As a corollary to this, are there any downloadable code examples out there that implement the pin-based OAuth now? Everything I've found seems to be failing on the lack of PIN support, and I'd like to be able to trace what's going on through wireshark to debug this myself. Thanks!
On Mon, Jun 15, 2009 at 22:11, JDG <[email protected]> wrote: > Howdy all, > > Thanks to all your help, I was able to get my token methods working. > However, now that I've tried to set up my client to post its first message, > I'm getting a 401 again. Here's the TCP trace from Wireshark: > > POST /statuses/update.xml HTTP/1.1 > Authorization: OAuth > realm="OAuth",oauth_consumer_key="9CCTnLpstYI8RIxGE7yhQ",oauth_nonce="LDhXkR",oauth_timestamp="1245124830",oauth_verifier="115975",oauth_signature="W7XmRZBaLA4AIhbhGwPYkFPJnOY%3D",oauth_token="47493262-GOzBr4mQt6u5xp4S40Rvj8jQnU3TIhVw66NSOhNlF",oauth_signature_method="HMAC-SHA1",oauth_version="1.0a" > User-Agent: Java/1.5.0 > Host: twitter.com > Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 > Connection: keep-alive > Content-type: application/x-www-form-urlencoded > Content-Length: 69 > > status=This%20is%20my%20first%20twimblr%20test%20EVER%201245124830500 > > HTTP/1.1 401 Unauthorized > Date: Tue, 16 Jun 2009 04:00:37 GMT > Server: hi > Status: 401 Unauthorized > Cache-Control: no-cache, max-age=300 > Content-Type: text/html; charset=utf-8 > Content-Length: 43 > Set-Cookie: > _twitter_sess=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7AA%253D%253D--1164b91ac812d853b877e93ddb612b7471bebc74; > domain=.twitter.com; path=/ > Expires: Tue, 16 Jun 2009 04:05:37 GMT > Vary: Accept-Encoding > Connection: close > > Failed to validate oauth signature or token > > *(note: there are no bytes, endline or anything, after the "status" > variable) > > *Here's my Signature Base String: * > POST&http%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.xml&oauth_consumer_key%3D9CCTnLpstYI8RIxGE7yhQ%26oauth_nonce%3DLDhXkR%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1245124830%26oauth_token%3D47493262-GOzBr4mQt6u5xp4S40Rvj8jQnU3TIhVw66NSOhNlF%26oauth_verifier%3D115975%26oauth_version%3D1.0a%26status%3DThis%20is%20my%20first%20twimblr%20test%20EVER%201245124830500 > > *My question(s) for you: > > 0. Does anyone see anything blatantly wrong (I suppose a yes to this would > obviate answering any of the next questions)? > 1. Should I be including the oauth_verifier in the signature base string > and OAuth header? I've tried it with and without, and seem to get the 401 > either way. > 2. Should the "status" variable be included in the OAuth header? The way > I'm reading the spec, I don't think so, but I wanted to confirm. > 3. Should the "status" line in the POST request be encoded per the OAuth > spec or via URL encoding (that is, should spaces be encoded as "+" or > "%20")? > > Thanks! > > -- > Internets. Serious business. > -- Internets. Serious business.
