My signature base string status pair looks like:
status%3Dmy%2520tweet

When I tried xAuth authentication with a * character in the password,
it didn't work at first.  But once I double url encoded it, I was able
to authenticate no problem.  So that definitely helps.  I am now
double url encoding the username and password values.

However, the tweet still didn't work.  I am double url encoding the
status message in the signature base string and single url encoding it
in the post body.

Thanks,
Craig

On Jun 16, 11:30 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Craig,
>
> Do you know if the status update, status=my%20tweet is being encoded
> correctly in your signature base string (which is the string used to create
> your signature).
>
> For the signature base string, the key/value pair would look like:
>
> status%3Dmy%2520tweet
>
> Have you tried your xAuth authentication with spaces and other possible odd
> characters yet in fields like the password?
>
> Taylor
>
>
>
> On Wed, Jun 16, 2010 at 8:21 AM, Craig <chanson9...@gmail.com> wrote:
> > Hi Matt,
>
> > Thanks for responding.  My authorization header is still the same as
> > it was in my first message above.  Here it is for another request I
> > just tried:
>
> > OAuth oauth_nonce="TEeSMm8q3m5abhmppain", oauth_signature_method="HMAC-
> > SHA1", oauth_timestamp="1276701304",
> > oauth_consumer_key="xxxxxxxxxxxxxxxxx", oauth_token="xxxxxxxx-
> > xxxxxxxxxxxxxxxxxxxxxxxxx", oauth_signature="xxxxxxxxxxxxxxxxxxxxxxx
> > %3D", oauth_version="1.0"
>
> > The post body is simply:
> > status=my%20tweet
>
> > When I create the request in objective c, it looks like this: (where
> > authHeader is the authorization header noted above and postBody is the
> > post body noted above):
>
> > NSString* requestString= [NSString
> > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL];
> > NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
> >                                initWithURL:[NSURL
> > URLWithString:requestString]
>
> > cachePolicy:NSURLRequestReloadIgnoringCacheData
> >                                    timeoutInterval:30.0];
> > [request setHTTPMethod:@"POST"];
> > [request addValue:authHeader forHTTPHeaderField:@"Authorization"];
> > [request setValue:@"application/x-www-form-urlencoded"
> > forHTTPHeaderField:@"Content-Type"];
> > [request setValue:postBodyLength forHTTPHeaderField:@"Content-
> > Length"];
> > [request setHTTPBody:[postBody
> > dataUsingEncoding:NSUTF8StringEncoding]];
>
> > This type of formatting works just fine for my xAuth authentication.
>
> > On Jun 15, 4:44 pm, themattharris <thematthar...@twitter.com> wrote:
> > > Hey Craig,
>
> > > Could you let us see what the authorization header you are sending
> > > looks like (obfuscating your oauth keys and secrets)?
>
> > > What you're aiming for is a header similar to this:
>
> > > POST /1/statuses/update.xml HTTP/1.1
> > > Accept: */*
> > > Connection: close
> > > User-Agent: OAuth gem v0.4.0
> > > Content-Type: application/x-www-form-urlencoded
> > > Authorization: OAuth
> > >   oauth_consumer_key=\"xxxxxxxxxxxxxxxxxxxxxxxx\",
> > >   oauth_nonce=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxx\",
> > >   oauth_signature=\"xxxxxxxxxxxxxxxxxxxxxxxx\",
> > >   oauth_signature_method=\"HMAC-SHA1\",
> > >   oauth_timestamp=\"1276634179\",
> > >   oauth_token=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",
> > >   oauth_version=\"1.0\"
> > > Content-Length: 27
> > > Host: api.twitter.com
>
> > > With your post body being the status you are sending. Similar to:
>
> > > status=something%20to%20say
>
> > > Matt
>
> > > On Jun 13, 8:32 pm, Craig <chanson9...@gmail.com> wrote:
>
> > > > Ok, so I believe my signature is correct because if I take out the
> > > > oauth_token parameter from the signature base I get an incorrect
> > > > signature error instead of the invalid/used nonce error.  I am
> > > > definitely posting to the correct url: "https://api.twitter.com/1/
> > > > statuses/update.xml" because if I change it I get an invalid url
> > > > response.  The nonce I'm generating is unique for every request I'm
> > > > sending.  The timestamp is accurate to the number of seconds that have
> > > > passed since unix epoch.  Obviously the invalid/used nonce error is
> > > > garbage.
>
> > > > Here's the formatting of my URL request in obj c:
>
> > > > // Create the request
> > > > NSString* requestString= [NSString
> > > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL];
> > > > NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
> > > >                                 initWithURL:[NSURL
> > URLWithString:requestString]
>
> > cachePolicy:NSURLRequestReloadIgnoringCacheData
> > > >                                     timeoutInterval:30.0];
> > > > [request setHTTPMethod:@"POST"];
> > > > [request addValue:authHeader forHTTPHeaderField:@"Authorization"];
> > > > [request setValue:@"application/x-www-form-urlencoded"
> > > > forHTTPHeaderField:@"Content-Type"];
> > > > [request setValue:postBodyLength forHTTPHeaderField:@"Content-
> > > > Length"];
> > > > [request setHTTPBody:[postBody
> > > > dataUsingEncoding:NSUTF8StringEncoding]];
>
> > > > Any other ideas?  I'm at a total loss as to why this might be
> > > > happening.
>
> > > > Thanks,
> > > > Craig
>
> > > > On Jun 13, 3:42 pm, Craig <chanson9...@gmail.com> wrote:
>
> > > > > No dice.  I just tried creating a new app and using the new
> > keys/token
> > > > > to tweet.  I'll go over my steps once more and see if I can track
> > down
> > > > > an issue somewhere...
>
> > > > > On Jun 11, 8:53 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> > > > > wrote:
>
> > > > > > xAuth in this case, I think, is unrelated to the issue. If you can
> > use
> > > > > > a different key and use the "my token" feature to get your access
> > > > > > token, then try to tweet using that token, it will sufficiently
> > > > > > express the problem I think.
>
> > > > > > Taylor
>
> > > > > > On Jun 11, 2010, at 2:48 PM, Craig <chanson9...@gmail.com> wrote:
>
> > > > > > > Hello,
>
> > > > > > > I have an iphone app that is using xauth.  I am able to obtain
> > the
> > > > > > > access token with no problem at all.  When I go to post a status
> > > > > > > update, I receive an invalid / used nonce error.  It can't
> > actually be
> > > > > > > a used nonce since I have checked this multiple times.  Here are
> > the
> > > > > > > details of the post:
>
> > > > > > > url:
> > > > > > >http://api.twitter.com/1/statuses/update.xml
>
> > > > > > > signature base string:
> > > > > > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> > > > > > > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
> > > > > > > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
> > > > > > > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
> > > > > > > %26oauth_version%3D1.0%26status%3Dmy%2520tweet
>
> > > > > > > Authorization header:
> > > > > > > OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB",
> > oauth_signature_method="HMAC-
> > > > > > > SHA1", oauth_timestamp="1276292596",
> > > > > > > oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
> > > > > > > oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D",
> > oauth_version="1.0"
>
> > > > > > > Content-Type:
> > > > > > > [request setValue:@"application/x-www-form-urlencoded"
> > > > > > > forHTTPHeaderField:@"Content-Type"];
>
> > > > > > > I can see no reason why this shouldn't work.  Any help would be
> > > > > > > greatly appreciated!
>
> > > > > > > Thanks,
> > > > > > > Craig

Reply via email to