Hi Tom/Jacky, Thanks for replying.
I've seen a couple of places (The Hueniverse page above being one of them) where the realm is included in the Authorization header. I notice that this isn't the case for Twitter though so I'll remove it. (Tried this, first time, it gave a new error 'Could not authorize you using OAuth' I think, but then it went back to throwing 500 errors and serving up the error page) Regarding the timestamps, I'm just going off the OAuth spec http://oauth.net/core/1.0/ says on this. I've been making requests more than 1 second apart at the moment, so the timestamps fullfil the need to be greater or equal to the previous one. Is there anything else I should watch out for with them? Thanks again! ben On Aug 5, 12:37 am, Tom <allerleiga...@gmail.com> wrote: > Oops, silly me, didn't read the full post. Sorry. > > Make sure to watch for character encoding and timestamps. Especially > timestamps are known to cause trouble. > > 401 errors are almost never an issue at Twitter. > > Tom > > On Aug 5, 1:34 am, Tom <allerleiga...@gmail.com> wrote: > > > You are sending realm="" in your Authorization header. It doesn't > > belong there. ;-) > > > Tom > > > On Aug 4, 6:19 pm, Ben Jones <benjamin.david.jo...@gmail.com> wrote: > > > > Hi all, > > > > I'm currently writing my own OAuth lib for use with Twitter and have > > > gotten stuck whilst using the > > > Authorization HTTP header, rather than putting the OAuth parameters in > > > the body. > > > > An example of a request that is failing is: > > > > POST /1/statuses/update.xml HTTP/1.1 > > > Authorization: OAuth realm="http://api.twitter.com/1/statuses/ > > > update.xml", > > > oauth_consumer_key="xxxxxxxxxxxxxxxxx", > > > oauth_token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx", > > > oauth_nonce="xxxxxxxxxxxxxxxxxxxxx", > > > oauth_timestamp="1280937572", > > > oauth_signature_method="HMAC-SHA1", > > > oauth_version="1.0", > > > oauth_signature="DLPyc3h6BcC5zbGXrUcujvZnqxk=" > > > User-Agent: Java/1.6.0_07 > > > Host: api.twitter.com > > > Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 > > > Connection: keep-alive > > > Content-type: application/x-www-form-urlencoded > > > Content-Length: 53 > > > > status=Test%25201%25202%25203%25204%25201280937572396 > > > > ...(token etc blanked out, and new lines added in) > > > > This results in the server returning a 500 error and the "Something is > > > technically wrong." error page. > > > I've talked to another developer who doesn't experience this. I've > > > tried this with the parameters > > > alphabetically ordered, unordered and with and without the 'realm' > > > parameter, which isn't used in thehttp://dev.twitter.com/pages/authpage. > > > > I don't have the same problem (as in the 500 error) when I put the > > > OAuth parameters in the request > > > body, but this often fails as well with 401 'Invalid signature' > > > errors. What's strange is that putting the > > > OAuth parameters into the form at Hueniverse's OAuth request signing > > > page (http://tinyurl.com/y9bvjyt) > > > shows them, including the signature, to be correct. If I retry the > > > same request, it eventually works > > > (sometimes it works the first time, just not consistently), so I don't > > > think I'm calculating the signature > > > incorrectly. > > > > Are the 401 errors occurring because Twitter is busy, or am I doing > > > something wrong? > > > > Thanks in advance, any help would be greatly appreciated! > > > ben