Hi Craig, Taylor, did you guys ever figure out what the problem was? I am having a very similar issue to Craig.
I am trying to post a status update to Twitter from a server-side PHP app. More specifically, it is to automatically tweet updates from a news site I help develop. I'm using all the same types of HTTP authorization headers, and base strings, and tokens and such as Craig, but I can't get any variation to work. I've used OAuth programmatically with Vimeo quite successfully. With Twitter, however, I've no luck. One thing I'm perhaps not clear on, do I need xAuth for this to work? Regards, James. On Jun 17, 12:28 am, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Can you follow up with me off the list and I'll help you out tomorrow? We'll > need to compare signatures and work with me knowing your application > secrets. There's something subtle going on. > > Taylor > > > > On Wed, Jun 16, 2010 at 3:22 PM, Craig <chanson9...@gmail.com> wrote: > > Just tried it. Same error. So at least that rules something out... > > > -Craig > > > On Jun 16, 5:19 pm, Taylor Singletary <taylorsinglet...@twitter.com> > > wrote: > > > I agree that it's the wrong error. We have a new, better implementation > > of > > > OAuth waiting in the wings that's going to be much more helpful in this > > > regard. > > > > I'm still trying to rule out some possibilities. Can you try and create a > > > new application, then grab the access token from the my access token > > > feature, and try to post? It'll just help rule something out. > > > > Taylor Singletary > > > Developer Advocate, Twitterhttp://twitter.com/episod > > > > On Wed, Jun 16, 2010 at 1:55 PM, Craig <chanson9...@gmail.com> wrote: > > > > I am in "read/write" mode. > > > > > I tried posting to two different twitter accounts without luck...my > > > > dev account, where I know what the access secret and token is supposed > > > > to be and another one I just created. I know my access token and > > > > secret are being stored correctly and I believe they are being used > > > > correctly in the auth header and the signature base string. > > > > > Other thoughts? It would be nice to get an error returned that was a > > > > little more indicative of what the problem might be. Invalid/used > > > > nonce isn't really cutting it right now. > > > > > Thanks, > > > > Craig > > > > > On Jun 16, 3:52 pm, Taylor Singletary <taylorsinglet...@twitter.com> > > > > wrote: > > > > > Our setup is such that I can't easily trace a single request. > > > > > > Connecting some dots: if you have time, can you try to use a > > different > > > > > access token with your keys and see if it has the ability to tweet? > > > > > > Can you go to your application settings and verify that your > > application > > > > is > > > > > in "read/write mode" on dev.twitter.com? > > > > > > Finally, this might be a case of something funky with your client > > > > > application -- which might be resolved by creating a new one. But > > let's > > > > rule > > > > > out some other possibilities first. > > > > > > Taylor Singletary > > > > > Developer Advocate, Twitterhttp://twitter.com/episod > > > > > > On Wed, Jun 16, 2010 at 12:39 PM, Craig <chanson9...@gmail.com> > > wrote: > > > > > > By the way, even when I try to tweet with just one word like: > > "tweet", > > > > > > it doesn't work. Just simple ascii characters. Is there any way > > you > > > > > > can just intercept one of my test tweets and look at what, if > > anything > > > > > > might be going wrong on the server side? > > > > > > > -Craig > > > > > > > On Jun 16, 3:05 pm, Craig <chanson9...@gmail.com> wrote: > > > > > > > My signature base string status pair looks like: > > > > > > > status%3Dmy%2520tweet > > > > > > > > When I tried xAuth authentication with a * character in the > > password, > > > > > > > it didn't work at first. But once I double url encoded it, I was > > > > able > > > > > > > to authenticate no problem. So that definitely helps. I am now > > > > > > > double url encoding the username and password values. > > > > > > > > However, the tweet still didn't work. I am double url encoding > > the > > > > > > > status message in the signature base string and single url > > encoding > > > > it > > > > > > > in the post body. > > > > > > > > Thanks, > > > > > > > Craig > > > > > > > > On Jun 16, 11:30 am, Taylor Singletary < > > taylorsinglet...@twitter.com > > > > > > > > wrote: > > > > > > > > > Hi Craig, > > > > > > > > > Do you know if the status update, status=my%20tweet is being > > > > encoded > > > > > > > > correctly in your signature base string (which is the string > > used > > > > to > > > > > > create > > > > > > > > your signature). > > > > > > > > > For the signature base string, the key/value pair would look > > like: > > > > > > > > > status%3Dmy%2520tweet > > > > > > > > > Have you tried your xAuth authentication with spaces and other > > > > possible > > > > > > odd > > > > > > > > characters yet in fields like the password? > > > > > > > > > Taylor > > > > > > > > > On Wed, Jun 16, 2010 at 8:21 AM, Craig <chanson9...@gmail.com> > > > > wrote: > > > > > > > > > Hi Matt, > > > > > > > > > > Thanks for responding. My authorization header is still the > > same > > > > as > > > > > > > > > it was in my first message above. Here it is for another > > request > > > > I > > > > > > > > > just tried: > > > > > > > > > > OAuth oauth_nonce="TEeSMm8q3m5abhmppain", > > > > > > oauth_signature_method="HMAC- > > > > > > > > > SHA1", oauth_timestamp="1276701304", > > > > > > > > > oauth_consumer_key="xxxxxxxxxxxxxxxxx", > > oauth_token="xxxxxxxx- > > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxx", > > > > oauth_signature="xxxxxxxxxxxxxxxxxxxxxxx > > > > > > > > > %3D", oauth_version="1.0" > > > > > > > > > > The post body is simply: > > > > > > > > > status=my%20tweet > > > > > > > > > > When I create the request in objective c, it looks like this: > > > > (where > > > > > > > > > authHeader is the authorization header noted above and > > postBody > > > > is > > > > > > the > > > > > > > > > post body noted above): > > > > > > > > > > NSString* requestString= [NSString > > > > > > > > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL]; > > > > > > > > > NSMutableURLRequest* request = [[NSMutableURLRequest alloc] > > > > > > > > > initWithURL:[NSURL > > > > > > > > > URLWithString:requestString] > > > > > > > > > > cachePolicy:NSURLRequestReloadIgnoringCacheData > > > > > > > > > timeoutInterval:30.0]; > > > > > > > > > [request setHTTPMethod:@"POST"]; > > > > > > > > > [request addValue:authHeader forHTTPHeaderField:@ > > > > "Authorization"]; > > > > > > > > > [request setValue:@"application/x-www-form-urlencoded" > > > > > > > > > forHTTPHeaderField:@"Content-Type"]; > > > > > > > > > [request setValue:postBodyLength forHTTPHeaderField:@ > > "Content- > > > > > > > > > Length"]; > > > > > > > > > [request setHTTPBody:[postBody > > > > > > > > > dataUsingEncoding:NSUTF8StringEncoding]]; > > > > > > > > > > This type of formatting works just fine for my xAuth > > > > authentication. > > > > > > > > > > On Jun 15, 4:44 pm, themattharris <thematthar...@twitter.com > > > > > wrote: > > > > > > > > > > Hey Craig, > > > > > > > > > > > Could you let us see what the authorization header you are > > > > sending > > > > > > > > > > looks like (obfuscating your oauth keys and secrets)? > > > > > > > > > > > What you're aiming for is a header similar to this: > > > > > > > > > > > POST /1/statuses/update.xml HTTP/1.1 > > > > > > > > > > Accept: */* > > > > > > > > > > Connection: close > > > > > > > > > > User-Agent: OAuth gem v0.4.0 > > > > > > > > > > Content-Type: application/x-www-form-urlencoded > > > > > > > > > > Authorization: OAuth > > > > > > > > > > oauth_consumer_key=\"xxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > > > > oauth_nonce=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > > > > oauth_signature=\"xxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > > > > oauth_signature_method=\"HMAC-SHA1\", > > > > > > > > > > oauth_timestamp=\"1276634179\", > > > > > > > > > > oauth_token=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\", > > > > > > > > > > oauth_version=\"1.0\" > > > > > > > > > > Content-Length: 27 > > > > > > > > > > Host: api.twitter.com > > > > > > > > > > > With your post body being the status you are sending. > > Similar > > > > to: > > > > > > > > > > > status=something%20to%20say > > > > > > > > > > > Matt > > > > > > > > > > > On Jun 13, 8:32 pm, Craig <chanson9...@gmail.com> wrote: > > > > > > > > > > > > Ok, so I believe my signature is correct because if I > > take > > > > out > > > > > > the > > > > > > > > > > > oauth_token parameter from the signature base I get an > > > > incorrect > > > > > > > > > > > signature error instead of the invalid/used nonce error. > > I > > > > am > > > > > > > > > > > definitely posting to the correct url: " > > > > > >https://api.twitter.com/1/ > > > > > > > > > > > statuses/update.xml" because if I change it I get an > > invalid > > > > url > > > > > > > > > > > response. The nonce I'm generating is unique for every > > > > request > > > > > > I'm > > > > > > > > > > > sending. The timestamp is accurate to the number of > > seconds > > > > that > > > > > > have > > > > > > > > > > > passed since unix epoch. Obviously the invalid/used > > nonce > > > > error > > > > > > is > > > > > > > > > > > garbage. > > > > > > > > > > > > Here's the formatting of my URL request in obj c: > > > > > > > > > > > > // Create the request > > > > > > > > > > > NSString* requestString= [NSString > > > > > > > > > > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL]; > > > > > > > > > > > NSMutableURLRequest* request = [[NSMutableURLRequest > > alloc] > > > > > > > > > > > initWithURL:[NSURL > > > > > > > > > URLWithString:requestString] > > > > > > > > > > cachePolicy:NSURLRequestReloadIgnoringCacheData > > > timeoutInterval:30.0]; > > > > > > > > > > > [request setHTTPMethod:@"POST"]; > > > > > > > > > > > [request addValue:authHeader forHTTPHeaderField:@ > > > > > > "Authorization"]; > > > > > > > > > > > [request setValue:@"application/x-www-form-urlencoded" > > > > > > > > > > > forHTTPHeaderField:@"Content-Type"]; > > > > > > > > > > > [request setValue:postBodyLength forHTTPHeaderField:@ > > > > "Content- > > > > > > > > > > > Length"]; > > > > > > > > > > > [request setHTTPBody:[postBody > > > > > > > > > > > dataUsingEncoding:NSUTF8StringEncoding]]; > > > > > > > > > > > > Any other ideas? I'm at a total loss as to why this > > might be > > > > > > > > > > > happening. > > > > > > > > > > > > Thanks, > > > > > > > > > > > Craig > > > > > > > > > > > > On Jun 13, 3:42 pm, Craig <chanson9...@gmail.com> wrote: > > > > > > > > > > > > > No dice. I just tried creating a new app and using the > > new > > > > > > > > > keys/token > > > > > > > > > > > > to tweet. I'll go over my steps > > ... > > read more »