Re: [twitter-dev] Re: xAuth request returns 401, need help
Hey Chrys, The order of the parameters in the base string matter and they should be in lexicollexicographical order. For ease of debugging and to remove any ambiguity it would be better to have the authorization header use the same order too. Can you tell me what the body content of the 401 error is? Best, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Thu, Nov 18, 2010 at 6:55 PM, Chrys Bader chr...@gmail.com wrote: Does the order of the params in either the Authorization or Base string matter? Here are my Request Headers: Authorization = OAuth oauth_timestamp=\1290134876\, oauth_nonce= \D3EC42D2-A37F-4298-987D-0F9603B0C9C7\, oauth_version=\1.0\, oauth_consumer_key=\xxx\, oauth_signature_method=\HMAC-SHA1\, oauth_signature=\MOWT%2BaSs35RhzvRRMVxRG0Y5p0E%3D\; Content-Length = 71; Content-Type = application/x-www-form-urlencoded; charset=utf-8; Here is my actual base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dxxx%26oauth_nonce%3DD3EC42D2- A37F-4298-987D-0F9603B0C9C7%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1290134876%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3Dxxx%26x_auth_username%3Dchrysb On Nov 18, 6:47 pm, Chrys Bader chr...@gmail.com wrote: Yes I compared the UTC timestamp that my phone is generating with the actual UTC timestamp, and they were the same. Is there anything else I can show you for more information? No matter what, I just keep getting a 401 response from Twitter. On Nov 18, 6:41 pm, Matt Harris thematthar...@twitter.com wrote: OK, but is the UTC timestamp actually accurate? we've heard of a number of phones whose date/time are wildly wrong. It maybe find but it's quite common. Your content-type is fine. Matt On Thu, Nov 18, 2010 at 6:03 PM, Chrys Bader chr...@gmail.com wrote: Ok, I looked into it. According to the iPhone SDK documentation, I am indeed sending the UTC (GMT) timestamp. Still not sure what else could be wrong? Is this the right Content-Type? Content-Type = application/x-www-form-urlencoded; charset=utf-8; On Nov 18, 5:53 pm, themattharris thematthar...@twitter.com wrote: Hey Chrys, A couple of things to check first: 1. Have you been granted xAuth access? 2. Double check the timestamp of your request is within 10 or so minutes of the time returned by Twitter's servers. Our server time is in UTC. 3. Verify your encoding is correct. For example: a password like ab$ %123 should be in your basestring as ab%2524%2525%2526123 and in your post body as ab%24%25%26123. Best, Matt On Nov 18, 5:31 pm, Chrys Bader chr...@gmail.com wrote: *bump* I've run my base string through an oAuth verifier ( http://quonos.nl/ oauthTester/), and it all checks out! Any ideas? On Oct 27, 4:50 pm, Chrys Bader chr...@gmail.com wrote: Hey all, This is my first post in this group, hi! I am having trouble making a request onhttps:// api.twitter.com/oauth/access_token. I've been at this for 2 days and I can't make any progress. I feel like everything matches up with all examples, documentation, and other forum posts perfectly. Here is my post body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Here is my base string (using the example's test credentials): POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Here is my Authorization header: OAuth oauth_timestamp=1288223176, oauth_nonce=E0E37C06- F12A-407B-8D80-20C78FF6183A, oauth_version=1.0, oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature_method=HMAC-SHA1, oauth_signature=IwPFrvb0PExyS %2F2QQvtbelsWk48%3D -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources:
Re: [twitter-dev] Re: xAuth request returns 401, need help
Hey Chrys, Agreed. The authentication header doesn't have to be in order but as said previously, it helps with debugging. It is really strange that the response body is empty. It maybe easier if you email me the full request headers, with response headers and content so I can debug further. For security it'll be easier if you email me that directly. Best, @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Fri, Nov 19, 2010 at 12:20 PM, Chrys Bader chr...@gmail.com wrote: Also, the example here shows that the Auth header and the base string aren't in the same order: http://dev.twitter.com/pages/xauth On Nov 19, 11:04 am, Matt Harris thematthar...@twitter.com wrote: Hey Chrys, The order of the parameters in the base string matter and they should be in lexicollexicographical order. For ease of debugging and to remove any ambiguity it would be better to have the authorization header use the same order too. Can you tell me what the body content of the 401 error is? Best, @themattharris Developer Advocate, Twitterhttp://twitter.com/themattharris On Thu, Nov 18, 2010 at 6:55 PM, Chrys Bader chr...@gmail.com wrote: Does the order of the params in either the Authorization or Base string matter? Here are my Request Headers: Authorization = OAuth oauth_timestamp=\1290134876\, oauth_nonce= \D3EC42D2-A37F-4298-987D-0F9603B0C9C7\, oauth_version=\1.0\, oauth_consumer_key=\xxx\, oauth_signature_method=\HMAC-SHA1\, oauth_signature=\MOWT%2BaSs35RhzvRRMVxRG0Y5p0E%3D\; Content-Length = 71; Content-Type = application/x-www-form-urlencoded; charset=utf-8; Here is my actual base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dxxx%26oauth_nonce%3DD3EC42D2- A37F-4298-987D-0F9603B0C9C7%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1290134876%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3Dxxx%26x_auth_username%3Dchrysb On Nov 18, 6:47 pm, Chrys Bader chr...@gmail.com wrote: Yes I compared the UTC timestamp that my phone is generating with the actual UTC timestamp, and they were the same. Is there anything else I can show you for more information? No matter what, I just keep getting a 401 response from Twitter. On Nov 18, 6:41 pm, Matt Harris thematthar...@twitter.com wrote: OK, but is the UTC timestamp actually accurate? we've heard of a number of phones whose date/time are wildly wrong. It maybe find but it's quite common. Your content-type is fine. Matt On Thu, Nov 18, 2010 at 6:03 PM, Chrys Bader chr...@gmail.com wrote: Ok, I looked into it. According to the iPhone SDK documentation, I am indeed sending the UTC (GMT) timestamp. Still not sure what else could be wrong? Is this the right Content-Type? Content-Type = application/x-www-form-urlencoded; charset=utf-8; On Nov 18, 5:53 pm, themattharris thematthar...@twitter.com wrote: Hey Chrys, A couple of things to check first: 1. Have you been granted xAuth access? 2. Double check the timestamp of your request is within 10 or so minutes of the time returned by Twitter's servers. Our server time is in UTC. 3. Verify your encoding is correct. For example: a password like ab$ %123 should be in your basestring as ab%2524%2525%2526123 and in your post body as ab%24%25%26123. Best, Matt On Nov 18, 5:31 pm, Chrys Bader chr...@gmail.com wrote: *bump* I've run my base string through an oAuth verifier ( http://quonos.nl/ oauthTester/), and it all checks out! Any ideas? On Oct 27, 4:50 pm, Chrys Bader chr...@gmail.com wrote: Hey all, This is my first post in this group, hi! I am having trouble making a request onhttps:// api.twitter.com/oauth/access_token. I've been at this for 2 days and I can't make any progress. I feel like everything matches up with all examples, documentation, and other forum posts perfectly. Here is my post body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Here is my base string (using the example's test credentials): POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Here is my Authorization header: OAuth oauth_timestamp=1288223176,
Re: [twitter-dev] Re: xAuth request returns 401, need help
OK, but is the UTC timestamp actually accurate? we've heard of a number of phones whose date/time are wildly wrong. It maybe find but it's quite common. Your content-type is fine. Matt On Thu, Nov 18, 2010 at 6:03 PM, Chrys Bader chr...@gmail.com wrote: Ok, I looked into it. According to the iPhone SDK documentation, I am indeed sending the UTC (GMT) timestamp. Still not sure what else could be wrong? Is this the right Content-Type? Content-Type = application/x-www-form-urlencoded; charset=utf-8; On Nov 18, 5:53 pm, themattharris thematthar...@twitter.com wrote: Hey Chrys, A couple of things to check first: 1. Have you been granted xAuth access? 2. Double check the timestamp of your request is within 10 or so minutes of the time returned by Twitter's servers. Our server time is in UTC. 3. Verify your encoding is correct. For example: a password like ab$ %123 should be in your basestring as ab%2524%2525%2526123 and in your post body as ab%24%25%26123. Best, Matt On Nov 18, 5:31 pm, Chrys Bader chr...@gmail.com wrote: *bump* I've run my base string through an oAuth verifier (http://quonos.nl/ oauthTester/), and it all checks out! Any ideas? On Oct 27, 4:50 pm, Chrys Bader chr...@gmail.com wrote: Hey all, This is my first post in this group, hi! I am having trouble making a request onhttps:// api.twitter.com/oauth/access_token. I've been at this for 2 days and I can't make any progress. I feel like everything matches up with all examples, documentation, and other forum posts perfectly. Here is my post body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Here is my base string (using the example's test credentials): POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Here is my Authorization header: OAuth oauth_timestamp=1288223176, oauth_nonce=E0E37C06- F12A-407B-8D80-20C78FF6183A, oauth_version=1.0, oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature_method=HMAC-SHA1, oauth_signature=IwPFrvb0PExyS %2F2QQvtbelsWk48%3D -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk