[twitter-dev] Bug with oAuth headers supplied as querystring parameters for /users/lookup.json

Fri, 03 Jun 2011 09:01:45 -0700 

I think I've found a bug when using the /users/lookup.json API call
and supplying the oAuth headers as querystring parameters.

My code generates both forms of oAuth header so I can test (regular
Authorization: style and the querystring kind)

Using an API call like /friends/ids.json is fine using querystring
oAuth params:

curl -v -H 'Accept: application/json' 'https://api.twitter.com/1/
friends/ids.json?user_id=60173&realm=https://api.twitter.com/1/friends/
ids.json&oauth_consumer_key=KKK&oauth_token=TTT&oauth_nonce=601731307115467&oauth_timestamp=1307115467&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_signature=SSS%3D'

But for /users/lookup.json it fails with an "Incorrect signature"
error:

curl -v -H 'Accept: application/json' 'https://api.twitter.com/1/users/
lookup.json?user_id=60173&realm=https://api.twitter.com/1/users/
lookup.json&oauth_consumer_key=KKK&oauth_token=TTT&oauth_nonce=601731307115963&oauth_timestamp=1307115963&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_signature=SSS%3D'

(where KKK, TTT & SSS are placeholders for my actual values)

If I use Authorization headers, rather than querystring params for the
oAuth data, then everything is fine:

curl -v -H 'Authorization: OAuth realm="https://api.twitter.com/1/
users/
lookup.json",oauth_consumer_key="KKK",oauth_token="TTT",oauth_nonce="601731307115963",oauth_timestamp="1307115963",oauth_signature_method="HMAC-
SHA1",oauth_version="1.0",oauth_signature="SSS%3D"'
https://api.twitter.com/1/users/lookup.json?user_id=60173

I thought it might initially be because I was using HTTPS urls rather
than HTTP, but the result is the same.

For the /users/lookup.json API call, using either HTTP or HTTPS and
supplying the oAuth headers as querystring parameters, you will always
receive an "Incorrect signature" error. The only way to call this
method is by supplying the oAuth values as Authorization headers.

This is a problem for me, as I need to call the /users/lookup.json as
JSONP and I can't supply the headers other than as querystring
parameters.

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to