Hi Eryn, I'm not too familiar with the Twisted framework or its implementation of OAuth, so take what I recommend with a grain of salt.
* Access tokens generated through the OAuth flow on Twitter, regardless of the technique used (PIN code, xAuth, vanilla OAuth) are long-lived and do not expire until the end-user makes an explicit effort to revoke the access. You store the access token and access token secret. * While OAuth in theory should "just work" when it works in one spot, there's a great amount of variation in the amount of "wrongness" that given services will tolerate when evaluating the credentials. Long- term, we're working to normalize the entire validation procedure across all of our services, but in reality the streaming API and the REST API use different OAuth engines to evaluate the validity of the request -- the streaming API's OAuth verification is considerably stricter than the REST API's more forgiving implementation. * I notice that your authorization header is missing a oauth_timestamp parameter -- is that a copy and paste error? Do you know how to locate the OAuth signature base string in the Python library you are using -- it can often be buried under private or protected methods but the string is invaluable in debugging issues like this. Thanks, Taylor On Jun 24, 7:54 pm, Eryn Wells <[email protected]> wrote: > Hello all, > > I'm quite new to OAuth and the Twitter API, and this is my first post to this > list. > > I'm working on an app in Python using the Twisted framework. It uses > brosner's fork of python-oauth2[1] to do the initial authentication and > subsequent request signing. I'm using the PIN code flow for authentication. > Do access tokens need to be generated every time you start the app, or can > they be stored between runs and reused? If so, how long are the valid? Right > now, my code writes the access token and secret out to a file and recovers it > the next time it starts. The procedure seems to go just fine – I don't get > any errors – but I can't really verify that everything is Correct because I > don't really know what I'm looking for… > > Second thing, I'm at the point where I'm trying to do the initial connection > tohttps://userstream.twitter.com/2/user.json. I'm using SSLConnect and > web.HTTPClient, if that helps… I write out the command (GET <url>), and the > headers (a Host and an Authorization header). The OAuth library generates the > following Authorization header content. I get back a 401 Unauthorized error > with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User > Streams require OAuth, so why am I getting a Basic auth response? > > OAuth realm="Firehose", oauth_nonce="25622603816219309853125867384777", > oauth_consumer_key="<cut>", oauth_signature_method="HMAC-SHA1", > oauth_version="1.0", oauth_token="<cut>", > oauth_signature="1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D" > > Anything obvious there that I'm doing wrong? > > Thanks, > Eryn -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
