I need to know, is this corner dead cause i got a response in less then a few hours in the bug department and i can't get any help with this at all. Am i missing some information? then please tell me, i'll feed you with whatever you want, i'm a developer and i'm developing core functions and API's so i can bring up whatever output data you need... urm yea, i'm desperate!
On Jun 28, 10:30 pm, DoXiD <anton.do...@gmail.com> wrote: > And this is what my sign_key_base looks like: > > POST&http%3A%2F%2Fapi.twitter.com%2Foauth > %2Frequest_token&oauth_consumer_key%3Dp...8pw%26oauth_nonce > %3D1309289330%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > %3D1309289330%26oauth_version%3D1.0 > > On Jun 28, 8:40 pm, DoXiD <anton.do...@gmail.com> wrote: > > > > > After talking with a nice guy at the IRC channel he mentioned that i > > needed to sort my headers and my POST data. > > Sad and done, i sorted my things but still didn't help, any other > > suggestions? > > > Here's a output (readable version) of my > > HEAD+POST:http://pastebin.com/H8uSuEd0 > > > On Jun 28, 5:31 pm, DoXiD <anton.do...@gmail.com> wrote: > > > > First off, i'm uncertain which keys i can and can not post, so i'll > > > obscure them. > > > > My main problem is that i don't know which keys to send to the > > > "request_token". > > > > Here is that i'm trying to send: > > > (Note: time matches the servers, i've made sure of that) > > > (Note: I have checked so that _all_ my keys are correct) > > > (Note: I've also made sure that the signature matches up to my content > > > of POST) > > > > POST /oauth/request_token HTTP/1.1 > > > Content-Type: application/x-www-form-urlencoded > > > Authorization: OAuth oauth_nonce="1309272106", oauth_callback="", > > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1309272106", > > > oauth_consumer_key="pk...8pw", oauth_token="", > > > oauth_signature="T5...5pQ%3D", oauth_version="1.0" > > > User-Agent: InetCheck > > > Host: api.twitter.com > > > Keep-Alive: 115 > > > Content-Length: 171 > > > > oauth_callback=&oauth_consumer_key=pk... > > > 8pw&oauth_nonce=1309272106&oauth_signature_method=HMAC- > > > SHA1&oauth_timestamp=1309272106&oauth_token=&oauth_version=1.0 > > > > After tat i recive either "Failed to validate oauth signature and > > > token" or just a 401 return code. > > > > I'm trying to get my hands dirty here by developing my own API for > > > Python. > > > I know there are some out there but i don't like em + i don't trust > > > other people. > > > > So i'm running Python2.6.5 > > > And i'm using the modules: > > > from socket import * > > > from time import time, gmtime > > > from random import randint > > > import base64 > > > import hashlib > > > import hmac > > > import urllib > > > > (i know, you're not supposed to do from <m> import * but i'm just > > > making some basic code for a skeleton atm). > > > > The code to generate the header + POST data: > > > (again, just a skeleton, ugly code, will be fixed when i got a working > > > copy) > > > > dstr = '' > > > if data: > > > dstr += '' > > > > for k in ('oauth_callback', 'oauth_consumer_key', > > > 'oauth_nonce', > > > 'oauth_signature_method', 'oauth_timestamp', 'oauth_token', > > > 'oauth_version'): > > > if not k in data: raise KeyError("Missing > > > " + k + ", please > > > specify it at the login") > > > dstr += k + '=' + data[k] + '&' > > > dstr = dstr[:-1] > > > > secr = self.keySet[1] > > > sign_key_base = 'POST' + '&' + urllib.quote_plus('http:// > > > api.twitter.com/oauth/request_token') + '&' > > > sign_key_base += urllib.quote_plus(dstr) > > > print 'Using sign base:' > > > print '\t' + sign_key_base + '\n' > > > print '\t Key:' > > > print '\t\t', [data['consumer_secret'] + '&'] > > > print '\t\t', [hmac.new(data['consumer_secret'] + '&', > > > sign_key_base, hashlib.sha1).digest()] > > > print '\t\t', > > > [base64.encodestring(hmac.new(data['consumer_secret'] > > > + '&', sign_key_base, hashlib.sha1).digest())] > > > secr = > > > urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] + > > > '&', sign_key_base, hashlib.sha1).digest()).replace('\n', '')) > > > print '\t\t', [secr], '\n' > > > > ret = 'POST ' + URL + ' HTTP/1.1\r\n' > > > ret += 'Content-Type: > > > application/x-www-form-urlencoded\r\n' > > > > ret += 'Authorization: OAuth oauth_nonce="' + > > > data['oauth_nonce'] + > > > '", ' > > > ret += 'oauth_callback="' + data['oauth_callback'] + '", ' > > > ret += 'oauth_signature_method="HMAC-SHA1", ' > > > ret += 'oauth_timestamp="' + data['oauth_nonce'] + '", ' > > > ret += 'oauth_consumer_key="' + > > > data['oauth_consumer_key'] + '", ' > > > ret += 'oauth_token="' + data['oauth_token'] + '", ' > > > ret += 'oauth_signature="' + secr + '", ' > > > ret += 'oauth_version="1.0"\r\n' > > > ret += 'User-Agent: InetCheck\r\n' > > > ret += 'Host: ' + host + '\r\n' > > > > ret += 'Keep-Alive: 115\r\nContent-Length: ' + > > > str(len(dstr)) + '\r\n > > > \r\n' + dstr > > > > Please help me, it's getting on my nerves this oAuth stuff, > > > really never ever came in contact with it until Twitter, sure it looks > > > like a good security implementation but atm i don't like it :/ > > > > Any help is apritiated. > > > > Also, validated my oauth_signature and content > > > via:http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... > > > > Everyting matches up against what i'm sending to the server. > > > So if Twitter follows that standard it should all be good. > > > > I don't know tho if i should skip "oauth_callback" since it's an empty > > > string anyways, or if i should skip "oauth_token" because i don't have > > > one (also a empty string).- Hide quoted text - > > - Show quoted text - -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk