Hi Michael,

Judging by the output Curl is giving you here, it doesn't look like the
header is being set correctly on this step. The header that you're
presenting should also be comma separated on each discreet element. The
header also should not include your POST parameters (like "status" in this
example).

In my experience, most people who have issues with OAuth generation in
Javascript have issues because the HMAC-SHA1 library they selected (or
implemeneted) isn't doing something correctly.

Also, you should be using the api subdomain on these requests: "
api.twitter.com"

A more proper curl request might look like, assuming the signature was
re-generated using the proper hostname and all elements were correct:

curl -k -v -X POST -H 'Authorization: OAuth
realm="",oauth_consumer_key="yJDLH7BDdVi1OKIINSV7Q",
oauth_token="142715285-yi2ch324S3zfyKyJby6WDUZOhCsiQuKNUtc3nAGe",oauth_nonce="1275928907blah",oauth_timestamp="1275928907",oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_signature="Kf1epCD5j7nWg9dLgtkT5OJXoQQ%3D"'
-d status="Hello" https://api.twitter.com/statuses/update.json

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Mon, Jun 7, 2010 at 10:04 AM, Michael Cameron <darx...@gmail.com> wrote:

> Thanks Taylor, One last question. i am trying to debug on why i can
> not send messages with twitter, now i am trying to get any response
> from twitter that works. and can not seem to get it to work. I am
> trying cURL to get a response but i always get Could not authenticate
> you. i am using
> http://www.jaanuskase.com/en/2010/01/understanding_the_guts_of_twit.html
> website to figure out how, and the
>
> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
> to create my request examples, I want to ensure i have something
> working to debug my javascript code.
>
> so in essence i can not get this to work:
> C:\>curl -k -v -X POST -H 'Authorization: OAuth
> realm=""oauth_consumer_key="yJDLH7BDdVi1OKIINSV7Q"oauth_token="142715285-
>
> yi2ch324S3zfyKyJby6WDUZOhCsiQuKNUtc3nAGe"oauth_nonce="1275928907blah"oauth_timestamp="1275928907"oauth_signature_method="HMAC-
> SHA1"oauth_version="1.0"oauth_signature="Kf1epCD5j7nW
> g9dLgtkT5OJXoQQ%3D",status="Hello"' -d status="Hello"
> https://twitter.com/statuses/update.json
>
> I recieve:
> * Could not resolve host: OAuth; Host not found
> * Closing connection #0
> curl: (6) Could not resolve host: OAuth; Host not found
> * Could not resolve host: realm=oauth_consumer_key=yJDLH7BDdVi1O
> data record of requested type
> * Closing connection #0
> curl: (6) Could not resolve host: realm=oauth_consumer_key=yJDLH
> * About to connect() to twitter.com port 443 (#0)
> *   Trying 168.143.171.180... connected
> * Connected to twitter.com (168.143.171.180) port 443 (#0)
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES256-SHA
> * Server certificate:
> *        subject: 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.6
> *        start date: 2010-05-11 00:00:00 GMT
> *        expire date: 2012-05-10 23:59:59 GMT
> *        common name: twitter.com (matched)
> *        issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Netwo
> *        SSL certificate verify result: unable to get local issu
> > POST /statuses/update.json HTTP/1.1
> > User-Agent: curl/7.20.1 (i386-pc-win32) libcurl/7.20.1 OpenSSL
> > Host: twitter.com
> > Accept: */*
> > Content-Length: 12
> > Content-Type: application/x-www-form-urlencoded
> >
> < HTTP/1.1 401 Unauthorized
> < Date: Mon, 07 Jun 2010 16:57:58 GMT
> < Server: hi
> < Status: 401 Unauthorized
> < WWW-Authenticate: Basic realm="Twitter API"
> < X-Runtime: 0.00208
> < Content-Type: application/json; charset=utf-8
> < Content-Length: 73
> < Cache-Control: no-cache, max-age=300
> < Set-Cookie: k=209.234.229.21.1275929878800654; path=/; expires
> < Set-Cookie: guest_id=127592987880763413; path=/; expires=Wed,
> < Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBjhWBMpAToH
> < Expires: Mon, 07 Jun 2010 17:02:58 GMT
> < Vary: Accept-Encoding
> < Connection: close
>
>
> On Jun 7, 9:14 am, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
> > Hi Michael,
> >
> > The OAuth authorize step only needs to happen once before you receive
> access
> > tokens that allow you to act on a member's behalf. Once you've obtained
> an
> > access token, you can use it to make direct message requests for the
> user.
> > After completing the authorize and access token steps, store the access
> > token for the user so you can persist it across requests.
> >
> > Taylor Singletary
> > Developer Advocate, Twitterhttp://twitter.com/episod
> >
> > On Mon, Jun 7, 2010 at 8:10 AM, Michael Cameron <darx...@gmail.com>
> wrote:
> > > I was reading a twitter app book, and mentioned something about when
> > > you try to do a status update you have to always call authorize before
> > > your request. is this true? I have pulled my tokens using a library.
> > > but writing my own custom app.
> >
> > > Should i be sending /authorize with access tokens first before my
> > > direct message request?
>

Reply via email to