Indeed it was solved in version 0.6.6.

Sorry for that Gero!

On Mon, May 17, 2010 at 9:46 AM, Taylor Singletary <
taylorsinglet...@twitter.com> wrote:

> Hi Gero,
>
> This particular issue looked to have been caused by a quirk in the way that
> the Scribe library was encoding spaces. The library has since been updated
> by the author.
>
> However, if you're still having the issue in another implementation, I'll
> be happy to help. Can you share the POST body of the request and your
> signature base string of when you're having the issue?
>
> Taylor Singletary
> Developer Advocate, Twitter
> http://twitter.com/episod
>
>
> On Mon, May 17, 2010 at 12:12 AM, Gero <gero.verm...@gmail.com> wrote:
>
>> Hi,
>>
>> Any updates on this issue? I'm running into the same problem and have
>> not yet been able to resolve it.
>>
>> Regards,
>> Gero
>>
>> On May 1, 12:42 am, Taylor Singletary <taylorsinglet...@twitter.com>
>> wrote:
>> > Hi Pablo,
>> >
>> > Thanks for chiming in about Scribe. I'll take a look again soon at
>> Scribe
>> > and see if I can ascertain its potential fault (or our own if that is
>> the
>> > case).
>> >
>> > Keep up the good work on your OAuth library, Pablo! :)
>> >
>> > Taylor Singletary
>> > Developer Advocate, Twitterhttp://twitter.com/episod
>> >
>> > On Fri, Apr 30, 2010 at 3:31 PM, Pablo Fernandez <
>> fernandezpabl...@gmail.com
>> >
>> >
>> >
>> > > wrote:
>> > > Hi Taylor!
>> >
>> > > I believe Rahul is having this problem while using my library (http://
>> > > github.com/fernandezpablo85/scribe)
>> >
>> > > I've tested myself, I'm pretty sure the error lies in my code but I
>> > > can't tell why :S
>> >
>> > > Here's the string that gets signed and the OAuth header in case that
>> > > helps!
>> >
>> > > String to sign >>
>> >
>> > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
>> > >
>> %2Fupdate.xml&oauth_consumer_key%3D6icbcAXyZx67r8uTAUM5Qw%26oauth_nonce
>> > > %3D32c0b090041a4b233a36590a10c8749e%26oauth_signature_method%3DHMAC-
>> > > SHA1%26oauth_timestamp%3D1272666648%26oauth_token%3D14654522-
>> > >
>> ayJ064ck0Gtp1ABmjVVxMqd0OcgIG0fMRPFxN00E%26oauth_version%3D1.0%26status
>> > > %3DScribe%2520works.%2520Hell%2520yeah%2521
>> >
>> > > OAuth header >>
>> >
>> > > OAuth oauth_consumer_key="6icbcAXyZx67r8uTAUM5Qw",
>> > > oauth_nonce="32c0b090041a4b233a36590a10c8749e",
>> > > oauth_signature="hmzME2L2qAmzRYOj5P%2BBcja9ECg%3D",
>> > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272666648",
>> > > oauth_token="14654522-ayJ064ck0Gtp1ABmjVVxMqd0OcgIG0fMRPFxN00E",
>> > > oauth_version="1.0"
>> >
>> > > Pablo
>> >
>> > > PS: Kudos for developer.twitter.com. the site rocks!
>> >
>> > > On Apr 30, 3:34 pm, Rahul <rahul.jun...@gmail.com> wrote:
>> > > > Taylor,
>> >
>> > > > Here you go. I have tried adding the content type as follows.
>> >
>> > > > conn.setRequestProperty("Content-Type", "application/x-www-form-
>> > > > urlencoded");
>> >
>> > > > But this doesn't help at all and i still continue receiving the same
>> > > > error of incorrect signature.
>> >
>> > > > Any guess?
>> >
>> > > > Thanks,Rahul
>> >
>> > > > On Apr 29, 9:03 pm,Rahul<rahul.jun...@gmail.com> wrote:
>> >
>> > > > > Taylor,
>> >
>> > > > > I am presently using scribe java library for OAuth and as you said
>> all
>> > > > > spec compliant libraries the signature base string will only
>> contain
>> > > > > POST body parameter so does this one.
>> >
>> > > > > Also I will try to add the header 'Content-Type' to the library
>> and
>> > > > > let you know how it goes.
>> >
>> > > > > Thanks,
>> > > > >Rahul
>> >
>> > > > > On Apr 29, 5:38 pm, Taylor Singletary <
>> taylorsinglet...@twitter.com>
>> > > > > wrote:
>> >
>> > > > > > Whether it matters before creating your signature or not depends
>> > > entirely on
>> > > > > > the OAuth library you are using. In spec-compliant OAuth
>> libraries,
>> > > the
>> > > > > > signature base string will only contain POST body parameters
>> when
>> > > they are
>> > > > > > of the application/x-www-form-urlencoded type -- most OAuth
>> libraries
>> > > need a
>> > > > > > way to be instructed on the disposition of the content being
>> passed
>> > > as the
>> > > > > > POST body and a common way is to look at an abstract request
>> object
>> > > of some
>> > > > > > kind to determine the type of data being piped in rather than
>> just
>> > > trying to
>> > > > > > guess or simply assuming that POST bodies will always be of the
>> > > URL-encoded
>> > > > > > type. There might be another way to instruct your library on the
>> > > disposition
>> > > > > > of data, but it's likely it'll just assume all POST data
>> provided is
>> > > of the
>> > > > > > URL encoded variety. I don't think you have any issues with your
>> code
>> > > in
>> > > > > > this area today.
>> >
>> > > > > > But as a best practice when dealing with an HTTP-based API of
>> any
>> > > kind, you
>> > > > > > should be sending a Content-Type header whenever POSTing or
>> PUTing
>> > > any kind
>> > > > > > of payload. You don't pass a Content-Type header on a GET
>> because
>> > > there is
>> > > > > > no content being sent.
>> >
>> > > > > > It's likely that your OAuth library automatically sends the
>> proper
>> > > > > > Content-Type header on the OAuth negotiation steps because those
>> > > steps are
>> > > > > > required to use URL-encoded POST bodies by the spec.
>> >
>> > > > > > Taylor Singletary
>> > > > > > Developer Advocate, Twitterhttp://twitter.com/episodOnThu, Apr
>> 29,
>> > > 2010 at 2:20 PM,Rahul<rahul.jun...@gmail.com> wrote:
>> > > > > > > So what are trying to say is that i should explicitly add
>> > > Content-type
>> > > > > > > header in the message going out and that too before creating
>> the
>> > > > > > > signature?
>> >
>> > > > > > > Thanks,
>> > > > > > >Rahul
>> >
>> > > > > > > On Apr 29, 4:58 pm, Taylor Singletary <
>> > > taylorsinglet...@twitter.com>
>> > > > > > > wrote:
>> > > > > > > > Since you're sending a status, you should be setting a
>> > > Content-Type
>> > > > > > > header
>> > > > > > > > to indicate the type of payload -- it's best never to assume
>> that
>> > > a HTTP
>> > > > > > > > server or a HTTP library will know how to understand a
>> payload
>> > > without
>> > > > > > > being
>> > > > > > > > explicitly told what kind of payload that is. The signature
>> might
>> > > be
>> > > > > > > > mis-calculating on the Twitter side due to not including
>> your
>> > > parameters
>> > > > > > > > when constructing it.
>> >
>> > > > > > > > Taylor Singletary
>> > > > > > > > Developer Advocate, Twitterhttp://twitter.com/episod
>> >
>> > > > > > > > On Thu, Apr 29, 2010 at 1:36 PM,Rahul<
>> rahul.jun...@gmail.com>
>> > > wrote:
>> > > > > > > > > Hello,
>> >
>> > > > > > > > > To answer your questions. The following is the body
>> response i
>> > > receive
>> > > > > > > > > back
>> >
>> > > > > > > > > <?xml version="1.0" encoding="UTF-8"?>
>> > > > > > > > > <hash>
>> > > > > > > > >  <request>/1/statuses/update.xml</request>
>> > > > > > > > >  <error>Incorrect signature</error>
>> > > > > > > > > </hash>
>> >
>> > > > > > > > > Also, I am not setting any content type header at this
>> point &
>> > > I am
>> > > > > > > > > using "POST" only for token negotiation. and have not
>> tried any
>> > > get
>> > > > > > > > > restricted resource yet. I did try some but they seem to
>> be
>> > > public
>> > > > > > > > > timeline etc which seems to be working good.
>> >
>> > > > > > > > > Any help on this is highly appreciated.
>> >
>> > > > > > > > > Thanks,
>> > > > > > > > >Rahul
>> >
>> > > > > > > > > On Apr 29, 4:22 pm, Taylor Singletary <
>> > > taylorsinglet...@twitter.com>
>> > > > > > > > > wrote:
>> > > > > > > > > > HiRahul,
>> >
>> > > > > > > > > > I'm trying to think of other reasons. We might be
>> throwing
>> > > the
>> > > > > > > invalid
>> > > > > > > > > > signature error in a case where the signature is not in
>> fact
>> > > invalid.
>> >
>> > > > > > > > > > How about requests are not of the type POST? Have you
>> had a
>> > > GET
>> > > > > > > (other
>> > > > > > > > > than
>> > > > > > > > > > OAuth token negotiation steps) work for you? When you
>> were
>> > > doing the
>> > > > > > > > > token
>> > > > > > > > > > negotiation steps, were you using POSTs or GETs? When
>> > > performing a
>> > > > > > > POST,
>> > > > > > > > > are
>> > > > > > > > > > you setting your HTTP Content-Type header to
>> > > > > > > > > > "application/x-www-form-urlencoded"?
>> >
>> > > > > > > > > > What's the exact response from the server? There's
>> usually a
>> > > payload
>> > > > > > > > > > included with the response that may give more clarity to
>> the
>> > > error.
>> > > > > > > We
>> > > > > > > > > have
>> > > > > > > > > > some upcoming enhancements to the OAuth implementation
>> that
>> > > will
>> > > > > > > return
>> > > > > > > > > to
>> > > > > > > > > > you the "signature base string we calculated" which
>> would be
>> > > useful
>> > > > > > > here
>> > > > > > > > > > now..
>> >
>> > > > > > > > > > Taylor Singletary
>> > > > > > > > > > Developer Advocate, Twitterhttp://twitter.com/episod
>> >
>> > > > > > > > > > On Thu, Apr 29, 2010 at 1:12 PM,Rahul<
>> rahul.jun...@gmail.com
>> >
>> > > > > > > wrote:
>> > > > > > > > > > > Taylor,
>> >
>> > > > > > > > > > > A quick update on this. I tried generating the
>> signature
>> > > from my
>> > > > > > > > > > > library and the page mentioned below they both seems
>> tbe
>> > > exactly
>> > > > > > > the
>> > > > > > > > > > > same.....
>> >
>> > >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin.
>> > > > > > > > > ..
>> >
>> > > > > > > > > > > What else can be the reason and how come twitter is
>> > > responding with
>> > > > > > > > > > > Incorrect Signature ?
>> >
>> > > > > > > > > > > Thanks,
>> > > > > > > > > > >Rahul
>> >
>> > > > > > > > > > > On Apr 29, 1:19 pm,Rahul<rahul.jun...@gmail.com>
>> wrote:
>> > > > > > > > > > > > Taylor,
>> >
>> > > > > > > > > > > > Thanks for taking a look at it. and to answer your
>> > > question yes I
>> > > > > > > do
>> > > > > > > > > > > > pass the status in the signature basetring.
>> >
>> > > > > > > > > > > > Also below is my string which i pass to the below
>> > > mentioned
>> > > > > > > toSign
>> > > > > > > > > > > > variable.
>> >
>> > > > > > > > > > > > toSign:
>> > > > > > > > > > > > POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
>> >
>> > > %2Fupdate.xml&oauth_consumer_key%xxxxxxxxxxxxxxx%26oauth_nonce
>> >
>> > > %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC-
>> >
>> > > SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645-
>> > > > > > > > > > > > xxxxxxxxxxxxxxxxxxx%26oauth_version%3D1.0%26status
>> > > > > > > > > > > > %3Dhurrrrrrrrrrrrrray
>> >
>> > > > > > > > > > > >     Mac mac = Mac.getInstance(HMAC_SHA1);
>> > > > > > > > > > > >     mac.init(key);
>> > > > > > > > > > > >     byte[] bytes =
>> mac.doFinal(toSign.getBytes(UTF8));
>> >
>> > > > > > > > > > > > and in the key i pass: consumerSecret + '&' +
>> tokenSecret
>> >
>> > > > > > > > > > > > Thanks,
>> > > > > > > > > > > >Rahul
>> >
>> > > > > > > > > > > > On Apr 29, 12:46 pm, Taylor Singletary <
>> > > > > > > taylorsinglet...@twitter.com
>> >
>> > > > > > > > > > > > wrote:
>> >
>> > > > > > > > > > > > > HiRahul,
>> >
>> > > > > > > > > > > > > When you are POSTing to statuses/update.xml -- are
>> you
>> > > > > > > including
>> > > > > > > > > the
>> > > > > > > > > > > status
>> > > > > > > > > > > > > that you are posting in your signature base
>> string? As
>> > > a
>> > > > > > > > > URL-encoded
>> > > > > > > > > > > > > parameter, it should be included in both your POST
>> body
>> > > and the
>> > > > > > > > > > > signature
>> > > > > > > > > > > > > base string (but not in the HTTP authorization
>> header).
>> >
>> > > > > > > > > > > > > Taylor Singletary
>> > > > > > > > > > > > > Developer Advocate,
>> >
>> > ...
>> >
>> > read more ยป
>>
>
>

Reply via email to