OAuth should work fine on stream.twitter.com -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc.
On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> wrote: > I'm a bit dumbfounded here... > > I've been trying to login to stream.twitter.com using OAuth > (particularly, I've been trying to access > http://stream.twitter.com/1/statuses/filter.json?follow=####). I used > the access keys obtained from https://api.twitter.com/oauth/access_token > however, I've been getting 401 errors. I've tried basic authentication > and it works fine. > > Does that mean that stream:statuses/filter is still can only accept > basic authentication? > > Regards, > Wil > > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote: >> We haven't announced our plans for streaming and oAuth, beyond stating that >> User Streams will only be on oAuth. >> >> >> >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote: >> > Does this mean that the streaming API will also make the switch from >> > basic authentication to OAuth at the end of June? >> >> > On Mon, May 24, 2010 at 4:50 PM, Mark McBride <mmcbr...@twitter.com> >> > wrote: >> > > OAuth is now enabled on stream.twitter.com. I'll also send a note out >> > > to the announce list >> >> > > ---Mark >> >> > >http://twitter.com/mccv >> >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin <aran...@gmail.com> >> > wrote: >> > >> Hi, >> >> > >> Is there an ETA for enabling oauth on stream.twitter.com? >> >> > >> Thanks, >> > >> Aaron >> >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote: >> > >>> OAuthis not enabled on stream.twitter.com. You can try on >> > >>> chirpstream.twitter.com. >> >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers < >> > lucasvick...@gmail.com> wrote: >> > >>> > I am writing my own c++ basedOAuthlibrary. I know there is liboauth >> > >>> > but I like to do things myself to learn. >> >> > >>> > Anyhow I am trying to accesshttp:// >> > stream.twitter.com/1/statuses/sample.xml >> > >>> > and I keep getting 401. >> >> > >>> > I have verified pretty much every parameter, and used the tool on >> >> >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... >> > >>> > to verify my signature is correct. I used twurl to obtain the user >> > >>> > access tokens to my account. >> >> > >>> > After doing some reading I'm no longer convinced that thestreaming >> > >>> > server even supportsoauth. >> >> > >>> > can you fill me in on the current status of stream.twitter.com and >> > >>> >oauth? >> >> > >>> > thanks! >> > >>> > Lucas >> >> > >>> > On Apr 20, 11:02 pm, Jonathon Hill <jhill9...@gmail.com> wrote: >> > >>> >> Thanks Taylor for the very detailed and helpful response! >> >> > >>> >> Jonathon >> >> > >>> >> On Apr 20, 1:17 pm, Taylor Singletary <taylorsinglet...@twitter.com >> >> > >>> >> wrote: >> >> > >>> >> > Hi Jonathon, >> >> > >>> >> > ForStreamingAPI access that isn't from the perspective of a user's >> > >>> >> > account, you would use two-leggedOAuthto establish authentication >> > instead >> > >>> >> > of basic auth. >> >> > >>> >> > A two-leggedOAuthrequest is very similar to otherOAuthrequests: >> > you have >> > >>> >> > a specific resource you are trying to access, you have some >> > parameters you >> > >>> >> > want to pass to that resource, and you have anOAuthconsumer key >> > andOAuth >> > >>> >> > consumer secret. Which is unlike three-leggedOAuthwhere you also >> > have >> > >>> >> > oauth_tokens representing either a user/access_token or a request >> > token in >> > >>> >> > addition to the rest. >> >> > >>> >> > But the rules remain the same. You take all theOAuthparameters and >> > the >> > >>> >> > parameters you are sending to the resource, organize them, build a >> > signature >> > >>> >> > base string, then sign that with your consumer secret and send the >> > request >> > >>> >> > on to Twitter properly signed. The only difference is that there >> > is no >> > >>> >> > oauth_token and oauth_token_secret getting involved in the mix. >> >> > >>> >> > This is essentially what a two-legged request to thestreamingAPI >> > would >> > >>> >> > look like: >> >> > >>> >> > Signature Base String >> > >>> >> > GET&http%3A%2F%2Fstream.twitter.com >> >> > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%2 >> > >> > 6oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signatu >> > >> > re_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 >> >> > >>> >> > Signature >> > >>> >> > Xi5jfuw2XqtU5KpNX9ZCtTptJS0= >> >> > >>> >> > Authorization Header >> > >>> >> >OAuthoauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8", >> > >>> >> > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743", >> > >>> >> > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ", >> > >>> >> > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", >> > oauth_version="1.0" >> >> > >>> >> > Taylor Singletary >> > >>> >> > Developer Advocate, Twitterhttp://twitter.com/episod >> >> > >>> >> > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill < >> > jhill9...@gmail.com> wrote: >> > >>> >> > > One thing I meant to find out @chirp last week--what >> > willoauthlook >> > >>> >> > > like for theStreamingAPI? I'm having a hard time visualizing how >> > >>> >> > > that will work. >> >> > >>> >> > > Thanks, >> >> > >>> >> > > Jonathon Hill >> > >>> >> > > @compwright >> > >>> >> > > Company52 >> > >>> >> > >http://company52.com >> >> > >>> >> > > -- >> > >>> >> > > Subscription settings: >> >> >http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >