We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.

The application gets a 401 "Unauthorized" response when attempting to
get the access token.

Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page 
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauth by placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .

Using our consumer and secret keys in the test site
and compared the base string and signature results to our program and
again they are exactly the same.

Have checked the time stamp is producing correct time (based on enoch
time) by comparing against against http://unixtimestamp.com/index.php

Passing my consumer_secret with & at end into signature generator
(which as I said above seems to be producing correct results because
we used values in http://dev.twitter.com/pages/xauth and it generated
the same oauth_signature value)

Base string:

Authorization header parameters:
OAuth oauth_nonce="uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288131701",
oauth_signature="VQYSXdvrEtlvugqUpTXbCjYTNa0%3D", oauth_version="1.0"

Twitter response:
Status= 401
StatusTxt= Unauthorized
Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1288128121-92836-33309
Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
X-Runtime: 0.00473
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
Connection: close

The actual Send procedure is: (tried procedure using both both blank
and valid p-username and p-password)
define var objHTTP  as com-handle.
Create "Microsoft.XMLHTTP" objHTTP .
objHTTP:open("POST",api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).

v-response = 'Response= '  + objHTTP:responseText + chr(10)
                 + 'Status= '    + objHTTP:status + chr(10)
                 + 'StatusTxt= ' + objHTTP:statusText + chr(10)
                 + 'Headers= '   + objHTTP:getAllResponseHeaders() +
chr(10) .

I have emailed api.twitter.com and asked for them to check that I have
xAuth enabled and they responded:
"I can confirm that your application, client ID xxxxxxx, has xAuth
access and I just refreshed its permissions and consumer keys for good
measure. If you still get 401 errors when trying to use xAuth with
these new keys, please post about it in our Developer Talk Group:
http://groups.google.com/group/twitter-development-talk . Our
developer advocates have been tracking some issues like these and will
be happy to help you out there, as well as use any information you
provide to debug any possible related issues on our side. I apologize
for the inconvenience."

I am stumped, and my team has been on this for 3 weeks

Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to