Hi,

Sorry it took me a while since I'm using TweetSharp and am stepping
through the (unfamiliar) code.
The moment you said about the signature, I'm suspecting that the
problem is somewhere with that. However, I got this:

POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_consumer_key
%3D########%26oauth_nonce%3Dtljnew4g283c50gv%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1277483909%26oauth_token%3D34216267-
QihEsUq7jxULnJzMbn1EC1AliHVkktPXjqgYHw8Zt%26oauth_version
%3D1.0%26source%3Dsoftwarename

"oauth_consumer_key":"##########"
"oauth_token":"34216267-QihEsUq7jxULnJzMbn1EC1AliHVkktPXjqgYHw8Zt"
"oauth_nonce":"tljnew4g283c50gv"
"oauth_timestamp":"1277483909"
"oauth_signature_method":"HMAC-SHA1"
"oauth_signature":"ljXbh0wozsHBV6PRowsuZQUHXQs%3D"
"oauth_version":"1.0"
"source":"softwarename"
"delimited":"1"
"follow":"156934710"

which looks almost like yours.

Thanks,
Wil
On Jun 24, 11:59 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Wil,
>
> I can help you with the OAuth component of this. Can you share your
> signature base string for the request?
>
> Here's an example of a few of the steps of a functioning OAuth request
> against this endpoint:
>
> POST body
> source=softwarename&delimited=1&follow=156934710
>
> Signature Base String
> POST&http%3A%2F%2Fstream.twitter.com
> %2F1%2Fstatuses%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_co 
> nsumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DVBOxfmeKM2mgMeou28zK78M 
> Klfrkvc7Wo4Hx8BAkf0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp% 
> 3D1277394877%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTm 
> lw%26oauth_version%3D1.0%26source%3Dsoftwarename
>
> Authorization Header
> OAuth oauth_nonce="VBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277394877",
> oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ",
> oauth_token="819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw",
> oauth_signature="cLdFEiEy16d2HdWnb5dPBtuxvko%3D", oauth_version="1.0"
>
> How do your values for signature base string differ, if at all? (other than
> the tokens, timestamp, and nonce being different).
>
> Thanks,
> Taylor
>
>
>
> On Thu, Jun 24, 2010 at 8:17 AM, John Kalucki <j...@twitter.com> wrote:
> > Aside from the oAuth issue, which others can address, the only valid
> > delimited value is length.
>
> > -John
>
> > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote:
>
> >> I'm getting this response:
>
> >> HTTP/1.1 401 Unauthorized
> >> Content-Length: 1296
> >> Cache-Control: must-revalidate,no-cache,no-store
> >> Content-Type: text/html; charset=iso-8859-1
> >> Server: Jetty(6.1.17)
> >> WWW-Authenticate: Basic realm="Firehose"
>
> >>  <html>
> >> <head>
> >> <meta http-equiv="Content-Type" content="text/html;
> >> charset=ISO-8859-1"/>
> >> <title>Error 401 UNAUTHORIZED</title>
> >> </head>
> >> <body>
> >> <h2>HTTP ERROR: 401</h2>
> >> <p>Problem accessing /1/statuses/filter.json. Reason:
> >> <pre>    UNAUTHORIZED</pre></p>
> >> <hr /><i><small>Powered by Jetty://</small></i>
>
> >> Here's what I POSTed(oauth tokens are filtered out):
>
> >> REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json
> >> Authorization: OAuth
>
> >> oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth
> >>  _timestamp="#####",oauth_signature_method="HMAC-
> >> SHA1",oauth_signature="########",oauth_version="1.0",
> >> Content-Type: application/x-www-form-urlencoded
> >> Vary: Accept-Encoding
> >> Connection: close
>
> >> source=softwarename&delimited=1&follow=156934710
>
> >> On Jun 23, 1:33 am, John Kalucki <j...@twitter.com> wrote:
> >> > OAuthshould work fine onstream.twitter.com
>
> >> > -John Kaluckihttp://twitter.com/jkalucki
> >> > Infrastructure, Twitter Inc.
>
> >> > On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> wrote:
> >> > > I'm a bit dumbfounded here...
>
> >> > > I've been trying to login tostream.twitter.com usingOAuth
> >> > > (particularly, I've been trying to access
> >> > >http://stream.twitter.com/1/statuses/filter.json?follow=####). I used
> >> > > the access keys obtained fromhttps://
> >> api.twitter.com/oauth/access_token
> >> > > however, I've been getting 401 errors. I've tried basic authentication
> >> > > and it works fine.
>
> >> > > Does that mean thatstream:statuses/filter is still can only accept
> >> > > basic authentication?
>
> >> > > Regards,
> >> > > Wil
>
> >> > > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote:
> >> > >> We haven't announced our plans for streaming andoAuth, beyond stating
> >> that
> >> > >> User Streams will only be onoAuth.
>
> >> > >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote:
> >> > >> > Does this mean that the streaming API will also make the switch
> >> from
> >> > >> > basic authentication toOAuthat the end of June?
>
> >> > >> > On Mon, May 24, 2010 at 4:50 PM, Mark McBride <
> >> mmcbr...@twitter.com>
> >> > >> > wrote:
> >> > >> > >OAuthis now enabled onstream.twitter.com.  I'll also send a note
> >> out
> >> > >> > > to the announce list
>
> >> > >> > >   ---Mark
>
> >> > >> > >http://twitter.com/mccv
>
> >> > >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin <
> >> aran...@gmail.com>
> >> > >> > wrote:
> >> > >> > >> Hi,
>
> >> > >> > >> Is there an ETA for enablingoauthonstream.twitter.com?
>
> >> > >> > >> Thanks,
> >> > >> > >> Aaron
>
> >> > >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote:
> >> > >> > >>> OAuthis not enabled onstream.twitter.com. You can try on
> >> > >> > >>> chirpstream.twitter.com.
>
> >> > >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers <
> >> > >> > lucasvick...@gmail.com> wrote:
> >> > >> > >>> > I am writing my own c++ basedOAuthlibrary.  I know there is
> >> liboauth
> >> > >> > >>> > but I like to do things myself to learn.
>
> >> > >> > >>> > Anyhow I am trying to accesshttp://
> >> > >> >stream.twitter.com/1/statuses/sample.xml
> >> > >> > >>> > and I keep getting 401.
>
> >> > >> > >>> > I have verified pretty much every parameter, and used the
> >> tool on
>
> >>http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> >> > >> > >>> > to verify my signature is correct. I used twurl to obtain the
> >> user
> >> > >> > >>> > access tokens to my account.
>
> >> > >> > >>> > After doing some reading I'm no longer convinced that
> >> thestreaming
> >> > >> > >>> > server even supportsoauth.
>
> >> > >> > >>> > can you fill me in on the current status
> >> ofstream.twitter.com and
> >> > >> > >>> >oauth?
>
> >> > >> > >>> > thanks!
> >> > >> > >>> > Lucas
>
> >> > >> > >>> > On Apr 20, 11:02 pm, Jonathon Hill <jhill9...@gmail.com>
> >> wrote:
> >> > >> > >>> >> Thanks Taylor for the very detailed and helpful response!
>
> >> > >> > >>> >> Jonathon
>
> >> > >> > >>> >> On Apr 20, 1:17 pm, Taylor Singletary <
> >> taylorsinglet...@twitter.com
>
> >> > >> > >>> >> wrote:
>
> >> > >> > >>> >> > Hi Jonathon,
>
> >> > >> > >>> >> > ForStreamingAPI access that isn't from the perspective of
> >> a user's
> >> > >> > >>> >> > account, you would use two-leggedOAuthto establish
> >> authentication
> >> > >> > instead
> >> > >> > >>> >> > of basic auth.
>
> >> > >> > >>> >> > A two-leggedOAuthrequest is very similar to
> >> otherOAuthrequests:
> >> > >> > you have
> >> > >> > >>> >> > a specific resource you are trying to access, you have
> >> some
> >> > >> > parameters you
> >> > >> > >>> >> > want to pass to that resource, and you have
> >> anOAuthconsumer key
> >> > >> > andOAuth
> >> > >> > >>> >> > consumer secret. Which is unlike three-leggedOAuthwhere
> >> you also
> >> > >> > have
> >> > >> > >>> >> > oauth_tokens representing either a user/access_token or a
> >> request
> >> > >> > token in
> >> > >> > >>> >> > addition to the rest.
>
> >> > >> > >>> >> > But the rules remain the same. You take all
> >> theOAuthparameters and
> >> > >> > the
> >> > >> > >>> >> > parameters you are sending to the resource, organize them,
> >> build a
> >> > >> > signature
> >> > >> > >>> >> > base string, then sign that with your consumer secret and
> >> send the
> >> > >> > request
> >> > >> > >>> >> > on to Twitter properly signed. The only difference is that
> >> there
> >> > >> > is no
> >> > >> > >>> >> > oauth_token and oauth_token_secret getting involved in the
> >> mix.
>
> >> > >> > >>> >> > This is essentially what a two-legged request to
> >> thestreamingAPI
> >> > >> > would
> >> > >> > >>> >> > look like:
>
> >> > >> > >>> >> > Signature Base String
> >> > >> > >>> >> > GET&http%3A%2F%2Fstream.twitter.com
>
> >> %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%2
> >> ­6oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signatu
> >> r­e_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
>
> >> > >> > >>> >> > Signature
> >> > >> > >>> >> > Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
>
> >> > >> > >>> >> > Authorization Header
>
> >> >OAuthoauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8",
> >> > >> > >>> >> > oauth_signature_method="HMAC-SHA1",
> >> oauth_timestamp="1271783743",
> >> > >> > >>> >> > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ",
> >> > >> > >>> >> > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D",
> >> > >> > oauth_version="1.0"
>
> >> > >> > >>> >> > Taylor Singletary
> >> > >> > >>> >> > Developer Advocate, Twitterhttp://twitter.com/episod
>
> >> > >> > >>> >> > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill <
> >> > >> > jhill9...@gmail.com> wrote:
> >> > >> > >>> >> > > One thing I meant to find out @chirp last week--what
> >> > >> > willoauthlook
> >> > >> > >>> >> > > like for theStreamingAPI? I'm having a hard time
> >> visualizing how
> >> > >> > >>> >> > > that will work.
>
> >> > >> > >>> >> > > Thanks,
>
> >> > >> > >>> >> > > Jonathon Hill
> >> > >> > >>> >> > > @compwright
> >> > >> > >>> >> > > Company52
> >> > >> > >>> >> > >http://company52.com
>
> >> > >> > >>> >> > > --
> >> > >> > >>> >> > > Subscription settings:
>
> >>http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Reply via email to