[twitter-dev] Re: error 401 from oauth, starting a few days ago
FYI, one of my clients decided to pull this from the site rather than spend any more money troubleshooting it. I've hidden it from the other site but may come back later and try a different OAuth library if I have time. I can't use the pre-built widgets because they don't offer enough flexibility in sizing and appearance. Basic authentication was pretty easy to set up and worked fine; OAuth was a bigger effort to set up but worked fine until it broke. I don't understand why something as simple as showing my last five Twitter posts should be so complicated as to require a third-party library with dozens of scripts and repeated API changes that are not backwards compatible. I'm submitting this as feedback on your new system -- you just lost a featured position on two websites because of its complexity and instability. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: error 401 from oauth, starting a few days ago
Yes, I've made both of those changes, as I mentioned in my June 16 post. I just ran the requests again; here's what the request headers look like now. The first is the token request and the second is the timeline request: POST https://api.twitter.com/oauth/request_token Authorization: OAuth realm=, oauth_signature_method=HMAC-SHA1, oauth_signature=[8 chars]%2F[18 chars]%3D, oauth_nonce=[13 chars], oauth_timestamp=1309193079, oauth_token=, oauth_consumer_key=[consumer key from application settings page], oauth_version=1.0 Content-Type: application/x-www-form-urlencoded (This returns a response body containing name/value pairs for oauth_token, oauth_token_secret and oauth_callback_confirmed. However, the token values don't match the token values I see when I log into my Twitter account and look at my application settings.) GET https://api.twitter.com/1/statuses/user_timeline.xml?count=1 Authorization: OAuth realm=, oauth_token=[access token from application settings page], oauth_signature_method=HMAC-SHA1, oauth_signature=%2F[26 chars]%3D, oauth_nonce=[13 chars], oauth_timestamp=1309193079, oauth_consumer_key=[consumer key from application settings page], oauth_version=1.0 (This returns a response body containing the same error as before, This method requires authentication. The response also includes the HTTP header X-Warning: Invalid OAuth credentials detected.) Does the URL for the first request also need to contain the version number? Taylor didn't mention that, but when I add it, that first request returns the error Request failed with code 401: Invalid / expired Token. I'm not sure if I even need that first request, because I can get the access token manually from my application settings page. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: error 401 from oauth, starting a few days ago
The response body only includes the text of the error message (This method requires authentication) and a copy of my request URI. I included my complete request including all headers in an earlier post in this thread; is that what you meant by authorization header/ parameters? -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] Re: error 401 from oauth, starting a few days ago
Thanks. I was asking about the code as Taylor made a few suggestions about issues with your code. I was wondering if you had implemented them yet. In particular have you updated your URLs to use the correct domain with the /1 included. For example: http://api.twitter.com/1/statuses/user_timeline.xml and have you removed the oauth_token_secret from your authorisation header? Best, @themattharris https://twitter.com/intent/follow?screen_name=themattharris Developer Advocate, Twitter On Fri, Jun 24, 2011 at 9:25 AM, arlomedia a...@arlomedia.com wrote: The response body only includes the text of the error message (This method requires authentication) and a copy of my request URI. I included my complete request including all headers in an earlier post in this thread; is that what you meant by authorization header/ parameters? -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] Re: error 401 from oauth, starting a few days ago
Hi Arlo, When an error is returned by the API we include some information about the cause in the response body. Take a look at that response body and see if that helps you resolve the problem. If not, let us know what the error says and what your OAuth basestring and authorization header/parameters are. Remember to remove your oauth and consumer secrets though. Best, @themattharris https://twitter.com/intent/follow?screen_name=themattharris Developer Advocate, Twitter On Fri, Jun 17, 2011 at 8:07 AM, arlomedia a...@arlomedia.com wrote: Just giving this a bump for Taylor. For anyone else, does the oauth-php example script work with your accounts? It works for me when accessing the public timeline as shown in the example, but if I change the request URL to access my user timeline (protected or unprotected) I get the authorization error. It would be helpful to know if the problem is with my account, the example script, or the oauth-php library. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: error 401 from oauth, starting a few days ago
Just giving this a bump for Taylor. For anyone else, does the oauth-php example script work with your accounts? It works for me when accessing the public timeline as shown in the example, but if I change the request URL to access my user timeline (protected or unprotected) I get the authorization error. It would be helpful to know if the problem is with my account, the example script, or the oauth-php library. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: error 401 from oauth, starting a few days ago
Thanks for the reply. On one website, I'm accessing the timeline for a protected account; on the other website, the account is not protected. For both, I'm using this URL: https://api.twitter.com/statuses/user_timeline.xml. Both stopped working last week. The oauth example script I posted above requests the oauth token and secret from the account, then passes it back with the request (you can see that by checking the $params value before the request). In my own script, I simply have the token and secret saved in constants and then I pass them from there. Neither approach is working for me now. I did notice that the token and secret returned by the request_token API call are different from the token and secret that I see displayed on the my_token page in my Twitter account (https://dev.twitter.com/apps/ nn/my_token), and the values returned from the API are different every time. Does that tell us anything? Here's what my request_token request looks like: POST https://api.twitter.com/oauth/request_token Authorization: OAuth realm=, oauth_signature_method=HMAC-SHA1, oauth_signature=[27 characters]%3D, oauth_nonce=[13 characters], oauth_timestamp=1308241110, oauth_token=, oauth_consumer_key=[consumer key], oauth_version=1.0 Content-Type: application/x-www-form-urlencoded This returns values for oauth_token, oauth_token_secret and oauth_callback_confirmed (but the token values don't match what I see in my account). Here's what my user_timeline request looks like: GET https://api.twitter.com/statuses/user_timeline.xml Authorization: OAuth realm=, oauth_token=[oauth token], oauth_token_secret=[oauth token secret], oauth_signature_method=HMAC-SHA1, oauth_signature=[27 characters] %3D, oauth_nonce=[13 characters], oauth_timestamp=1308241629, oauth_consumer_key=[consumer key], oauth_version=1.0 This returns the 401 error whether I send the token values returned by request_token or the token values I got from my account. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] Re: error 401 from oauth, starting a few days ago
Hi Arlo, A few minor points here: - What type of perms do you have set for your API key: RO, RW, or RW+DM? - The my access token feature can only yield RO and RW tokens. If you've set your app to RW+DM, you'll get a different kind of token when walking through the OAuth web-flow than you get for the my access token flow (which may explain why you'll see the differing values) Most importantly: - You aren't accessing valid API URLs. https://api.twitter.com/statuses/user_timeline.xml should have a version: https://api.twitter.com/*1*/statuses/user_timeline.xml - Your authorization header contains your oauth_token_secret -- which should be kept secret and not included in your request. oauth_token_secret is only used as part of the signing process, it's not a value that you'll ever need to send to the API. @episod http://twitter.com/intent/user?screen_name=episod - Taylor Singletary On Thu, Jun 16, 2011 at 9:40 AM, arlomedia a...@arlomedia.com wrote: Thanks for the reply. On one website, I'm accessing the timeline for a protected account; on the other website, the account is not protected. For both, I'm using this URL: https://api.twitter.com/statuses/user_timeline.xml. Both stopped working last week. The oauth example script I posted above requests the oauth token and secret from the account, then passes it back with the request (you can see that by checking the $params value before the request). In my own script, I simply have the token and secret saved in constants and then I pass them from there. Neither approach is working for me now. I did notice that the token and secret returned by the request_token API call are different from the token and secret that I see displayed on the my_token page in my Twitter account (https://dev.twitter.com/apps/ nn/my_token), and the values returned from the API are different every time. Does that tell us anything? Here's what my request_token request looks like: POST https://api.twitter.com/oauth/request_token Authorization: OAuth realm=, oauth_signature_method=HMAC-SHA1, oauth_signature=[27 characters]%3D, oauth_nonce=[13 characters], oauth_timestamp=1308241110, oauth_token=, oauth_consumer_key=[consumer key], oauth_version=1.0 Content-Type: application/x-www-form-urlencoded This returns values for oauth_token, oauth_token_secret and oauth_callback_confirmed (but the token values don't match what I see in my account). Here's what my user_timeline request looks like: GET https://api.twitter.com/statuses/user_timeline.xml Authorization: OAuth realm=, oauth_token=[oauth token], oauth_token_secret=[oauth token secret], oauth_signature_method=HMAC-SHA1, oauth_signature=[27 characters] %3D, oauth_nonce=[13 characters], oauth_timestamp=1308241629, oauth_consumer_key=[consumer key], oauth_version=1.0 This returns the 401 error whether I send the token values returned by request_token or the token values I got from my account. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: error 401 from oauth, starting a few days ago
Hello, I wondered about the version number in the URL; but when I add that, I get the same error. I also removed the token secret from the request parameters. Where would I set the permissions on the API key? I'm not familiar with that process. In any case, my own scripts were just passing the keys I had copied and pasted from my Twitter account, so that approach should still work, right? In my requests (which are generated by the oauth-php library) I noticed that the signature line is a single value followed by an encoded ampersand. Is that correct, for the specified authentication method? Thanks, -Arlo -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk