Re: [twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
i wrote a simple ruby script and posted it at http://mehack.com/uploading-a-background-image-to-twitter-using (which may be having DNS issues at the moment, and if so, just go see the code directly at http://gist.github.com/279650) -- that code demonstrates how to construct the oauth signature and upload a background image to Twitter. i tested it on my test account, and it seems to work well. while that code is written in ruby, i tried to take care to write it clearly enough so that even non-ruby programmers should be able to follow it. let me know if there are any questions! ps. as yusuke mentioned earlier on this thread, Twitter4J ( http://yusuke.homeip.net/twitter4j/en/index.html) has support for setting background images via OAuth. FWIW, that library is -very- clearly written, and should be relatively easy for programmers (especially those who are attempting to construct their own OAuth signatures) to follow. On Wed, Jan 13, 2010 at 9:40 AM, Vikram wrote: > Raffi, > > After modifications, this is how my request looks like > > OAuth signature base: > > POST&http%3A%2F%2Ftwitter.com%2Faccount > %2Fupdate_profile_background_image.xml&oauth_consumer_key > %3DgUutCG9HjEOT0N8IxvW9w%26oauth_nonce > %3Dt64bID6gIVtpU6t7m3dsTrTUOhubJizM%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1263403749%26oauth_token > %3D29191067-7Gl0rjc5KegDdw5p0FJqcBLTmKFF8rCr9Kb3Yt7ZE%26oauth_version > %3D1.0a > > I sign this and then add all the parameters to the request stream, > this is how my stream looks like: > > > oauth_consumer_key=gUutCG9HjEOT0N8IxvW9w&oauth_nonce=t64bID6gIVtpU6t7m3dsTrTUOhubJizM&oauth_signature=TE0lfX3WZwYAr1812GNP8uYJGKc > %3D&oauth_signature_method=HMAC- > > SHA1&oauth_timestamp=1263403749&oauth_token=29191067-7Gl0rjc5KegDdw5p0FJqcBLTmKFF8rCr9Kb3Yt7ZE&oauth_version=1.0a&image= > > > This is followed by the byte stream of the image. > > I still get a 401 as response. > > Can tell me what I need to change? > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
i've never used dot.net, however, it looks suspicious to me that the bytestream of the image is coming before the oauth params/signature in your example. i would expect the oauth params/signature to be in the Authorization header, and the image to be in the body of the POST. On Tue, Jan 12, 2010 at 10:50 AM, Vikram wrote: > Raffi, > > If you have ever worked with DotNet then please help me. > > What I do currently is as follows: > > - Set the request type to POST. > - ContentType to "multipart/form-data; boundary=" + boundary > (generated); > - Then I add this to the request stream > > L"--"+boundary+L"\r\n"+L"Content-Disposition: form-data; > name=\"image\"; filename=\"test.JPG\" " + L"\r\n"+L"Content-Type: > image/jpg"+L"\r\n\r\n"; > - followed by the bytestream of the image. > - Then I continue to add the OAuth params/signature to the stream > > All the above are URL encoded. > > Twitter responds with a 401 to this request. > > What do I have to correct. > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
i haven't actually written code to upload profile images recently, but what i would try is the following (and i apologise if i'm slightly incorrect as i'm doing this from memory): > 1. What all parameters should be part of the signature base string? > oauth_consumer_key oauth_signature_method oauth_timestamp oauth_nonce oauth_version oauth_token of course, the request type and URL comprise the block that needs to be signed 2. Where should the parameters and the signature be placed in the > request stream? > the authorization header would be the best place to stick it. > 3. How should the file data be sent? multipart/form-data, i believe. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
i suggest taking a look at http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ as it has a pretty good walk through of how to construct the parameters. one point of note is that when the Content-Type of the request is -not- application/x-www-form-urlencoded, then the POST body should -not- be included as part of the signature. so, assuming you're using multi-part and the image is in the POST body, do not include it in the signature block. On Mon, Jan 11, 2010 at 8:30 PM, Vikram wrote: > > > Yusuke, > > Can you please share with us the raw text of your request? I am not > familiar with Java. I am working with C++(.NET) > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi