Re: [twitter-dev] Re: Oauth Echo Twitpic problems
Hi Gerard,
That's the actual authorization header -- I'm looking for the
signature base string, which is the string that's signed with both
your consumer key and consumer secret to generate your oauth_signature
-- might take you a bit of debugging to get at that information.
Taylor
On Mon, Jul 26, 2010 at 10:46 AM, globaljobber
wrote:
> Hi Taylor,
>
> Here's one I just generated:
>
> OAuth realm="http://api.twitter.com";,
> oauth_consumer_key="9vjtaDCxlOYCRJqyp7XKzA", oauth_nonce="523A02EE",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280166265",
> oauth_token="15389554-7q4tTgSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
> oauth_version="1.0", oauth_signature="ImtWt09x9StbIV5H3G7xC3PM4bc%3D"
>
> There's also another one in the first post.
>
> Thanks
> Gerard
>
>
>
>
> On Jul 26, 6:30 pm, Taylor Singletary
> wrote:
>> Gerard,
>>
>> Thanks for the code sample. Nothing is jumping out at me here.. can
>> you share an example signature base string? (likely generated
>> somewhere in the "AddSignatureToParameters" method in an intermediary
>> step).
>>
>> Taylor
>>
>> On Mon, Jul 26, 2010 at 10:12 AM, globaljobber
>>
>>
>>
>> wrote:
>> > Hi Taylor,
>>
>> > I decided to post my code in brief. I can't expect you or anyone else
>> > to go through the real stuff line by line, so I've tried to simplify
>> > it so that a relatively quick look should perhaps show if there's
>> > somewhere I'm going wrong. The code shows the tasks done rather than
>> > detail
>>
>> > string requestUrl = "https://api.twitter.com/1/account/
>> > verify_credentials.json";
>>
>> > Parameters.Add("oauth_version", "1.0");
>> > Parameters.Add("oauth_nonce", GenerateNonce());
>> > Parameters.Add("oauth_timestamp", GenerateTimeStamp());
>> > Parameters.Add("oauth_signature_method", "HMAC-SHA1");
>> > Parameters.Add("oauth_consumer_key", consumerKey);
>> > Parameters.Add("oauth_consumer_secret", consumerSecret);
>>
>> > //Use these parameters to create the signature
>> > AddSignatureToParameters(requestUrl,Parameters,"GET",consumerSecret,tokenSecret);
>>
>> > //Now create the header
>> > string authHeader = "OAuth realm=\"http://api.twitter.com\"";;
>>
>> > foreach(Parameter)
>> > {
>> > authHeader = authHeader + ", " + URLEncode(Parameter.Key) + "="
>> > URLEncode(Paramter.Value)
>> > }
>>
>> > //Now build POST request to send to Twitpic
>> > requestUrl = "http://api.twitpic.com/2/upload.json";;
>>
>> > Requiredparameters.Add("key", "97bfc7bd3d7827caef4eea82");
>> > Requiredparameters.Add("message", "TestMessage");
>>
>> > requestUrl = requestUrl + AddPerameters(Requiredparameters);
>>
>> > HttpWebRequest webRequest =
>> > (HttpWebRequest)WebRequest.Create(requestUrl);
>> > webRequest.Method = "POST";
>> > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
>> > authHeader);
>> > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
>> > api.twitter.com/1/account/verify_credentials.json");
>>
>> > WebResponse response = webRequest.GetResponse();
>> > string responseString = new
>> > StreamReader(response.GetResponseStream()).ReadToEnd();
>>
>> > Hope this is not too hard to read or follow.
>>
>> > Thanks
>> > Gerard
>>
>> > On Jul 26, 5:31 pm, globaljobber
>> > wrote:
>> >> Hi Taylor,
>>
>> >> Thanks again. Tried generating a header using Post instead of GET and
>> >> didn't work.
>>
>> >> I note in the sample PHP code, line 25, that a GET is used.
>>
>> >> I have read in numerous posts that a GET was used with the 'dummy'
>> >> request to generate the Header.
>>
>> >> I'm not a php programmer, I do C# ASP.Net for my sins, which doesn't
>> >> help. But I have tried to go through your PHP example, which I've seen
>> >> before and I reckon I am replicating what is being done.
>>
>> >> The header I generate is ok'd by Twitter api, i.e. get a 200 OK
>> >> response, but not using Echo.
>>
>> >> Thanks for your help thus far.
>> >> Gerard
>>
>> >> On Jul 26, 5:05 pm, Taylor Singletary
>> >> wrote:
>>
>> >> > Hi Gerard,
>>
>> >> > Steps 1-3 of this process are correct from the perspective of
>> >> > initially negotiating permissions for your user. Once you've performed
>> >> > steps 1-3 you shouldn't need to do these steps for this user again
>> >> > unless re-negotiating for the tokens.
>>
>> >> > Your step 4: I'll improve the documentation we have for OAuth Echo
>> >> > here, as it's not obvious that you should be performing a POST for
>> >> > verify_credentials in this case. The Authorization Header you generate
>> >> > for the verify_credentials request should be a POST, as that's what
>> >> > Twitpic will do.
>>
>> >> > Step 5: Yes, your OAuth authorization header for the
>> >> > verify_credentials request is presented in the
>> >> > X-Verify-Credentials-Authorization header, and X-Auth-Service-Provider
>> >> > contains "https://api.twitter.com/1/account/verify_credentials.json";
>>
>> >> > Let me know if the transition to POST works for you. I have some
>> >> > sample code in PHP available here:http://gist.gi
Re: [twitter-dev] Re: Oauth Echo Twitpic problems
Gerard,
Thanks for the code sample. Nothing is jumping out at me here.. can
you share an example signature base string? (likely generated
somewhere in the "AddSignatureToParameters" method in an intermediary
step).
Taylor
On Mon, Jul 26, 2010 at 10:12 AM, globaljobber
wrote:
> Hi Taylor,
>
> I decided to post my code in brief. I can't expect you or anyone else
> to go through the real stuff line by line, so I've tried to simplify
> it so that a relatively quick look should perhaps show if there's
> somewhere I'm going wrong. The code shows the tasks done rather than
> detail
>
>
> string requestUrl = "https://api.twitter.com/1/account/
> verify_credentials.json";
>
> Parameters.Add("oauth_version", "1.0");
> Parameters.Add("oauth_nonce", GenerateNonce());
> Parameters.Add("oauth_timestamp", GenerateTimeStamp());
> Parameters.Add("oauth_signature_method", "HMAC-SHA1");
> Parameters.Add("oauth_consumer_key", consumerKey);
> Parameters.Add("oauth_consumer_secret", consumerSecret);
>
> //Use these parameters to create the signature
> AddSignatureToParameters(requestUrl,Parameters,"GET",consumerSecret,tokenSecret);
>
> //Now create the header
> string authHeader = "OAuth realm=\"http://api.twitter.com\"";;
>
> foreach(Parameter)
> {
> authHeader = authHeader + ", " + URLEncode(Parameter.Key) + "="
> URLEncode(Paramter.Value)
> }
>
> //Now build POST request to send to Twitpic
> requestUrl = "http://api.twitpic.com/2/upload.json";;
>
> Requiredparameters.Add("key", "97bfc7bd3d7827caef4eea82");
> Requiredparameters.Add("message", "TestMessage");
>
> requestUrl = requestUrl + AddPerameters(Requiredparameters);
>
> HttpWebRequest webRequest =
> (HttpWebRequest)WebRequest.Create(requestUrl);
> webRequest.Method = "POST";
> webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> authHeader);
> webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> api.twitter.com/1/account/verify_credentials.json");
>
> WebResponse response = webRequest.GetResponse();
> string responseString = new
> StreamReader(response.GetResponseStream()).ReadToEnd();
>
>
>
> Hope this is not too hard to read or follow.
>
> Thanks
> Gerard
>
>
>
>
> On Jul 26, 5:31 pm, globaljobber
> wrote:
>> Hi Taylor,
>>
>> Thanks again. Tried generating a header using Post instead of GET and
>> didn't work.
>>
>> I note in the sample PHP code, line 25, that a GET is used.
>>
>> I have read in numerous posts that a GET was used with the 'dummy'
>> request to generate the Header.
>>
>> I'm not a php programmer, I do C# ASP.Net for my sins, which doesn't
>> help. But I have tried to go through your PHP example, which I've seen
>> before and I reckon I am replicating what is being done.
>>
>> The header I generate is ok'd by Twitter api, i.e. get a 200 OK
>> response, but not using Echo.
>>
>> Thanks for your help thus far.
>> Gerard
>>
>> On Jul 26, 5:05 pm, Taylor Singletary
>> wrote:
>>
>>
>>
>> > Hi Gerard,
>>
>> > Steps 1-3 of this process are correct from the perspective of
>> > initially negotiating permissions for your user. Once you've performed
>> > steps 1-3 you shouldn't need to do these steps for this user again
>> > unless re-negotiating for the tokens.
>>
>> > Your step 4: I'll improve the documentation we have for OAuth Echo
>> > here, as it's not obvious that you should be performing a POST for
>> > verify_credentials in this case. The Authorization Header you generate
>> > for the verify_credentials request should be a POST, as that's what
>> > Twitpic will do.
>>
>> > Step 5: Yes, your OAuth authorization header for the
>> > verify_credentials request is presented in the
>> > X-Verify-Credentials-Authorization header, and X-Auth-Service-Provider
>> > contains "https://api.twitter.com/1/account/verify_credentials.json";
>>
>> > Let me know if the transition to POST works for you. I have some
>> > sample code in PHP available here:http://gist.github.com/490753
>>
>> > Taylor
>>
>> > On Mon, Jul 26, 2010 at 8:21 AM, globaljobber
>>
>> > wrote:
>> > > Just to check my process is correct:
>>
>> > > 1) Web page goes to twitter to get a request Token
>>
>> > > 2) Token request granted, and a URL for user is generated with this
>> > > Token
>>
>> > > 3) User authenticates app via Twitter pop-up
>>
>> > > 3) Twitter reponse redirects to new page which has Access Token and
>> > > access token secret given to it.
>>
>> > > 4) Using these tokens, and using GET and the following URL: 'https://
>> > > api.twitter.com/1/account/verify_credentials.json'
>>
>> > > an authorisation header is generated.
>>
>> > > 5) This header, along with the other header: 'X-Auth-Service-
>> > > Provider' is then sent off using a post
>> > > tohttp://api.twitpic.com/2/upload.json
>>
>> > > Have I missed anything?
>>
>> > > Regards
>> > > Gerard
>>
>> > > On Jul 26, 4:03 pm, globaljobber
>> > > wrote:
>> > >> Hi Taylor,
>>
>> > >> Thanks for your reply. I just tried that and still the same 401 error.
>> > >> The new header was like this with s
Re: [twitter-dev] Re: Oauth Echo Twitpic problems
Hi Gerard,
Steps 1-3 of this process are correct from the perspective of
initially negotiating permissions for your user. Once you've performed
steps 1-3 you shouldn't need to do these steps for this user again
unless re-negotiating for the tokens.
Your step 4: I'll improve the documentation we have for OAuth Echo
here, as it's not obvious that you should be performing a POST for
verify_credentials in this case. The Authorization Header you generate
for the verify_credentials request should be a POST, as that's what
Twitpic will do.
Step 5: Yes, your OAuth authorization header for the
verify_credentials request is presented in the
X-Verify-Credentials-Authorization header, and X-Auth-Service-Provider
contains "https://api.twitter.com/1/account/verify_credentials.json";
Let me know if the transition to POST works for you. I have some
sample code in PHP available here: http://gist.github.com/490753
Taylor
On Mon, Jul 26, 2010 at 8:21 AM, globaljobber
wrote:
> Just to check my process is correct:
>
> 1) Web page goes to twitter to get a request Token
>
> 2) Token request granted, and a URL for user is generated with this
> Token
>
> 3) User authenticates app via Twitter pop-up
>
> 3) Twitter reponse redirects to new page which has Access Token and
> access token secret given to it.
>
> 4) Using these tokens, and using GET and the following URL: 'https://
> api.twitter.com/1/account/verify_credentials.json'
>
> an authorisation header is generated.
>
> 5) This header, along with the other header: 'X-Auth-Service-
> Provider' is then sent off using a post to
> http://api.twitpic.com/2/upload.json
>
> Have I missed anything?
>
> Regards
> Gerard
>
>
>
>
>
>
> On Jul 26, 4:03 pm, globaljobber
> wrote:
>> Hi Taylor,
>>
>> Thanks for your reply. I just tried that and still the same 401 error.
>> The new header was like this with spaces after each comma:
>>
>> OAuth realm="http://api.twitter.com";,
>> oauth_consumer_key="9cjtaDfffOYCRJqyp7XKzA", oauth_nonce="59E4358",
>> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280156335",
>> oauth_token="15389554-7q4tjgtwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
>> oauth_version="1.0", oauth_signature="ZmiBuqZC2SUsRx2%2B7x4O7TrDDWE
>> %3D"
>>
>> I'm also sure no call is made during the generation of the header.
>>
>> According to other posts I've read, this header is created using a GET
>> and uses the following URL:
>>
>> https://api.twitter.com/1/account/verify_credentials.json
>>
>> Any other ideas would be grateful, as I've spent over a week on trying
>> to get Twitpic to work.
>>
>> Thank you
>> Gerard
>>
>> On Jul 26, 3:38 pm, Taylor Singletary
>> wrote:
>>
>> > Hi Gerard,
>>
>> > Though I know it doesn't sound like it should matter, can you try your
>> > request against Twitpic after inserting spaces after each comma in
>> > your Authorization Header? Also want to make sure that you aren't
>> > executing your verify_credentials request in the preparation sequence
>> > (calling the resource prior to TwitPic calling it would invalidate
>> > it).
>>
>> > Thanks,
>> > Taylor
>>
>> > On Mon, Jul 26, 2010 at 7:26 AM, globaljobber
>>
>> > wrote:
>> > > Hi,
>>
>> > > I am having trouble getting Twitpic to authorize an image upload
>> > > request.
>>
>> > > I have checked my Oauth 'X-Verify-Credentials-Authorization'
>> > > authorization header with a call to
>> > > 'https://api.twitter.com/'andI get a 200 OK status. So it appears my
>> > > authentication requests are ok.
>>
>> > > However if I take the same header construct and make a request to
>> > > 'http://api.twitpic.com/2/upload.json'usingOAuth Echo with Twitpic I
>> > > continually receive a 401 Unauthorized response.
>>
>> > > My typical setup is this:
>>
>> > > Parameters for Twitpic:
>>
>> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
>> > > Requiredparameters.Add("message", "This is a test upload");
>>
>> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
>> > > api.twitpic.com/2/upload.json", Requiredparameters);
>>
>> > > HttpWebRequest webRequest =
>> > > (HttpWebRequest)WebRequest.Create(requestUrl);
>> > > webRequest.Method = "POST";
>>
>> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
>> > > AuthorizationHeaderForAuth);
>> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
>> > > api.twitter.com/1/account/verify_credentials.json");
>>
>> > > where a typical AuthorizationHeaderForAuth looks like this:
>>
>> > > OAuth realm="http://
>> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
>> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
>>
>> > > Can anyone please suggest where things may be going wrong?
>>
>> > > Many thanks
>> > > Gerard
>
