Hi Craig,

Do you know if the status update, status=my%20tweet is being encoded
correctly in your signature base string (which is the string used to create
your signature).

For the signature base string, the key/value pair would look like:

status%3Dmy%2520tweet

Have you tried your xAuth authentication with spaces and other possible odd
characters yet in fields like the password?

Taylor

On Wed, Jun 16, 2010 at 8:21 AM, Craig <chanson9...@gmail.com> wrote:

> Hi Matt,
>
> Thanks for responding.  My authorization header is still the same as
> it was in my first message above.  Here it is for another request I
> just tried:
>
> OAuth oauth_nonce="TEeSMm8q3m5abhmppain", oauth_signature_method="HMAC-
> SHA1", oauth_timestamp="1276701304",
> oauth_consumer_key="xxxxxxxxxxxxxxxxx", oauth_token="xxxxxxxx-
> xxxxxxxxxxxxxxxxxxxxxxxxx", oauth_signature="xxxxxxxxxxxxxxxxxxxxxxx
> %3D", oauth_version="1.0"
>
> The post body is simply:
> status=my%20tweet
>
> When I create the request in objective c, it looks like this: (where
> authHeader is the authorization header noted above and postBody is the
> post body noted above):
>
> NSString* requestString= [NSString
> stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL];
> NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
>                                initWithURL:[NSURL
> URLWithString:requestString]
>
> cachePolicy:NSURLRequestReloadIgnoringCacheData
>                                    timeoutInterval:30.0];
> [request setHTTPMethod:@"POST"];
> [request addValue:authHeader forHTTPHeaderField:@"Authorization"];
> [request setValue:@"application/x-www-form-urlencoded"
> forHTTPHeaderField:@"Content-Type"];
> [request setValue:postBodyLength forHTTPHeaderField:@"Content-
> Length"];
> [request setHTTPBody:[postBody
> dataUsingEncoding:NSUTF8StringEncoding]];
>
> This type of formatting works just fine for my xAuth authentication.
>
> On Jun 15, 4:44 pm, themattharris <thematthar...@twitter.com> wrote:
> > Hey Craig,
> >
> > Could you let us see what the authorization header you are sending
> > looks like (obfuscating your oauth keys and secrets)?
> >
> > What you're aiming for is a header similar to this:
> >
> > POST /1/statuses/update.xml HTTP/1.1
> > Accept: */*
> > Connection: close
> > User-Agent: OAuth gem v0.4.0
> > Content-Type: application/x-www-form-urlencoded
> > Authorization: OAuth
> >   oauth_consumer_key=\"xxxxxxxxxxxxxxxxxxxxxxxx\",
> >   oauth_nonce=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxx\",
> >   oauth_signature=\"xxxxxxxxxxxxxxxxxxxxxxxx\",
> >   oauth_signature_method=\"HMAC-SHA1\",
> >   oauth_timestamp=\"1276634179\",
> >   oauth_token=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",
> >   oauth_version=\"1.0\"
> > Content-Length: 27
> > Host: api.twitter.com
> >
> > With your post body being the status you are sending. Similar to:
> >
> > status=something%20to%20say
> >
> > Matt
> >
> > On Jun 13, 8:32 pm, Craig <chanson9...@gmail.com> wrote:
> >
> >
> >
> > > Ok, so I believe my signature is correct because if I take out the
> > > oauth_token parameter from the signature base I get an incorrect
> > > signature error instead of the invalid/used nonce error.  I am
> > > definitely posting to the correct url: "https://api.twitter.com/1/
> > > statuses/update.xml" because if I change it I get an invalid url
> > > response.  The nonce I'm generating is unique for every request I'm
> > > sending.  The timestamp is accurate to the number of seconds that have
> > > passed since unix epoch.  Obviously the invalid/used nonce error is
> > > garbage.
> >
> > > Here's the formatting of my URL request in obj c:
> >
> > > // Create the request
> > > NSString* requestString= [NSString
> > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL];
> > > NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
> > >                                 initWithURL:[NSURL
> URLWithString:requestString]
> > >
> cachePolicy:NSURLRequestReloadIgnoringCacheData
> > >                                     timeoutInterval:30.0];
> > > [request setHTTPMethod:@"POST"];
> > > [request addValue:authHeader forHTTPHeaderField:@"Authorization"];
> > > [request setValue:@"application/x-www-form-urlencoded"
> > > forHTTPHeaderField:@"Content-Type"];
> > > [request setValue:postBodyLength forHTTPHeaderField:@"Content-
> > > Length"];
> > > [request setHTTPBody:[postBody
> > > dataUsingEncoding:NSUTF8StringEncoding]];
> >
> > > Any other ideas?  I'm at a total loss as to why this might be
> > > happening.
> >
> > > Thanks,
> > > Craig
> >
> > > On Jun 13, 3:42 pm, Craig <chanson9...@gmail.com> wrote:
> >
> > > > No dice.  I just tried creating a new app and using the new
> keys/token
> > > > to tweet.  I'll go over my steps once more and see if I can track
> down
> > > > an issue somewhere...
> >
> > > > On Jun 11, 8:53 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> > > > wrote:
> >
> > > > > xAuth in this case, I think, is unrelated to the issue. If you can
> use
> > > > > a different key and use the "my token" feature to get your access
> > > > > token, then try to tweet using that token, it will sufficiently
> > > > > express the problem I think.
> >
> > > > > Taylor
> >
> > > > > On Jun 11, 2010, at 2:48 PM, Craig <chanson9...@gmail.com> wrote:
> >
> > > > > > Hello,
> >
> > > > > > I have an iphone app that is using xauth.  I am able to obtain
> the
> > > > > > access token with no problem at all.  When I go to post a status
> > > > > > update, I receive an invalid / used nonce error.  It can't
> actually be
> > > > > > a used nonce since I have checked this multiple times.  Here are
> the
> > > > > > details of the post:
> >
> > > > > > url:
> > > > > >http://api.twitter.com/1/statuses/update.xml
> >
> > > > > > signature base string:
> > > > > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> > > > > > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
> > > > > > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
> > > > > > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
> > > > > > %26oauth_version%3D1.0%26status%3Dmy%2520tweet
> >
> > > > > > Authorization header:
> > > > > > OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB",
> oauth_signature_method="HMAC-
> > > > > > SHA1", oauth_timestamp="1276292596",
> > > > > > oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
> > > > > > oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D",
> oauth_version="1.0"
> >
> > > > > > Content-Type:
> > > > > > [request setValue:@"application/x-www-form-urlencoded"
> > > > > > forHTTPHeaderField:@"Content-Type"];
> >
> > > > > > I can see no reason why this shouldn't work.  Any help would be
> > > > > > greatly appreciated!
> >
> > > > > > Thanks,
> > > > > > Craig
>

Reply via email to