subject:"Re\: SOLVED Re\: \[twitter\-dev\] Needs object from desktop application \?"

PIN-code flow ? Re: SOLVED Re: [twitter-dev] Needs object from desktop application ?

2011-06-24 Thread Ari Endo

Hello Matt,

This is Ari again.
I am developing desktop application referring:
http://dev.twitter.com/pages/auth

It says just above "OAUTH AUTHENTICATION FLOW" that
"The flow varies slightly when using a desktop application
with what's called the "PIN-mode flow" or exchanging login credentials
using xAuth.

In the last part of "Sending the user to authorization" section,
it also says "We'll see how the PIN code is used in the next step."
But I cannot find any explanation of PIN code usage anywhere.

I wonder I should use PIN code as oauth_verifier.
Is it right?
I am looking forward to hear your kind advice.

Thanks in advance,
Ari


Matt Harris wrote (2011/06/25 4:35):
> Hey Ari,
>
> It's great to hear you worked this out and got it working. Also, thank
> you for sharing the solution that worked for you.
>
> Best,
> @themattharris
> 
> Developer Advocate, Twitter
>
>
>
> 2011/6/23 Ari Endo mailto:arien...@gmail.com>>
>
> Dear Matt,
>
> Your question solved my problem.
> Actually, the signature itself and signature part in authorization
> header were different!
>
> I have urlencoded the signature and again urlencoded the
> authorization header.
> As a result, signature was urlencoded twice which came different
> from once urlencoded signature.
> I have been thinking it makes no harm urlencoding many times, but
> it was not.
>
> By urlencoding authorization header except the signature part, I
> have got 200 OK.
>
> Thank you so much for your kind support. Say thank you to Tom as well.
> As I am a newcomer to twitter application development,
> please help me again when I might come across other troubles ahead.
>
> Sincely,
> Ari Endo
>
>
> Matt Harris wrote (2011/06/24 9:21):
>> Hi Ari,
>>
>> I'm not familiar with VBA enough to comment on the code, but if
>> you could provide an example of the basestring created,
>> authorization header and signature (remember to exclude any
>> secrets) then we can take a look at what could be going wrong.
>>
>> Best,
>> @themattharris
>> 
>> Developer Advocate, Twitter
>>
>>
>>
>> 2011/6/23 Ari Endo mailto:arien...@gmail.com>>
>>
>> Dear Tom,
>>
>> Here is my vba code, just for your information.
>> It returns 401 Unauthorized,
>> Failed to validate oauth signature and token
>>
>> I appreciate if you give me a hint.
>>
>> -
>> Private Sub cbRequestToken_Click()
>>
>> Const urlRequestToken As String =
>> "https://api.twitter.com/oauth/request_token";
>> Const oauth_consumer_secret As String = "(my consumer secret)"
>> Dim timestamp As Long
>> Dim strBase As String
>> timestamp = DateDiff("s", #1/1/1970#, DateAdd("h", -9, Now))
>> Dim param As New Scripting.Dictionary (hash array)
>> param("oauth_callback") = "oob"
>> param("oauth_consumer_key") = "(my consumer key)"
>> param("oauth_nonce") = CStr(timestamp + 1)
>> param("oauth_signature_method") = "HMAC-SHA1"
>> param("oauth_timestamp") = CStr(timestamp)
>> param("oauth_version") = "1.0"
>>
>> strBase = "POST&" & urlEncode(urlRequestToken) & "&" &
>> urlEncode(sortedParamConnected(param))
>> param("oauth_signature") =
>> urlEncode(hmac_sha1(oauth_consumer_secret & "&", strBase))
>>
>> Dim strHeader As String
>> strHeader = "OAuth "
>> Dim i As Integer
>> For i = 0 To param.Count - 1
>> strHeader = strHeader & param.Keys(i) & "=""" &
>> urlEncode(param.Items(i)) & 
>> If i < param.Count - 1 Then strHeader = strHeader & ", "
>> Next
>>
>> Dim xmlhttp As New MSXML2.xmlhttp
>> xmlhttp.Open "POST", urlRequestToken, False
>> xmlhttp.setRequestHeader "Authorization", strHeader
>> xmlhttp.send
>>
>> If xmlhttp.statusText <> "OK" Then Exit Sub
>>
>> End Sub
>>
>> There are several Excel VBA application which can be
>> authenticated.
>> The point is they make a twitter class and make an object to
>> access.
>> I am developing without using class (object-oriented).
>>
>> 1. my time is correct (UTC)
>> 2. my signature is correct (compared with the sample in twitter
>> documentation)
>> 3. when URL is https://api.twitter.com/1/, 404 Not found came
>> back
>>
>> Thank you in advance,
>> Ari
>>
>>
>> Tom van der Woerdt schrieb (2011/06/11 9:21):
>> > A desktop authentication flow usually includes a callback
>> with a
>> > custom scheme (myapp://redirect) or xAuth, while a server
>> application
>> > will usually use a nor

Re: SOLVED Re: [twitter-dev] Needs object from desktop application ?

2011-06-24 Thread Matt Harris

Hey Ari,

It's great to hear you worked this out and got it working. Also, thank you
for sharing the solution that worked for you.

Best,
@themattharris 
Developer Advocate, Twitter



2011/6/23 Ari Endo 

> **
> Dear Matt,
>
> Your question solved my problem.
> Actually, the signature itself and signature part in authorization header
> were different!
>
> I have urlencoded the signature and again urlencoded the authorization
> header.
> As a result, signature was urlencoded twice which came different from once
> urlencoded signature.
> I have been thinking it makes no harm urlencoding many times, but it was
> not.
>
> By urlencoding authorization header except the signature part, I have got
> 200 OK.
>
> Thank you so much for your kind support. Say thank you to Tom as well.
> As I am a newcomer to twitter application development,
> please help me again when I might come across other troubles ahead.
>
> Sincely,
> Ari Endo
>
>
> Matt Harris wrote (2011/06/24 9:21):
>
> Hi Ari,
>
>  I'm not familiar with VBA enough to comment on the code, but if you could
> provide an example of the basestring created, authorization header and
> signature (remember to exclude any secrets) then we can take a look at what
> could be going wrong.
>
>  Best,
> @themattharris
> Developer Advocate, Twitter
>
>
>
> 2011/6/23 Ari Endo 
>
>> Dear Tom,
>>
>> Here is my vba code, just for your information.
>> It returns 401 Unauthorized,
>> Failed to validate oauth signature and token
>>
>> I appreciate if you give me a hint.
>>
>> -
>> Private Sub cbRequestToken_Click()
>>
>>Const urlRequestToken As String =
>> "https://api.twitter.com/oauth/request_token";
>>Const oauth_consumer_secret As String = "(my consumer secret)"
>>Dim timestamp As Long
>>Dim strBase As String
>>timestamp = DateDiff("s", #1/1/1970#, DateAdd("h", -9, Now))
>>Dim param As New Scripting.Dictionary (hash array)
>>param("oauth_callback") = "oob"
>>param("oauth_consumer_key") = "(my consumer key)"
>>param("oauth_nonce") = CStr(timestamp + 1)
>>param("oauth_signature_method") = "HMAC-SHA1"
>>param("oauth_timestamp") = CStr(timestamp)
>>param("oauth_version") = "1.0"
>>
>>strBase = "POST&" & urlEncode(urlRequestToken) & "&" &
>> urlEncode(sortedParamConnected(param))
>>param("oauth_signature") =
>> urlEncode(hmac_sha1(oauth_consumer_secret & "&", strBase))
>>
>>Dim strHeader As String
>>strHeader = "OAuth "
>>Dim i As Integer
>>For i = 0 To param.Count - 1
>>strHeader = strHeader & param.Keys(i) & "=""" &
>> urlEncode(param.Items(i)) & 
>>If i < param.Count - 1 Then strHeader = strHeader & ", "
>>Next
>>
>>Dim xmlhttp As New MSXML2.xmlhttp
>>xmlhttp.Open "POST", urlRequestToken, False
>>xmlhttp.setRequestHeader "Authorization", strHeader
>>xmlhttp.send
>>
>>If xmlhttp.statusText <> "OK" Then Exit Sub
>>
>>End Sub
>>
>> There are several Excel VBA application which can be authenticated.
>> The point is they make a twitter class and make an object to access.
>> I am developing without using class (object-oriented).
>>
>> 1. my time is correct (UTC)
>> 2. my signature is correct (compared with the sample in twitter
>> documentation)
>> 3. when URL is https://api.twitter.com/1/, 404 Not found came back
>>
>> Thank you in advance,
>> Ari
>>
>>
>> Tom van der Woerdt schrieb (2011/06/11 9:21):
>> > A desktop authentication flow usually includes a callback with a
>> > custom scheme (myapp://redirect) or xAuth, while a server application
>> > will usually use a normal callback (http://example.com/callback) with
>> > the normal OAuth flow.
>> >
>> > However, this won't cause the "Woah there!" error you get. Just like
>> > anything else related to the programming itself: Twitter doesn't
>> > discriminate by programming language. As long as you are using the API
>> > correctly, it's fine.
>> >
>> > To answer your initial question: you can use C (non-object oriented
>> > language) and C++ (object-oriented language) and many other languages
>> > to interface with Twitter. It's an API, so it's all the same, as long
>> > as you can make a HTTP request.
>> >
>> > Tom
>> >
>> >
>> > On 6/11/11 2:17 AM, Ari Endo wrote:
>> >> Dear Tom,
>> >>
>> >> Thank you for your quick support.
>> >> I have checked all the items you listed below.
>> >>
>> >> What I would like to know is information for desktop application
>> >> different from server application.
>> >>
>> >> I would appreciate if you tell me any.
>> >> Thank you in advance,
>> >>
>> >> Ari
>> >>
>> >> Tom van der Woerdt さんは書きました (2011/06/10 17:50):
>> >>> I just checked and I was wrong - "Woah there!" can mean a lot of
>> >>> thnigs.
>> >>>
>> >>> 1. Make

PIN-code flow ? Re: SOLVED Re: [twitter-dev] Needs object from desktop application ?

Re: SOLVED Re: [twitter-dev] Needs object from desktop application ?

2 matches

Site Navigation

Mail list logo

Footer information