3.0 (native C++) that uses the Twitter
oAuth to update a status and have searched the web and support
websites for over a week but still cant figure the signature problem
out.


NOTE: I have deleted the app in this example so Its safe to give out
the correct codes.  This way I can get a better response from support.


The DLL is a simple call to update a users status: status=h (to get
this thing started)

My DELETED App Info:
ConsumerKey,x80ZNISjmQ0Lxufp0QVM6w
ConsumerSecret,AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc
Token,63573892-Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK
TokenSecret,6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44

Signature Base:
POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.xmloauth_consumer_key%3Dx80ZNISjmQ0Lxufp0QVM6w%26oauth_nonce
%3D4064976171056201%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1279378609%26oauth_token%3D63573892-
Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK%26oauth_version
%3D1.0%26status%3Dh

Signature Key to Sign with:
AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44

http Header:
=
Authorization: OAuth oauth_nonce=4064976171056201,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279378609,
oauth_consumer_key=x80ZNISjmQ0Lxufp0QVM6w, oauth_token=63573892-
Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK,
oauth_signature=ZztcjuTr1oxmVpQPAltfxiUEwEw%3D, oauth_version=1.0
Content-Type: application/x-www-form-urlencoded
Host: api.twitter.com
Content-Length: 10
Connection: Keep-Alive

Http Footer
=
status%3Dh

Server Response
==
?xml version=1.0 encoding=UTF-8?
hash
  request/1/statuses/update.xml/request
  errorIncorrect signature/error
/hash

I also tried the HTTPS in the signature base, and still the same
error.  NOTE: The DLL 

[twitter-dev] Re: Incorrect signature with oAuth

2010-07-17 Thread Carlos
Are you doing this in PseudoCode?

base = methodURLEncode(endpoint)URLEncode(URLParameterString)
where URLParameterString =
URLEncode(name)=URLEncode(value)URLEncode(name)=URLEncode(value)...


On Jul 17, 11:01 am, CeBeans inven...@cebeans.com wrote:
 Im developing a DLL in eVC++3.0 (native C++) that uses the Twitter
 oAuth to update a status and have searched the web and support
 websites for over a week but still cant figure the signature problem
 out.

 
 NOTE: I have deleted the app in this example so Its safe to give out
 the correct codes.  This way I can get a better response from support.
 

 The DLL is a simple call to update a users status: status=h (to get
 this thing started)

 My DELETED App Info:
 ConsumerKey,x80ZNISjmQ0Lxufp0QVM6w
 ConsumerSecret,AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc
 Token,63573892-Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK
 TokenSecret,6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44

 Signature Base:
 POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
 %2Fupdate.xmloauth_consumer_key%3Dx80ZNISjmQ0Lxufp0QVM6w%26oauth_nonce
 %3D4064976171056201%26oauth_signature_method%3DHMAC-
 SHA1%26oauth_timestamp%3D1279378609%26oauth_token%3D63573892-
 Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK%26oauth_version
 %3D1.0%26status%3Dh

 Signature Key to Sign with:
 AHumtKUplfkqJVVy0VtbjoMROMU1SoVbCI8aIubu2Nc6lRq2U4UoO3pv1Z0odU4lxhXvc3zlwJdOuyViQx44

 http Header:
 =
 Authorization: OAuth oauth_nonce=4064976171056201,
 oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279378609,
 oauth_consumer_key=x80ZNISjmQ0Lxufp0QVM6w, oauth_token=63573892-
 Y5GT47cl6ixaRKTaK5TpDg9N9D6g5Wqy718pIydjK,
 oauth_signature=ZztcjuTr1oxmVpQPAltfxiUEwEw%3D, oauth_version=1.0
 Content-Type: application/x-www-form-urlencoded
 Host: api.twitter.com
 Content-Length: 10
 Connection: Keep-Alive

 Http Footer
 =
 status%3Dh

 Server Response
 ==
 ?xml version=1.0 encoding=UTF-8?
 hash
   request/1/statuses/update.xml/request
   errorIncorrect signature/error
 /hash

 I also tried the HTTPS in the signature base, and still the same
 error.  NOTE: The DLL callshttp://api.twitter.com/1/statuses/update.xml

 Vincent Collura
 CeBeans


[twitter-dev] Re: Incorrect Signature for oAuth

2010-06-08 Thread rhysmeister
Thanks to all your replies helped I can now perform status updates via
oAuth.

I'm rather irritated that Uri.EscapeDataString doesn't escape all
illegal characters. It just fails now if a status update contains
exclamation marks, asterisk, dollar signs, single quotes and probably
a few more.  I'll solve that in the morning. Thanks again.

Rhys

On Jun 8, 1:57 am, StephenBnz stephenbro...@gmail.com wrote:
 Hi Rhys,
 - you're right status should be at the end of the base string. Even
 though it's sent as a POST, it still has to go in alpha order in the
 base string.
 - Also be careful of the leading %3F you've got after the update.xml -
 should just be (method)(baseURL+service)(list of params separated by
 %26)
 - Once you've signed with this string, your message will look like:
 (pseudo code not actual message)

 POST HTTP 1.1 /statuses/update.xml
 Host: api.twitter.com:443
 Authorization: (list of params as normal, including oauth_signature
 but NOT including status)
 Content-type: application/x-www-form-urlencoded
 Body:
 status=test

 Also note that if you have non-alpha characters in the status string
 (eg. space, etc) you must URL encode them BEFORE compiling the base
 signature string, and also ensure they remain URL encoded in the POST
 body.

 Hope this helps
 Stephen

 On Jun 8, 7:36 am,rhysmeistertherhysmeis...@hotmail.com wrote:



  Hi, thanks to you both. I've removed the source parameter.

  There is something wrong with my signature base indeed. Here's what I
  am sending for a status update...

  POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml%3Fstatus
  %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce
  %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
  %3D1275946125%26oauth_token%3Dxx
  %26oauth_version%3D1.0

  As far as I can gather from this 
  linkhttp://dev.twitter.com/pages/auth#auth-request,
  I need to remove query parameter from the url and order them in the
  string. So in this case status would appear at the end. I can't find
  it now, but some poster in a group said to put the status paramter in
  the url rather than the post body.  I think I must have been ordering
  the signature base incorrectly previous to this.

  Rhys

  On Jun 7, 3:09 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:

   To help you debug, it would be useful to see the signature base string 
   that
   was generated for the request. Possible things going wrong: the signature
   base string isn't mentioning that this is a POST, or your OAuth-based
   parameters are leaking into your POST body..

   As Hwee-Boon said, you also needn't include the source parameter, as it 
   will
   be ignored.

   Taylor Singletary
   Developer Advocate, Twitterhttp://twitter.com/episod

   On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar hweeb...@gmail.com wrote:
Since it's GET works and POST, no. 1 reason is to make sure the base
URI in the base signature string is constructed correctly. In your
example, you don't need source= since it's OAuth.

--
Hwee-Boon

On Jun 6, 8:56 pm,rhysmeistertherhysmeis...@hotmail.com wrote:
 Hi All,

 I am having problems identifying what is wrong with converting my app
 to use oAuth. All my GET requests work fine but my POST requests all
 fail with an incorrect signature error. I am adding the oauth
 parameters to the authorisation header of my request. My authorisation
 header is build like below for GET requests (this works);

 OAuth

oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth
_signature_method=HMAC-

SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx
xxx

 My POST requests (these don't work);

 OAuth

oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth
_signature_method=HMAC-

SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx
xxx

 I get the below error returned...

 pre
 ?xml version=1.0 encoding=UTF-8?
 hash
   request/1/statuses/update.xml?source=xx/request
   errorIncorrect signature/error
 /hash

 Would anyone be able to provide any pointers here?

 Cheers,

 Rhys


[twitter-dev] Re: Incorrect Signature for oAuth

2010-06-07 Thread rhysmeister
Hi, thanks to you both. I've removed the source parameter.

There is something wrong with my signature base indeed. Here's what I
am sending for a status update...

POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml%3Fstatus
%3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce
%3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1275946125%26oauth_token%3Dxx
%26oauth_version%3D1.0

As far as I can gather from this link 
http://dev.twitter.com/pages/auth#auth-request,
I need to remove query parameter from the url and order them in the
string. So in this case status would appear at the end. I can't find
it now, but some poster in a group said to put the status paramter in
the url rather than the post body.  I think I must have been ordering
the signature base incorrectly previous to this.

Rhys

On Jun 7, 3:09 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 To help you debug, it would be useful to see the signature base string that
 was generated for the request. Possible things going wrong: the signature
 base string isn't mentioning that this is a POST, or your OAuth-based
 parameters are leaking into your POST body..

 As Hwee-Boon said, you also needn't include the source parameter, as it will
 be ignored.

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod



 On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar hweeb...@gmail.com wrote:
  Since it's GET works and POST, no. 1 reason is to make sure the base
  URI in the base signature string is constructed correctly. In your
  example, you don't need source= since it's OAuth.

  --
  Hwee-Boon

  On Jun 6, 8:56 pm, rhysmeister therhysmeis...@hotmail.com wrote:
   Hi All,

   I am having problems identifying what is wrong with converting my app
   to use oAuth. All my GET requests work fine but my POST requests all
   fail with an incorrect signature error. I am adding the oauth
   parameters to the authorisation header of my request. My authorisation
   header is build like below for GET requests (this works);

   OAuth

  oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth
  _signature_method=HMAC-

  SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx
  xxx

   My POST requests (these don't work);

   OAuth

  oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth
  _signature_method=HMAC-

  SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx
  xxx

   I get the below error returned...

   pre
   ?xml version=1.0 encoding=UTF-8?
   hash
     request/1/statuses/update.xml?source=xx/request
     errorIncorrect signature/error
   /hash

   Would anyone be able to provide any pointers here?

   Cheers,

   Rhys


[twitter-dev] Re: Incorrect Signature for oAuth

2010-06-07 Thread StephenBnz
Hi Rhys,
- you're right status should be at the end of the base string. Even
though it's sent as a POST, it still has to go in alpha order in the
base string.
- Also be careful of the leading %3F you've got after the update.xml -
should just be (method)(baseURL+service)(list of params separated by
%26)
- Once you've signed with this string, your message will look like:
(pseudo code not actual message)

POST HTTP 1.1 /statuses/update.xml
Host: api.twitter.com:443
Authorization: (list of params as normal, including oauth_signature
but NOT including status)
Content-type: application/x-www-form-urlencoded
Body:
status=test

Also note that if you have non-alpha characters in the status string
(eg. space, etc) you must URL encode them BEFORE compiling the base
signature string, and also ensure they remain URL encoded in the POST
body.

Hope this helps
Stephen

On Jun 8, 7:36 am, rhysmeister therhysmeis...@hotmail.com wrote:
 Hi, thanks to you both. I've removed the source parameter.

 There is something wrong with my signature base indeed. Here's what I
 am sending for a status update...

 POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml%3Fstatus
 %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce
 %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
 %3D1275946125%26oauth_token%3Dxx
 %26oauth_version%3D1.0

 As far as I can gather from this 
 linkhttp://dev.twitter.com/pages/auth#auth-request,
 I need to remove query parameter from the url and order them in the
 string. So in this case status would appear at the end. I can't find
 it now, but some poster in a group said to put the status paramter in
 the url rather than the post body.  I think I must have been ordering
 the signature base incorrectly previous to this.

 Rhys

 On Jun 7, 3:09 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:

  To help you debug, it would be useful to see the signature base string that
  was generated for the request. Possible things going wrong: the signature
  base string isn't mentioning that this is a POST, or your OAuth-based
  parameters are leaking into your POST body..

  As Hwee-Boon said, you also needn't include the source parameter, as it will
  be ignored.

  Taylor Singletary
  Developer Advocate, Twitterhttp://twitter.com/episod

  On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar hweeb...@gmail.com wrote:
   Since it's GET works and POST, no. 1 reason is to make sure the base
   URI in the base signature string is constructed correctly. In your
   example, you don't need source= since it's OAuth.

   --
   Hwee-Boon

   On Jun 6, 8:56 pm, rhysmeister therhysmeis...@hotmail.com wrote:
Hi All,

I am having problems identifying what is wrong with converting my app
to use oAuth. All my GET requests work fine but my POST requests all
fail with an incorrect signature error. I am adding the oauth
parameters to the authorisation header of my request. My authorisation
header is build like below for GET requests (this works);

OAuth

   oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth
   _signature_method=HMAC-

   SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx
   xxx

My POST requests (these don't work);

OAuth

   oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth
   _signature_method=HMAC-

   SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx
   xxx

I get the below error returned...

pre
?xml version=1.0 encoding=UTF-8?
hash
  request/1/statuses/update.xml?source=xx/request
  errorIncorrect signature/error
/hash

Would anyone be able to provide any pointers here?

Cheers,

Rhys


[twitter-dev] Re: Incorrect Signature for oAuth

2010-06-06 Thread Hwee-Boon Yar
Since it's GET works and POST, no. 1 reason is to make sure the base
URI in the base signature string is constructed correctly. In your
example, you don't need source= since it's OAuth.

--
Hwee-Boon

On Jun 6, 8:56 pm, rhysmeister therhysmeis...@hotmail.com wrote:
 Hi All,

 I am having problems identifying what is wrong with converting my app
 to use oAuth. All my GET requests work fine but my POST requests all
 fail with an incorrect signature error. I am adding the oauth
 parameters to the authorisation header of my request. My authorisation
 header is build like below for GET requests (this works);

 OAuth
 oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth 
 _signature_method=HMAC-
 SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx 
 xxx

 My POST requests (these don't work);

 OAuth
 oauth_timestamp=1234567890,oauth_nonce=xx,oauth_version=1.0,oauth 
 _signature_method=HMAC-
 SHA1,oauth_consumer_key=xx,oauth_token=xx,oauth_signature=xxx 
 xxx

 I get the below error returned...

 pre
 ?xml version=1.0 encoding=UTF-8?
 hash
   request/1/statuses/update.xml?source=xx/request
   errorIncorrect signature/error
 /hash

 Would anyone be able to provide any pointers here?

 Cheers,

 Rhys