Hi Gerard,

That's the actual authorization header -- I'm looking for the
signature base string, which is the string that's signed with both
your consumer key and consumer secret to generate your oauth_signature
-- might take you a bit of debugging to get at that information.

Taylor

On Mon, Jul 26, 2010 at 10:46 AM, globaljobber
<gerardn...@exciteinternet.co.uk> wrote:
> Hi Taylor,
>
> Here's one I just generated:
>
> OAuth realm="http://api.twitter.com";,
> oauth_consumer_key="9vjtaDCxlOYCRJqyp7XKzA", oauth_nonce="523A02EE",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280166265",
> oauth_token="15389554-7q4tTgSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
> oauth_version="1.0", oauth_signature="ImtWt09x9StbIV5H3G7xC3PM4bc%3D"
>
> There's also another one in the first post.
>
> Thanks
> Gerard
>
>
>
>
> On Jul 26, 6:30 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>> Gerard,
>>
>> Thanks for the code sample. Nothing is jumping out at me here.. can
>> you share an example signature base string? (likely generated
>> somewhere in the "AddSignatureToParameters" method in an intermediary
>> step).
>>
>> Taylor
>>
>> On Mon, Jul 26, 2010 at 10:12 AM, globaljobber
>>
>>
>>
>> <gerardn...@exciteinternet.co.uk> wrote:
>> > Hi Taylor,
>>
>> > I decided to post my code in brief. I can't expect you or anyone else
>> > to go through the real stuff line by line, so I've tried to simplify
>> > it so that a relatively quick look should perhaps show if there's
>> > somewhere I'm going wrong. The code shows the tasks done rather than
>> > detail....
>>
>> > string requestUrl = "https://api.twitter.com/1/account/
>> > verify_credentials.json";
>>
>> > Parameters.Add("oauth_version", "1.0");
>> > Parameters.Add("oauth_nonce", GenerateNonce());
>> > Parameters.Add("oauth_timestamp", GenerateTimeStamp());
>> > Parameters.Add("oauth_signature_method", "HMAC-SHA1");
>> > Parameters.Add("oauth_consumer_key", consumerKey);
>> > Parameters.Add("oauth_consumer_secret", consumerSecret);
>>
>> > //Use these parameters to create the signature
>> > AddSignatureToParameters(requestUrl,Parameters,"GET",consumerSecret,tokenSe­cret);
>>
>> > //Now create the header
>> > string authHeader = "OAuth realm=\"http://api.twitter.com\"";;
>>
>> > foreach(Parameter)
>> > {
>> >  authHeader = authHeader + ", " + URLEncode(Parameter.Key) + "="
>> > URLEncode(Paramter.Value)
>> > }
>>
>> > //Now build POST request to send to Twitpic
>> > requestUrl = "http://api.twitpic.com/2/upload.json";;
>>
>> > Requiredparameters.Add("key", "97bfc7bd3d7827ca44444444ef4eea82");
>> > Requiredparameters.Add("message", "TestMessage");
>>
>> > requestUrl = requestUrl + AddPerameters(Requiredparameters);
>>
>> > HttpWebRequest webRequest =
>> > (HttpWebRequest)WebRequest.Create(requestUrl);
>> > webRequest.Method = "POST";
>> > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
>> > authHeader);
>> > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
>> > api.twitter.com/1/account/verify_credentials.json");
>>
>> > WebResponse response = webRequest.GetResponse();
>> > string responseString = new
>> > StreamReader(response.GetResponseStream()).ReadToEnd();
>>
>> > Hope this is not too hard to read or follow.
>>
>> > Thanks
>> > Gerard
>>
>> > On Jul 26, 5:31 pm, globaljobber <gerardn...@exciteinternet.co.uk>
>> > wrote:
>> >> Hi Taylor,
>>
>> >> Thanks again. Tried generating a header using Post instead of GET and
>> >> didn't work.
>>
>> >> I note in the sample PHP code, line 25, that a GET is used.
>>
>> >> I have read in numerous posts that a GET was used with the 'dummy'
>> >> request to generate the Header.
>>
>> >> I'm not a php programmer, I do C# ASP.Net for my sins, which doesn't
>> >> help. But I have tried to go through your PHP example, which I've seen
>> >> before and I reckon I am replicating what is being done.
>>
>> >> The header I generate is ok'd by Twitter api, i.e. get a 200 OK
>> >> response, but not using Echo.
>>
>> >> Thanks for your help thus far.
>> >> Gerard
>>
>> >> On Jul 26, 5:05 pm, Taylor Singletary <taylorsinglet...@twitter.com>
>> >> wrote:
>>
>> >> > Hi Gerard,
>>
>> >> > Steps 1-3 of this process are correct from the perspective of
>> >> > initially negotiating permissions for your user. Once you've performed
>> >> > steps 1-3 you shouldn't need to do these steps for this user again
>> >> > unless re-negotiating for the tokens.
>>
>> >> > Your step 4: I'll improve the documentation we have for OAuth Echo
>> >> > here, as it's not obvious that you should be performing a POST for
>> >> > verify_credentials in this case. The Authorization Header you generate
>> >> > for the verify_credentials request should be a POST, as that's what
>> >> > Twitpic will do.
>>
>> >> > Step 5: Yes, your OAuth authorization header for the
>> >> > verify_credentials request is presented in the
>> >> > X-Verify-Credentials-Authorization header, and X-Auth-Service-Provider
>> >> > contains "https://api.twitter.com/1/account/verify_credentials.json";
>>
>> >> > Let me know if the transition to POST works for you. I have some
>> >> > sample code in PHP available here:http://gist.github.com/490753
>>
>> >> > Taylor
>>
>> >> > On Mon, Jul 26, 2010 at 8:21 AM, globaljobber
>>
>> >> > <gerardn...@exciteinternet.co.uk> wrote:
>> >> > > Just to check my process is correct:
>>
>> >> > > 1) Web page goes to twitter to get a request Token
>>
>> >> > > 2) Token request granted, and a URL for user is generated with this
>> >> > > Token
>>
>> >> > > 3) User authenticates app via Twitter pop-up
>>
>> >> > > 3) Twitter reponse redirects to new page which has Access Token and
>> >> > > access token secret given to it.
>>
>> >> > > 4) Using these tokens, and using GET and the following URL: 'https://
>> >> > > api.twitter.com/1/account/verify_credentials.json'
>>
>> >> > > an authorisation header is generated.
>>
>> >> > > 5) This header, along with the other header: 'X-Auth-Service-
>> >> > > Provider'  is then sent off using a post 
>> >> > > tohttp://api.twitpic.com/2/upload.json
>>
>> >> > > Have I missed anything?
>>
>> >> > > Regards
>> >> > > Gerard
>>
>> >> > > On Jul 26, 4:03 pm, globaljobber <gerardn...@exciteinternet.co.uk>
>> >> > > wrote:
>> >> > >> Hi Taylor,
>>
>> >> > >> Thanks for your reply. I just tried that and still the same 401 
>> >> > >> error.
>> >> > >> The new header was like this with spaces after each comma:
>>
>> >> > >> OAuth realm="http://api.twitter.com";,
>> >> > >> oauth_consumer_key="9cjtaDfffOYCRJqyp7XKzA", oauth_nonce="59E4358",
>> >> > >> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280156335",
>> >> > >> oauth_token="15389554-7q4tjgtwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
>> >> > >> oauth_version="1.0", oauth_signature="ZmiBuqZC2SUsRx2%2B7x4O7TrDDWE
>> >> > >> %3D"
>>
>> >> > >> I'm also sure no call is made during the generation of the header.
>>
>> >> > >> According to other posts I've read, this header is created using a 
>> >> > >> GET
>> >> > >> and uses the following URL:
>>
>> >> > >>https://api.twitter.com/1/account/verify_credentials.json
>>
>> >> > >> Any other ideas would be grateful, as I've spent over a week on 
>> >> > >> trying
>> >> > >> to get Twitpic to work.
>>
>> >> > >> Thank you
>> >> > >> Gerard
>>
>> >> > >> On Jul 26, 3:38 pm, Taylor Singletary <taylorsinglet...@twitter.com>
>> >> > >> wrote:
>>
>> >> > >> > Hi Gerard,
>>
>> >> > >> > Though I know it doesn't sound like it should matter, can you try 
>> >> > >> > your
>> >> > >> > request against Twitpic after inserting spaces after each comma in
>> >> > >> > your Authorization Header? Also want to make sure that you aren't
>> >> > >> > executing your verify_credentials request in the preparation 
>> >> > >> > sequence
>> >> > >> > (calling the resource prior to TwitPic calling it would invalidate
>> >> > >> > it).
>>
>> >> > >> > Thanks,
>> >> > >> > Taylor
>>
>> >> > >> > On Mon, Jul 26, 2010 at 7:26 AM, globaljobber
>>
>> >> > >> > <gerardn...@exciteinternet.co.uk> wrote:
>> >> > >> > > Hi,
>>
>> >> > >> > > I am having trouble getting Twitpic to authorize an image upload
>> >> > >> > > request.
>>
>> >> > >> > > I have checked my Oauth 'X-Verify-Credentials-Authorization'
>> >> > >> > > authorization header with a call to
>> >> > >> > > 'https://api.twitter.com/'andIgeta200 OK status. So it appears my
>> >> > >> > > authentication requests are ok.
>>
>> >> > >> > > However if I take the same header construct and make a request to
>> >> > >> > > 'http://api.twitpic.com/2/upload.json'usingOAuthEchowithTwitpic I
>> >> > >> > > continually receive a 401 Unauthorized response.
>>
>> >> > >> > > My typical setup is this:
>>
>> >> > >> > > Parameters for Twitpic:
>>
>> >> > >> > > Requiredparameters.Add("key", 
>> >> > >> > > "97bfc7ffddd827ca9630232def4eea82");
>> >> > >> > > Requiredparameters.Add("message", "This is a test upload");
>>
>> >> > >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
>> >> > >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>>
>> >> > >> > > HttpWebRequest webRequest =
>> >> > >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
>> >> > >> > > webRequest.Method = "POST";
>>
>> >> > >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
>> >> > >> > > AuthorizationHeaderForAuth);
>> >> > >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
>> >> > >> > > api.twitter.com/1/account/verify_credentials.json");
>>
>> >> > >> > > where a typical AuthorizationHeaderForAuth looks like this:
>>
>> >> > >> > > OAuth realm="http://
>> >> > >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4­­­D34866",oauth_signature_method="HMAC-
>> >> > >> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7­­­DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZ­G­k­snRyFdT6iP20%3D"
>>
>> >> > >> > > Can anyone please suggest where things may be going wrong?
>>
>> >> > >> > > Many thanks
>> >> > >> > > Gerard- Hide quoted text -
>>
>> >> > - Show quoted text -- Hide quoted text -
>>
>> >> - Show quoted text -- Hide quoted text -
>>
>> - Show quoted text -
>

Reply via email to