Taylor, Thanks so much for you help on this! I moved the arguments from the url to an array so they can be sorted with the others and that fixed the problem. It works now as before.
Jeff On Jun 15, 10:54 am, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Thanks Jeff -- I can see the problem instantaneously -- your query > parameters are attached to the end of the escaped URL rather than be sorted > and ordered with the rest of the "parameters" (including the OAuth ones). > > You correct signature base string would be: > GET&http://api.twitter.com/1/followers/ids.json&cursor%3D-1%26oauth_consu... > > Notice how the base URL contains no query parameters here, cursor is the > first parameter after the separator ("&") as c comes before o, and user_id > is the final parameter in the sequence as u comes after o. > > @episod <http://twitter.com/intent/user?screen_name=episod> - Taylor > Singletary > > > > > > > > On Wed, Jun 15, 2011 at 8:43 AM, Jeff <bigja...@gmail.com> wrote: > > Here is a dump of $signatureBaseString > > > GET&http%3A%2F%2Fapi.twitter.com%2F1%2Ffollowers%2Fids.json%3Fcursor > > %3D-1%26user_id%3D130232354&oauth_consumer_key%3DOlPht6d2h3N1XYwCpCyx5Q > > %26oauth_nonce > > %3D7997664e2131b5c8f95fc3400b27c647%26oauth_signature_method%3DHMAC- > > SHA1%26oauth_timestamp%3D1308152495%26oauth_token%3D130232354- > > gI42iFYrX1Mtn72N5y1yr3WYSeQ6hfpposibfxY%26oauth_version%3D1.0 > > > On Jun 15, 10:34 am, Taylor Singletary <taylorsinglet...@twitter.com> > > wrote: > > > Hi Jeff, > > > > This is close to what I'm looking for -- it has the authorization header > > > which is important to see -- but what will really help us debug with you > > is > > > the signature base string -- it's a string that contains many of the same > > > values from the authorization header but presented in a specific format > > -- > > > this is the string that is signed to create your oauth_signature. This > > > signature base string is usually the key to all OAuth problems, as the > > order > > > of parameters and particular encoding of them in relation to the > > parameters > > > on your query string or POST body are extremely important and somewhat > > > fragile. > > > > I'm not sure which version of EpiOAuth you're using, but there's likely a > > > method similar to this one. The value you want to debug/capture here is > > > $signatureBaseString. > > > > protected function generateSignature($method = null, $url = null, > > > $params = null) > > > { > > > if(empty($method) || empty($url)) > > > return false; > > > > // concatenating and encode > > > $concatenatedParams = > > > $this->encode_rfc3986($this->buildHttpQueryRaw($params)); > > > > // normalize url > > > $normalizedUrl = $this->encode_rfc3986($this->normalizeUrl($url)); > > > $method = $this->encode_rfc3986($method); // don't need this but why > > not? > > > > $signatureBaseString = > > "{$method}&{$normalizedUrl}&{$concatenatedParams}"; > > > return $this->signString($signatureBaseString); > > > } > > > > @episod <http://twitter.com/intent/user?screen_name=episod> - Taylor > > > Singletary > > > > On Wed, Jun 15, 2011 at 8:22 AM, Jeff <bigja...@gmail.com> wrote: > > > > Taylor, > > > > > Thanks for the response. Hopefully, this is what you need. I dumped it > > > > right before the request. > > > > > [ > > > > "Expect:", > > > > "Authorization: OAuth realm=\"http:\/\/api.twitter.com\/1\/followers > > > > \/ids.json\", > > > > oauth_consumer_key=\"OlPht6d2h3N1XYwCpCyx5Q\", > > > > oauth_token=\"130232354- > > > > gI42iFYrX1Mtn72N5y1yr3WYSeQ6hfpposibfxY\", > > > > oauth_nonce=\"71cc67f647043054dbd640b9b1f3d8fc\", > > > > oauth_timestamp=\"1308151065\", > > > > oauth_signature_method=\"HMAC-SHA1\", > > > > oauth_version=\"1.0\", > > > > oauth_signature=\"lYen9ON%2B5bVah%2BBHVGnPCMqBXQ8%3D > > > > \"", > > > > "User-Agent: " > > > > ] > > > > > On Jun 15, 10:05 am, Taylor Singletary <taylorsinglet...@twitter.com> > > > > wrote: > > > > > This means that your signing is slightly wrong (and likely has been > > > > slightly > > > > > wrong for some time) when you're using parameters in your request. > > Can > > > > you > > > > > detail the signature base string and authorization header you are > > using > > > > when > > > > > building this request? > > > > > > @episod <http://twitter.com/intent/user?screen_name=episod> - Taylor > > > > > Singletary > > > > > > On Wed, Jun 15, 2011 at 8:00 AM, Jeff <bigja...@gmail.com> wrote: > > > > > > > Tuesday morning around 10am CDT I noticed a change in the API > > > > > > endpoint /version/followers/ids in how it operates. > > > > > > > If you provide the cursor parameter, such as: > > > > > > > /1/followers/ids.json?cursor=-1&user_id=12345 the method returns > > data > > > > > > correctly, however it also return the error warning "Invalid OAuth > > > > > > credentials detected". Here is the response from the API. > > > > > > > "data":{ > > > "responseText":"{\"previous_cursor\":0,\"next_cursor_str\":\"0\", > > > > > > \"previous_cursor_str\":\"0\",\"ids\": > > > > > > [222126862,95945240,169607024,148845934,95447204,94401716], > > > > > > \"next_cursor\":0}", > > > > > > "headers":{ > > > > > > "Date":"Wed, 15 Jun 2011 14:39:54 GMT", > > > > > > "Server":"hi", > > > > > > "Status":"200 OK", > > > > > > "X-Warning":"Invalid OAuth credentials detected", > > > > > > "X-Transaction":"1308148794-15054-58845", > > > > > > "X-RateLimit-Limit":"150", > > > > > > "X-Frame-Options":"SAMEORIGIN", > > > > > > "Last-Modified":"Wed, 15 Jun 2011 14:39:54 GMT", > > > > > > "X-RateLimit-Remaining":"66", > > > > > > "X-Runtime":"0.02003", > > > > > > "Content-Type":"application\/json; charset=utf-8", > > > > > > "Content-Length":"150", > > > > > > "Pragma":"no-cache", > > > > > > "X-RateLimit-Class":"api", > > > > > > "X-Revision":"DEV", > > > > > > "Expires":"Tue, 31 Mar 1981 05:00:00 GMT", > > > > > > "Cache-Control":"no-cache, no-store, must-revalidate, pre- > > > > > > check=0, post-check=0", > > > > > > "X-MID":"c7827d770b9045b049f3967663b08dce7704a9fb", > > > > > > "X-RateLimit-Reset":"1308150383", > > > > > > "Vary":"Accept-Encoding", > > > > > > "Connection":"close" > > > > > > }, > > > > > > > The problem here is that because it thinks the OAuth credentials > > are > > > > > > "Invalid" it gives me a rate limit of 150. > > > > > > > If I remove the parameters "?cursor=-1&user_id=12345" and simply > > use > > > > > > the endpoint /1/followers/ids.json it accepts my OAuth credentials > > as > > > > > > valid and and returns the appropriate rate limit of 350. Although > > this > > > > > > works, I need pagination as there are a lot of ids I need to > > retrieve. > > > > > > > This had been working correctly and I noticed the change yesterday > > > > > > morning. > > > > > > > Any help on resolving this or letting me know if something has > > changed > > > > > > when parameters are used with this endpoint would be greatly > > > > > > appreciated. > > > > > > > Thanks, > > > > > > Jeff > > > > > > > -- > > > > > > Twitter developer documentation and resources: > > > >https://dev.twitter.com/doc > > > > > > API updates via Twitter:https://twitter.com/twitterapi > > > > > > Issues/Enhancements Tracker: > > > > > >https://code.google.com/p/twitter-api/issues/list > > > > > > Change your membership to this group: > > > > > >https://groups.google.com/forum/#!forum/twitter-development-talk > > > > > -- > > > > Twitter developer documentation and resources: > >https://dev.twitter.com/doc > > > > API updates via Twitter:https://twitter.com/twitterapi > > > > Issues/Enhancements Tracker: > > > >https://code.google.com/p/twitter-api/issues/list > > > > Change your membership to this group: > > > >https://groups.google.com/forum/#!forum/twitter-development-talk > > > -- > > Twitter developer documentation and resources:https://dev.twitter.com/doc > > API updates via Twitter:https://twitter.com/twitterapi > > Issues/Enhancements Tracker: > >https://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > >https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
