Hi,

@John: I removed the delimited=1 parameter and it still gave me 401's.

@Taylor: I checked my system clock and does not differ from the server
time by more than 5 minutes.
The code works with the following which I've used:
1) OAuth authentication methods
2) statuses/user_timeline
3) 1/favorites/create

(3) is a bit wierd since TweetSharp sends favorite requests in this
form:
http://api.twitter.com/1/favorites/create/######.json

and the POST body contains this:
source=Wildfire%20by%20Implication

Yet it still works. I haven't tried other things in TweetSharp that
does POST though.
I thought that it was probably the read/write permissions that's
causing the problem because I initially set the App as read-only (I
changed it to write-access when I implemented the favorite). I then
recreated the client information with read&write access. So I guess
permissions weren't the problem.

I did some packet sniffing to be extra sure that it's sending the data
as POST... and I got this: (using Microsoft NetMon 3.3)
- Http: Request, POST /1/statuses/filter.json , Using OAuth
Authorization
    Command: POST
  + URI: /1/statuses/filter.json
    ProtocolVersion: HTTP/1.1
  - Authorization: OAuth
   - Authorization:  OAuth
oauth_consumer_key="######",oauth_token="34216267-
BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC-
SHA1",oauth_signature="PeKBoS3uYgL9p7oJ%2
      WhiteSpace:
      AuthorizationData: OAuth
oauth_consumer_key="#######",oauth_token="34216267-
BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC-
SHA1",oauth_signature="PeKBoS3uYgL9p7o
  + ContentType:  application/x-www-form-urlencoded
    Host:  stream.twitter.com
    ContentLength:  51
    Connection:  Keep-Alive
    HeaderEnd: CRLF


The next frame was the HTTP payload
- Http: HTTP Payload, URL: /1/statuses/filter.json
  - payload: HttpContentType =  application/x-www-form-urlencoded
     source: softwarename
     follow: ###########

On Jun 26, 5:50 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Wil,
>
> Does your OAuth code work against other aspects of the Twitter API? Can you
> verify if your system's clock is within 5 minutes or so of the times
> returned by our system? (You can see the current server time in an HTTP
> header of any of our responses).
>
> Are you sure that your code is actually POSTing the POST body along with the
> request?
>
> Seems like you are really close.
>
>
>
> On Fri, Jun 25, 2010 at 10:10 AM, Wil <willi...@gmail.com> wrote:
> > Hi John,
>
> > Uhh, care to elaborate? I don't quite get what you meant...
>
> > Thanks,
> > Wil
>
> > On Jun 24, 11:17 pm, John Kalucki <j...@twitter.com> wrote:
> > > Aside from the oAuth issue, which others can address, the only valid
> > > delimited value is length.
>
> > > -John
>
> > > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote:
> > > > I'm getting this response:
>
> > > > HTTP/1.1 401 Unauthorized
> > > > Content-Length: 1296
> > > > Cache-Control: must-revalidate,no-cache,no-store
> > > > Content-Type: text/html; charset=iso-8859-1
> > > > Server: Jetty(6.1.17)
> > > > WWW-Authenticate: Basic realm="Firehose"
>
> > > >  <html>
> > > > <head>
> > > > <meta http-equiv="Content-Type" content="text/html;
> > > > charset=ISO-8859-1"/>
> > > > <title>Error 401 UNAUTHORIZED</title>
> > > > </head>
> > > > <body>
> > > > <h2>HTTP ERROR: 401</h2>
> > > > <p>Problem accessing /1/statuses/filter.json. Reason:
> > > > <pre>    UNAUTHORIZED</pre></p>
> > > > <hr /><i><small>Powered by Jetty://</small></i>
>
> > > > Here's what I POSTed(oauth tokens are filtered out):
>
> > > > REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json
> > > > Authorization: OAuth
>
> > oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth
> > _timestamp="#####",oauth_signature_method="HMAC-
> > > > SHA1",oauth_signature="########",oauth_version="1.0",
> > > > Content-Type: application/x-www-form-urlencoded
> > > > Vary: Accept-Encoding
> > > > Connection: close
>
> > > > source=softwarename&delimited=1&follow=156934710
>
> > > > On Jun 23, 1:33 am, John Kalucki <j...@twitter.com> wrote:
> > > > > OAuthshould work fine onstream.twitter.com
>
> > > > > -John Kaluckihttp://twitter.com/jkalucki
> > > > > Infrastructure, Twitter Inc.
>
> > > > > On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> wrote:
> > > > > > I'm a bit dumbfounded here...
>
> > > > > > I've been trying to login tostream.twitter.com usingOAuth
> > > > > > (particularly, I've been trying to access
> > > > > >http://stream.twitter.com/1/statuses/filter.json?follow=####). I
> > used
> > > > > > the access keys obtained fromhttps://
> > > > api.twitter.com/oauth/access_token
> > > > > > however, I've been getting 401 errors. I've tried basic
> > authentication
> > > > > > and it works fine.
>
> > > > > > Does that mean thatstream:statuses/filter is still can only accept
> > > > > > basic authentication?
>
> > > > > > Regards,
> > > > > > Wil
>
> > > > > > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote:
> > > > > >> We haven't announced our plans for streaming andoAuth, beyond
> > stating
> > > > that
> > > > > >> User Streams will only be onoAuth.
>
> > > > > >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote:
> > > > > >> > Does this mean that the streaming API will also make the switch
> > from
> > > > > >> > basic authentication toOAuthat the end of June?
>
> > > > > >> > On Mon, May 24, 2010 at 4:50 PM, Mark McBride <
> > mmcbr...@twitter.com
>
> > > > > >> > wrote:
> > > > > >> > >OAuthis now enabled onstream.twitter.com.  I'll also send a
> > note
> > > > out
> > > > > >> > > to the announce list
>
> > > > > >> > >   ---Mark
>
> > > > > >> > >http://twitter.com/mccv
>
> > > > > >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin <
> > aran...@gmail.com
>
> > > > > >> > wrote:
> > > > > >> > >> Hi,
>
> > > > > >> > >> Is there an ETA for enablingoauthonstream.twitter.com?
>
> > > > > >> > >> Thanks,
> > > > > >> > >> Aaron
>
> > > > > >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote:
> > > > > >> > >>> OAuthis not enabled onstream.twitter.com. You can try on
> > > > > >> > >>> chirpstream.twitter.com.
>
> > > > > >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers <
> > > > > >> > lucasvick...@gmail.com> wrote:
> > > > > >> > >>> > I am writing my own c++ basedOAuthlibrary.  I know there
> > is
> > > > liboauth
> > > > > >> > >>> > but I like to do things myself to learn.
>
> > > > > >> > >>> > Anyhow I am trying to accesshttp://
> > > > > >> >stream.twitter.com/1/statuses/sample.xml
> > > > > >> > >>> > and I keep getting 401.
>
> > > > > >> > >>> > I have verified pretty much every parameter, and used the
> > tool
> > > > on
>
> > > >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin.
> > ..
> > > > > >> > >>> > to verify my signature is correct. I used twurl to obtain
> > the
> > > > user
> > > > > >> > >>> > access tokens to my account.
>
> > > > > >> > >>> > After doing some reading I'm no longer convinced that
> > > > thestreaming
> > > > > >> > >>> > server even supportsoauth.
>
> > > > > >> > >>> > can you fill me in on the current status
> > ofstream.twitter.comand
> > > > > >> > >>> >oauth?
>
> > > > > >> > >>> > thanks!
> > > > > >> > >>> > Lucas
>
> > > > > >> > >>> > On Apr 20, 11:02 pm, Jonathon Hill <jhill9...@gmail.com>
> > > > wrote:
> > > > > >> > >>> >> Thanks Taylor for the very detailed and helpful response!
>
> > > > > >> > >>> >> Jonathon
>
> > > > > >> > >>> >> On Apr 20, 1:17 pm, Taylor Singletary <
> > > > taylorsinglet...@twitter.com
>
> > > > > >> > >>> >> wrote:
>
> > > > > >> > >>> >> > Hi Jonathon,
>
> > > > > >> > >>> >> > ForStreamingAPI access that isn't from the perspective
> > of a
> > > > user's
> > > > > >> > >>> >> > account, you would use two-leggedOAuthto establish
> > > > authentication
> > > > > >> > instead
> > > > > >> > >>> >> > of basic auth.
>
> > > > > >> > >>> >> > A two-leggedOAuthrequest is very similar to
> > > > otherOAuthrequests:
> > > > > >> > you have
> > > > > >> > >>> >> > a specific resource you are trying to access, you have
> > some
> > > > > >> > parameters you
> > > > > >> > >>> >> > want to pass to that resource, and you have
> > anOAuthconsumer
> > > > key
> > > > > >> > andOAuth
> > > > > >> > >>> >> > consumer secret. Which is unlike three-leggedOAuthwhere
> > you
> > > > also
> > > > > >> > have
> > > > > >> > >>> >> > oauth_tokens representing either a user/access_token or
> > a
> > > > request
> > > > > >> > token in
> > > > > >> > >>> >> > addition to the rest.
>
> > > > > >> > >>> >> > But the rules remain the same. You take all
> > > > theOAuthparameters and
> > > > > >> > the
> > > > > >> > >>> >> > parameters you are sending to the resource, organize
> > them,
> > > > build a
> > > > > >> > signature
> > > > > >> > >>> >> > base string, then sign that with your consumer secret
> > and
> > > > send the
> > > > > >> > request
> > > > > >> > >>> >> > on to Twitter properly signed. The only difference is
> > that
> > > > there
> > > > > >> > is no
> > > > > >> > >>> >> > oauth_token and oauth_token_secret getting involved in
> > the
> > > > mix.
>
> > > > > >> > >>> >> > This is essentially what a two-legged request to
> > > > thestreamingAPI
> > > > > >> > would
> > > > > >> > >>> >> > look like:
>
> > > > > >> > >>> >> > Signature Base String
> > > > > >> > >>> >> > GET&http%3A%2F%2Fstream.twitter.com
>
> > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%2
>
> > ­6oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signatu
>
> > r­e_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
>
> > > > > >> > >>> >> > Signature
> > > > > >> > >>> >> > Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
>
> > > > > >> > >>> >> > Authorization Header
>
> > > > >OAuthoauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8",
> > > > > >> > >>> >> > oauth_signature_method="HMAC-SHA1",
> > > > oauth_timestamp="1271783743",
> > > > > >> > >>> >> > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ",
> > > > > >> > >>> >> > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D",
> > > > > >> > oauth_version="1.0"
>
> > > > > >> > >>> >> > Taylor Singletary
> > > > > >> > >>> >> > Developer Advocate, Twitterhttp://twitter.com/episod
>
> > > > > >> > >>> >> > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill <
> > > > > >> > jhill9...@gmail.com> wrote:
> > > > > >> > >>> >> > > One thing I meant to find out @chirp last week--what
> > > > > >> > willoauthlook
> > > > > >> > >>> >> > > like for theStreamingAPI? I'm having a hard time
> > > > visualizing how
> > > > > >> > >>> >> > > that will work.
>
> > > > > >> > >>> >> > > Thanks,
>
> > > > > >> > >>> >> > > Jonathon Hill
> > > > > >> > >>> >> > > @compwright
> > > > > >> > >>> >> > > Company52
> > > > > >> > >>> >> > >http://company52.com
>
> > > > > >> > >>> >> > > --
> > > > > >> > >>> >> > > Subscription settings:
>
> > > >http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Reply via email to