I agree that it's the wrong error. We have a new, better implementation of OAuth waiting in the wings that's going to be much more helpful in this regard.
I'm still trying to rule out some possibilities. Can you try and create a new application, then grab the access token from the my access token feature, and try to post? It'll just help rule something out. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, Jun 16, 2010 at 1:55 PM, Craig <chanson9...@gmail.com> wrote: > I am in "read/write" mode. > > I tried posting to two different twitter accounts without luck...my > dev account, where I know what the access secret and token is supposed > to be and another one I just created. I know my access token and > secret are being stored correctly and I believe they are being used > correctly in the auth header and the signature base string. > > Other thoughts? It would be nice to get an error returned that was a > little more indicative of what the problem might be. Invalid/used > nonce isn't really cutting it right now. > > Thanks, > Craig > > On Jun 16, 3:52 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > Our setup is such that I can't easily trace a single request. > > > > Connecting some dots: if you have time, can you try to use a different > > access token with your keys and see if it has the ability to tweet? > > > > Can you go to your application settings and verify that your application > is > > in "read/write mode" on dev.twitter.com? > > > > Finally, this might be a case of something funky with your client > > application -- which might be resolved by creating a new one. But let's > rule > > out some other possibilities first. > > > > Taylor Singletary > > Developer Advocate, Twitterhttp://twitter.com/episod > > > > > > > > On Wed, Jun 16, 2010 at 12:39 PM, Craig <chanson9...@gmail.com> wrote: > > > By the way, even when I try to tweet with just one word like: "tweet", > > > it doesn't work. Just simple ascii characters. Is there any way you > > > can just intercept one of my test tweets and look at what, if anything > > > might be going wrong on the server side? > > > > > -Craig > > > > > On Jun 16, 3:05 pm, Craig <chanson9...@gmail.com> wrote: > > > > My signature base string status pair looks like: > > > > status%3Dmy%2520tweet > > > > > > When I tried xAuth authentication with a * character in the password, > > > > it didn't work at first. But once I double url encoded it, I was > able > > > > to authenticate no problem. So that definitely helps. I am now > > > > double url encoding the username and password values. > > > > > > However, the tweet still didn't work. I am double url encoding the > > > > status message in the signature base string and single url encoding > it > > > > in the post body. > > > > > > Thanks, > > > > Craig > > > > > > On Jun 16, 11:30 am, Taylor Singletary <taylorsinglet...@twitter.com > > > > > > wrote: > > > > > > > Hi Craig, > > > > > > > Do you know if the status update, status=my%20tweet is being > encoded > > > > > correctly in your signature base string (which is the string used > to > > > create > > > > > your signature). > > > > > > > For the signature base string, the key/value pair would look like: > > > > > > > status%3Dmy%2520tweet > > > > > > > Have you tried your xAuth authentication with spaces and other > possible > > > odd > > > > > characters yet in fields like the password? > > > > > > > Taylor > > > > > > > On Wed, Jun 16, 2010 at 8:21 AM, Craig <chanson9...@gmail.com> > wrote: > > > > > > Hi Matt, > > > > > > > > Thanks for responding. My authorization header is still the same > as > > > > > > it was in my first message above. Here it is for another request > I > > > > > > just tried: > > > > > > > > OAuth oauth_nonce="TEeSMm8q3m5abhmppain", > > > oauth_signature_method="HMAC- > > > > > > SHA1", oauth_timestamp="1276701304", > > > > > > oauth_consumer_key="xxxxxxxxxxxxxxxxx", oauth_token="xxxxxxxx- > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxx", > oauth_signature="xxxxxxxxxxxxxxxxxxxxxxx > > > > > > %3D", oauth_version="1.0" > > > > > > > > The post body is simply: > > > > > > status=my%20tweet > > > > > > > > When I create the request in objective c, it looks like this: > (where > > > > > > authHeader is the authorization header noted above and postBody > is > > > the > > > > > > post body noted above): > > > > > > > > NSString* requestString= [NSString > > > > > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL]; > > > > > > NSMutableURLRequest* request = [[NSMutableURLRequest alloc] > > > > > > initWithURL:[NSURL > > > > > > URLWithString:requestString] > > > > > > > > cachePolicy:NSURLRequestReloadIgnoringCacheData > > > > > > timeoutInterval:30.0]; > > > > > > [request setHTTPMethod:@"POST"]; > > > > > > [request addValue:authHeader forHTTPHeaderField:@ > "Authorization"]; > > > > > > [request setValue:@"application/x-www-form-urlencoded" > > > > > > forHTTPHeaderField:@"Content-Type"]; > > > > > > [request setValue:postBodyLength forHTTPHeaderField:@"Content- > > > > > > Length"]; > > > > > > [request setHTTPBody:[postBody > > > > > > dataUsingEncoding:NSUTF8StringEncoding]]; > > > > > > > > This type of formatting works just fine for my xAuth > authentication. > > > > > > > > On Jun 15, 4:44 pm, themattharris <thematthar...@twitter.com> > wrote: > > > > > > > Hey Craig, > > > > > > > > > Could you let us see what the authorization header you are > sending > > > > > > > looks like (obfuscating your oauth keys and secrets)? > > > > > > > > > What you're aiming for is a header similar to this: > > > > > > > > > POST /1/statuses/update.xml HTTP/1.1 > > > > > > > Accept: */* > > > > > > > Connection: close > > > > > > > User-Agent: OAuth gem v0.4.0 > > > > > > > Content-Type: application/x-www-form-urlencoded > > > > > > > Authorization: OAuth > > > > > > > oauth_consumer_key=\"xxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > oauth_nonce=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > oauth_signature=\"xxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > oauth_signature_method=\"HMAC-SHA1\", > > > > > > > oauth_timestamp=\"1276634179\", > > > > > > > oauth_token=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > oauth_version=\"1.0\" > > > > > > > Content-Length: 27 > > > > > > > Host: api.twitter.com > > > > > > > > > With your post body being the status you are sending. Similar > to: > > > > > > > > > status=something%20to%20say > > > > > > > > > Matt > > > > > > > > > On Jun 13, 8:32 pm, Craig <chanson9...@gmail.com> wrote: > > > > > > > > > > Ok, so I believe my signature is correct because if I take > out > > > the > > > > > > > > oauth_token parameter from the signature base I get an > incorrect > > > > > > > > signature error instead of the invalid/used nonce error. I > am > > > > > > > > definitely posting to the correct url: " > > >https://api.twitter.com/1/ > > > > > > > > statuses/update.xml" because if I change it I get an invalid > url > > > > > > > > response. The nonce I'm generating is unique for every > request > > > I'm > > > > > > > > sending. The timestamp is accurate to the number of seconds > that > > > have > > > > > > > > passed since unix epoch. Obviously the invalid/used nonce > error > > > is > > > > > > > > garbage. > > > > > > > > > > Here's the formatting of my URL request in obj c: > > > > > > > > > > // Create the request > > > > > > > > NSString* requestString= [NSString > > > > > > > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL]; > > > > > > > > NSMutableURLRequest* request = [[NSMutableURLRequest alloc] > > > > > > > > initWithURL:[NSURL > > > > > > URLWithString:requestString] > > > > > > > > cachePolicy:NSURLRequestReloadIgnoringCacheData > > > > > > > > timeoutInterval:30.0]; > > > > > > > > [request setHTTPMethod:@"POST"]; > > > > > > > > [request addValue:authHeader forHTTPHeaderField:@ > > > "Authorization"]; > > > > > > > > [request setValue:@"application/x-www-form-urlencoded" > > > > > > > > forHTTPHeaderField:@"Content-Type"]; > > > > > > > > [request setValue:postBodyLength forHTTPHeaderField:@ > "Content- > > > > > > > > Length"]; > > > > > > > > [request setHTTPBody:[postBody > > > > > > > > dataUsingEncoding:NSUTF8StringEncoding]]; > > > > > > > > > > Any other ideas? I'm at a total loss as to why this might be > > > > > > > > happening. > > > > > > > > > > Thanks, > > > > > > > > Craig > > > > > > > > > > On Jun 13, 3:42 pm, Craig <chanson9...@gmail.com> wrote: > > > > > > > > > > > No dice. I just tried creating a new app and using the new > > > > > > keys/token > > > > > > > > > to tweet. I'll go over my steps once more and see if I can > > > track > > > > > > down > > > > > > > > > an issue somewhere... > > > > > > > > > > > On Jun 11, 8:53 pm, Taylor Singletary < > > > taylorsinglet...@twitter.com> > > > > > > > > > wrote: > > > > > > > > > > > > xAuth in this case, I think, is unrelated to the issue. > If > > > you can > > > > > > use > > > > > > > > > > a different key and use the "my token" feature to get > your > > > access > > > > > > > > > > token, then try to tweet using that token, it will > > > sufficiently > > > > > > > > > > express the problem I think. > > > > > > > > > > > > Taylor > > > > > > > > > > > > On Jun 11, 2010, at 2:48 PM, Craig < > chanson9...@gmail.com> > > > wrote: > > > > > > > > > > > > > Hello, > > > > > > > > > > > > > I have an iphone app that is using xauth. I am able to > > > obtain > > > > > > the > > > > > > > > > > > access token with no problem at all. When I go to post > a > > > status > > > > > > > > > > > update, I receive an invalid / used nonce error. It > can't > > > > > > actually be > > > > > > > > > > > a used nonce since I have checked this multiple times. > > > Here are > > > > > > the > > > > > > > > > > > details of the post: > > > > > > > > > > > > > url: > > > > > > > > > > >http://api.twitter.com/1/statuses/update.xml > > > > > > > > > > > > > signature base string: > > > > > > > > > > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses > > > > > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce > > > > > > > > > > > > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- > > > > > > > > > > > > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken > > > > > > > > > > > %26oauth_version%3D1.0%26status%3Dmy%2520tweet > > > > > > > > > > > > > Authorization header: > > > > > > > > > > > OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", > > > > > > oauth_signature_method="HMAC- > > > > > > > > > > > SHA1", oauth_timestamp="1276292596", > > > > > > > > > > > oauth_consumer_key="myconsumerkey", > oauth_token="mytoken", > > > > > > > > > > > oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", > > > > > > oauth_version="1.0" > > > > > > > > > > > > > Content-Type: > > > > > > > > > > > [request setValue:@"application/x-www-form-urlencoded" > > > > > > > > > > > forHTTPHeaderField:@"Content-Type"]; > > > > > > > > > > > > > I can see no reason why this shouldn't work. Any help > > > would be > > > > > > > > > > > greatly appreciated! > > > > > > > > > > > > > Thanks, > > > > > > > > > > > Craig >
