And this is what my sign_key_base looks like:

POST&http%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3Dp...8pw%26oauth_nonce
%3D1309289330%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1309289330%26oauth_version%3D1.0

On Jun 28, 8:40 pm, DoXiD <anton.do...@gmail.com> wrote:
> After talking with a nice guy at the IRC channel he mentioned that i
> needed to sort my headers and my POST data.
> Sad and done, i sorted my things but still didn't help, any other
> suggestions?
>
> Here's a output (readable version) of my 
> HEAD+POST:http://pastebin.com/H8uSuEd0
>
> On Jun 28, 5:31 pm, DoXiD <anton.do...@gmail.com> wrote:
>
>
>
>
>
>
>
> > First off, i'm uncertain which keys i can and can not post, so i'll
> > obscure them.
>
> > My main problem is that i don't know which keys to send to the
> > "request_token".
>
> > Here is that i'm trying to send:
> > (Note: time matches the servers, i've made sure of that)
> > (Note: I have checked so that _all_ my keys are correct)
> > (Note: I've also made sure that the signature matches up to my content
> > of POST)
>
> > POST /oauth/request_token HTTP/1.1
> > Content-Type: application/x-www-form-urlencoded
> > Authorization: OAuth oauth_nonce="1309272106", oauth_callback="",
> > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1309272106",
> > oauth_consumer_key="pk...8pw", oauth_token="",
> > oauth_signature="T5...5pQ%3D", oauth_version="1.0"
> > User-Agent: InetCheck
> > Host: api.twitter.com
> > Keep-Alive: 115
> > Content-Length: 171
>
> > oauth_callback=&oauth_consumer_key=pk...
> > 8pw&oauth_nonce=1309272106&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1309272106&oauth_token=&oauth_version=1.0
>
> > After tat i recive either "Failed to validate oauth signature and
> > token" or just a 401 return code.
>
> > I'm trying to get my hands dirty here by developing my own API for
> > Python.
> > I know there are some out there but i don't like em + i don't trust
> > other people.
>
> > So i'm running Python2.6.5
> > And i'm using the modules:
> > from socket import *
> > from time import time, gmtime
> > from random import randint
> > import base64
> > import hashlib
> > import hmac
> > import urllib
>
> > (i know, you're not supposed to do from <m> import * but i'm just
> > making some basic code for a skeleton atm).
>
> > The code to generate the header + POST data:
> > (again, just a skeleton, ugly code, will be fixed when i got a working
> > copy)
>
> >                 dstr = ''
> >                 if data:
> >                         dstr += ''
>
> >                         for k in ('oauth_callback', 'oauth_consumer_key', 
> > 'oauth_nonce',
> > 'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
> > 'oauth_version'):
> >                                 if not k in data: raise KeyError("Missing " 
> > + k + ", please
> > specify it at the login")
> >                                 dstr += k + '=' + data[k] + '&'
> >                         dstr = dstr[:-1]
>
> >                 secr = self.keySet[1]
> >                 sign_key_base = 'POST' + '&' + urllib.quote_plus('http://
> > api.twitter.com/oauth/request_token') + '&'
> >                 sign_key_base += urllib.quote_plus(dstr)
> >                 print 'Using sign base:'
> >                 print '\t' + sign_key_base + '\n'
> >                 print '\t Key:'
> >                 print '\t\t', [data['consumer_secret'] + '&']
> >                 print '\t\t', [hmac.new(data['consumer_secret'] + '&',
> > sign_key_base, hashlib.sha1).digest()]
> >                 print '\t\t', 
> > [base64.encodestring(hmac.new(data['consumer_secret']
> > + '&', sign_key_base, hashlib.sha1).digest())]
> >                 secr =
> > urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
> > '&', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
> >                 print '\t\t', [secr], '\n'
>
> >                 ret = 'POST ' + URL  + ' HTTP/1.1\r\n'
> >                 ret += 'Content-Type: application/x-www-form-urlencoded\r\n'
>
> >                 ret += 'Authorization: OAuth oauth_nonce="' + 
> > data['oauth_nonce'] +
> > '", '
> >                 ret += 'oauth_callback="' + data['oauth_callback'] + '", '
> >                 ret += 'oauth_signature_method="HMAC-SHA1", '
> >                 ret += 'oauth_timestamp="' + data['oauth_nonce'] + '", '
> >                 ret += 'oauth_consumer_key="' + data['oauth_consumer_key'] 
> > + '", '
> >                 ret += 'oauth_token="' + data['oauth_token'] + '", '
> >                 ret += 'oauth_signature="' + secr + '", '
> >                 ret += 'oauth_version="1.0"\r\n'
> >                 ret += 'User-Agent: InetCheck\r\n'
> >                 ret += 'Host: ' + host + '\r\n'
>
> >                 ret += 'Keep-Alive: 115\r\nContent-Length: ' + 
> > str(len(dstr)) + '\r\n
> > \r\n' + dstr
>
> > Please help me, it's getting on my nerves this oAuth stuff,
> > really never ever came in contact with it until Twitter, sure it looks
> > like a good security implementation but atm i don't like it :/
>
> > Any help is apritiated.
>
> > Also, validated my oauth_signature and content 
> > via:http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
>
> > Everyting matches up against what i'm sending to the server.
> > So if Twitter follows that standard it should all be good.
>
> > I don't know tho if i should skip "oauth_callback" since it's an empty
> > string anyways, or if i should skip "oauth_token" because i don't have
> > one (also a empty string).

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to