subject:"Re\: \[twitter\-dev\] Re\: Signature generation issue"

Re: [twitter-dev] Re: Signature generation issue

2011-03-15 Thread Taylor Singletary

Hi Georgina,

I'm sure you're pretty close to figuring this out. A few tips when you've
gotten to this point:

- Make sure that you're transporting the request correctly
  - If you're using header-based OAuth, make sure that your HTTP
Authorization header is being properly setup and formatted. This will be
language-specific. Also make sure that you aren't repeating any of the
oauth_* parameters in the POST body or URL of your actual executed request.
Only parameters that don't begin with oauth_* should appear in the POST body
or query string. (In other words, don't present double authentication)
  - Make sure that your HTTP verbs are in agreement
- If you're sending a POST, make sure your HTTP client is actually
sending a POST and that your OAuth signature base string's method component
matched

Here's a quick walkthrough of all the steps involved in obtaining an access
token (though with my keys instead of yours).. note the signature base
string, authorization header, URL, and POST body for each step (keeping in
mind that the authorize step is kind of special in that it happens in a
browser).

Request Token Step
--
Request URL: https://api.twitter.com/oauth/request_token
HTTP Method: POST
POST body: (empty)
Signature Basestring:
POST&https%3A%2F%2Fapi.twitter.com
%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D1%26oauth_consumer_key%3DOqEqJeafRSF10jBMStrZg%26oauth_nonce%3DK7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1300228849%26oauth_version%3D1.0

Authorization Header: OAuth
oauth_nonce="K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw",
oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D1",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228849",
oauth_consumer_key="OqEqJeafRSF10jBMStrZg",
oauth_signature="Pk%2BMLdv028fxCErFyi8KXFM%2BddU%3D", oauth_version="1.0"

Response Body:
oauth_token=IPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU&oauth_token_secret=&oauth_callback_confirmed=true

Authorization Step
-
Request URL:
https://api.twitter.com/oauth/authorize?oauth_token=IPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU
HTTP Method: GET
POST Body: N/A
Signature Basestring: N/A
Authorization Header: N/A

Access Token Step
-
Request URL: https://api.twitter.com/oauth/access_token
HTTP Method: POST
POST Body: (empty)

Signature Basestring:
POST&https%3A%2F%2Fapi.twitter.com
%2Foauth%2Faccess_token&oauth_consumer_key%3DOqEqJeafRSF10jBMStrZg%26oauth_nonce%3DFCKJcpPIhJpOLV1VQtP560IH0rKI9jMPrlkzqQWoA%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1300228855%26oauth_token%3DIPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU%26oauth_verifier%3DPmThbFiYNd3TOoFRBbFwwRRPHB3PlkFbxmX4lCqmnc%26oauth_version%3D1.0

Authorization Header: OAuth
oauth_nonce="FCKJcpPIhJpOLV1VQtP560IH0rKI9jMPrlkzqQWoA",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228855",
oauth_consumer_key="OqEqJeafRSF10jBMStrZg",
oauth_token="IPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU",
oauth_verifier="PmThbFiYNd3TOoFRBbFwwRRPHB3PlkFbxmX4lCqmnc",
oauth_signature="AFJr%2BdS%2FmWgPbMtJR3vdwMA4cTk%3D", oauth_version="1.0"

Response Body:
oauth_token=819797-bAOfajtcYw8xHm1UQ3v5V5WfUb90zN7OWlWmvl8ZU0&oauth_token_secret=x&user_id=819797&screen_name=episod

On Tue, Mar 15, 2011 at 7:22 AM, lappynet  wrote:

> Thanks for everyone's help on this. I think that I now have this
> working (twitter documentation values match up).
>
> My problem now is that although I'm confident of my algorithm, twitter
> is always responding 401. I've debugged my network service and the
> message being returned is Incorrect Signature. I do not understand how
> this can be... :S
>
> On Mar 15, 6:03 am, kamesh SmartDude 
> wrote:
> > Hai lappynet,
> >
> > I Used GET method to retrive the Request Token And I Avoided the OAuth
> > Callback, because it was registered when i registered my app.
> >
> > Below is the method how i am  doing.
> >
> >  ** SignatureBase String is *
> >
> > GET&https%3A%2F%2Fapi.twitter.com
> > %2Foauth%2Frequest_token&oauth_consumer_key%3D
> >
> %26oauth_nonce%3DydBxFJKdzK%26oauth_signature_method%3DHMAC-SHA1%26oauth_ti
> mestamp%3D1300167727%26oauth_version%3D1.0
> >
> > Signature Key U are appending "&" and it is correct.
> >
> > i am adding the oauth header like below
> >
> > OAuth realm="Twitter API", oauth_consumer_key=,
> > oauth_nonce=ydBxFJKdzK,
> oauth_signature=89%2BSoLKBdE%2FeHN5PFRxNl3G7tNo%3D,
> > oauth_signature_method=HMAC-SHA1, oauth_timestamp=1300167727,
> > oauth_version=1.0
> >
> > I think u might have some problem with generating the signature.
> >
> > Try this,
> > //kamesh
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Mar 14, 2011 at 8:16 PM, lappynet 
> wrote:
> > > cURL... I've heard about this, but I don't really know about it. Is
> > > there a windows version as I don't have access to other OSs

Re: [twitter-dev] Re: Signature generation issue

2011-03-14 Thread kamesh SmartDude

Hai lappynet,

I Used GET method to retrive the Request Token And I Avoided the OAuth
Callback, because it was registered when i registered my app.

Below is the method how i am  doing.


 ** SignatureBase String is *

GET&https%3A%2F%2Fapi.twitter.com
%2Foauth%2Frequest_token&oauth_consumer_key%3D
%26oauth_nonce%3DydBxFJKdzK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1300167727%26oauth_version%3D1.0

Signature Key U are appending "&" and it is correct.

i am adding the oauth header like below

OAuth realm="Twitter API", oauth_consumer_key=,
oauth_nonce=ydBxFJKdzK, oauth_signature=89%2BSoLKBdE%2FeHN5PFRxNl3G7tNo%3D,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1300167727,
oauth_version=1.0

I think u might have some problem with generating the signature.


Try this,
//kamesh



On Mon, Mar 14, 2011 at 8:16 PM, lappynet  wrote:

> cURL... I've heard about this, but I don't really know about it. Is
> there a windows version as I don't have access to other OSs at work
> (*sigh*)?
>
> On Mar 14, 2:18 pm, Taylor Singletary 
> wrote:
> > Hi Georgina,
> >
> > Everything appears correct with your base string for this step.
> >
> > Are you performing this operation through a HTTP proxy of any kind? Have
> you
> > tried producing a valid OAuth header and executed it in curl (without
> having
> > "executed it" in C# first)? I'm not familiar with C#'s HTTP request
> > libraries and the configuration options available to you in it.
> >
> > We were having an issue with occasionally hanging connections recently
> and
> > it's possible that it may be related -- but if that's the case, you
> > shouldn't have it occur to you every time -- it would be one out of X
> times.
> >
> > I'm curious where the connection is hanging -- while you are sending HTTP
> > request headers or when your HTTP client is awaiting a response?
> >
> > Thanks,
> > Taylor
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Mar 14, 2011 at 7:02 AM, lappynet 
> wrote:
> > > Hi
> >
> > > I'm using C#.NET to produce an oob client. I've fallen at the first
> > > hurdle though as I'm failing to make the token request.
> >
> > > I've gone through many iterations, and am no longer receiving a 417,
> > > 404, or 401. This is very positive! Now my application hangs whilst
> > > waiting for a response from twitter. (I left it running for an hour
> > > over lunch and still nothing happened, and the code didn't appear to
> > > want to step through.)
> >
> > > I've tried with the values detailed in the documentation to have a
> > > look at the variables that have been produced from them in my
> > > algorithm. I think that I've traced it down to being the way I
> > > generate the signature string:
> >
> > > string signingKey = Uri.EscapeDataString(ConsumerSecret) + "&";
> > > HMACSHA1 hasher = new HMACSHA1(new
> > > ASCIIEncoding().GetBytes(signingKey));
> > > string signatureString = Convert.ToBase64String(hasher.ComputeHash(new
> > > ASCIIEncoding().GetBytes(baseString)));
> >
> > > My base string is:
> >
> > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%XXX
> > > %26oauth_nonce%3DNjM0MzU3MDgxMDEyMDcwODkw%26oauth_signature_method
> > > %3DHMAC-SHA1%26oauth_timestamp%3D1300111301%26oauth_version%3D1.0
> >
> > > Any pointers as to where I may be going wrong?
> >
> > > Thanks in advance
> > > Georgina
> >
> > > --
> > > Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > > API updates via Twitter:http://twitter.com/twitterapi
> > > Issues/Enhancements Tracker:
> > >http://code.google.com/p/twitter-api/issues/list
> > > Change your membership to this group:
> > >http://groups.google.com/group/twitter-development-talk
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Signature generation issue

Re: [twitter-dev] Re: Signature generation issue

2 matches

Site Navigation

Mail list logo

Footer information