Hi Jeff,
This is close to what I'm looking for -- it has the authorization header
which is important to see -- but what will really help us debug with you is
the signature base string -- it's a string that contains many of the same
values from the authorization header but presented in a specific format --
this is the string that is signed to create your oauth_signature. This
signature base string is usually the key to all OAuth problems, as the order
of parameters and particular encoding of them in relation to the parameters
on your query string or POST body are extremely important and somewhat
fragile.
I'm not sure which version of EpiOAuth you're using, but there's likely a
method similar to this one. The value you want to debug/capture here is
$signatureBaseString.
protected function generateSignature($method = null, $url = null,
$params = null)
{
if(empty($method) || empty($url))
return false;
// concatenating and encode
$concatenatedParams =
$this->encode_rfc3986($this->buildHttpQueryRaw($params));
// normalize url
$normalizedUrl = $this->encode_rfc3986($this->normalizeUrl($url));
$method = $this->encode_rfc3986($method); // don't need this but why not?
$signatureBaseString = "{$method}&{$normalizedUrl}&{$concatenatedParams}";
return $this->signString($signatureBaseString);
}
@episod <http://twitter.com/intent/user?screen_name=episod> - Taylor
Singletary
On Wed, Jun 15, 2011 at 8:22 AM, Jeff <[email protected]> wrote:
> Taylor,
>
> Thanks for the response. Hopefully, this is what you need. I dumped it
> right before the request.
>
> [
> "Expect:",
> "Authorization: OAuth realm=\"http:\/\/api.twitter.com\/1\/followers
> \/ids.json\",
> oauth_consumer_key=\"OlPht6d2h3N1XYwCpCyx5Q\",
> oauth_token=\"130232354-
> gI42iFYrX1Mtn72N5y1yr3WYSeQ6hfpposibfxY\",
> oauth_nonce=\"71cc67f647043054dbd640b9b1f3d8fc\",
> oauth_timestamp=\"1308151065\",
> oauth_signature_method=\"HMAC-SHA1\",
> oauth_version=\"1.0\",
> oauth_signature=\"lYen9ON%2B5bVah%2BBHVGnPCMqBXQ8%3D
> \"",
> "User-Agent: "
> ]
>
> On Jun 15, 10:05 am, Taylor Singletary <[email protected]>
> wrote:
> > This means that your signing is slightly wrong (and likely has been
> slightly
> > wrong for some time) when you're using parameters in your request. Can
> you
> > detail the signature base string and authorization header you are using
> when
> > building this request?
> >
> > @episod <http://twitter.com/intent/user?screen_name=episod> - Taylor
> > Singletary
> >
> >
> >
> >
> >
> >
> >
> > On Wed, Jun 15, 2011 at 8:00 AM, Jeff <[email protected]> wrote:
> >
> > > Tuesday morning around 10am CDT I noticed a change in the API
> > > endpoint /version/followers/ids in how it operates.
> >
> > > If you provide the cursor parameter, such as:
> >
> > > /1/followers/ids.json?cursor=-1&user_id=12345 the method returns data
> > > correctly, however it also return the error warning "Invalid OAuth
> > > credentials detected". Here is the response from the API.
> >
> > > "data":{
> > > "responseText":"{\"previous_cursor\":0,\"next_cursor_str\":\"0\",
> > > \"previous_cursor_str\":\"0\",\"ids\":
> > > [222126862,95945240,169607024,148845934,95447204,94401716],
> > > \"next_cursor\":0}",
> > > "headers":{
> > > "Date":"Wed, 15 Jun 2011 14:39:54 GMT",
> > > "Server":"hi",
> > > "Status":"200 OK",
> > > "X-Warning":"Invalid OAuth credentials detected",
> > > "X-Transaction":"1308148794-15054-58845",
> > > "X-RateLimit-Limit":"150",
> > > "X-Frame-Options":"SAMEORIGIN",
> > > "Last-Modified":"Wed, 15 Jun 2011 14:39:54 GMT",
> > > "X-RateLimit-Remaining":"66",
> > > "X-Runtime":"0.02003",
> > > "Content-Type":"application\/json; charset=utf-8",
> > > "Content-Length":"150",
> > > "Pragma":"no-cache",
> > > "X-RateLimit-Class":"api",
> > > "X-Revision":"DEV",
> > > "Expires":"Tue, 31 Mar 1981 05:00:00 GMT",
> > > "Cache-Control":"no-cache, no-store, must-revalidate, pre-
> > > check=0, post-check=0",
> > > "X-MID":"c7827d770b9045b049f3967663b08dce7704a9fb",
> > > "X-RateLimit-Reset":"1308150383",
> > > "Vary":"Accept-Encoding",
> > > "Connection":"close"
> > > },
> >
> > > The problem here is that because it thinks the OAuth credentials are
> > > "Invalid" it gives me a rate limit of 150.
> >
> > > If I remove the parameters "?cursor=-1&user_id=12345" and simply use
> > > the endpoint /1/followers/ids.json it accepts my OAuth credentials as
> > > valid and and returns the appropriate rate limit of 350. Although this
> > > works, I need pagination as there are a lot of ids I need to retrieve.
> >
> > > This had been working correctly and I noticed the change yesterday
> > > morning.
> >
> > > Any help on resolving this or letting me know if something has changed
> > > when parameters are used with this endpoint would be greatly
> > > appreciated.
> >
> > > Thanks,
> > > Jeff
> >
> > > --
> > > Twitter developer documentation and resources:
> https://dev.twitter.com/doc
> > > API updates via Twitter:https://twitter.com/twitterapi
> > > Issues/Enhancements Tracker:
> > >https://code.google.com/p/twitter-api/issues/list
> > > Change your membership to this group:
> > >https://groups.google.com/forum/#!forum/twitter-development-talk
>
> --
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> https://groups.google.com/forum/#!forum/twitter-development-talk
>
--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
https://groups.google.com/forum/#!forum/twitter-development-talk
