[twitter-dev] oAuth Echo problems
260 views
Skip to first unread message
Rich
May 15, 2010, 7:01:58 PM5/15/10
to Twitter Development Talk
Has anyone else had problems with oAuth echo and services like TwitPic
I'm using the SAME objective-c library to generate the oAuth signature
as for the client (which by the way the client works fine so the oAuth
signatures for that are fine).
I'm generating the oAuth headers as if it were for
https://api.twitter.com/1/account/verify_credentials.json and add it
to the http headers as per Raffi's documenation.
When I look at the oAuth headers they look fine, but TwitPic
constantly returns a 401
I'm using the SAME objective-c library to generate the oAuth signature
as for the client (which by the way the client works fine so the oAuth
signatures for that are fine).
I'm generating the oAuth headers as if it were for
https://api.twitter.com/1/account/verify_credentials.json and add it
to the http headers as per Raffi's documenation.
When I look at the oAuth headers they look fine, but TwitPic
constantly returns a 401
Rich
May 15, 2010, 7:26:04 PM5/15/10
to Twitter Development Talk
To follow up, if I simply actually call verify_credentials it returns
a valid json object for my request but returns a status code of 401
On May 16, 12:01 am, Rich <rhyl...@gmail.com> wrote:
> Has anyone else had problems with oAuth echo and services like TwitPic
>
> I'm using the SAME objective-c library to generate the oAuth signature
> as for the client (which by the way the client works fine so the oAuth
> signatures for that are fine).
>
> I'm generating the oAuth headers as if it were forhttps://api.twitter.com/1/account/verify_credentials.jsonand add it
a valid json object for my request but returns a status code of 401
On May 16, 12:01 am, Rich <rhyl...@gmail.com> wrote:
> Has anyone else had problems with oAuth echo and services like TwitPic
>
> I'm using the SAME objective-c library to generate the oAuth signature
> as for the client (which by the way the client works fine so the oAuth
> signatures for that are fine).
>
gotosleep
May 15, 2010, 7:36:42 PM5/15/10
to Twitter Development Talk
I am having the exact same issue with Twitpic. I use the same code to
generate the OAuth header for Twitpic as I do for Twitter, but Twitpic
always returns a 401.
On May 15, 6:26 pm, Rich <rhyl...@gmail.com> wrote:
> To follow up, if I simply actually call verify_credentials it returns
> a valid json object for my request but returns a status code of 401
>
> On May 16, 12:01 am, Rich <rhyl...@gmail.com> wrote:
>
> > Has anyone else had problems with oAuth echo and services like TwitPic
>
> > I'm using the SAME objective-c library to generate the oAuth signature
> > as for the client (which by the way the client works fine so the oAuth
> > signatures for that are fine).
>
> > I'm generating the oAuth headers as if it were forhttps://api.twitter.com/1/account/verify_credentials.jsonandadd it
generate the OAuth header for Twitpic as I do for Twitter, but Twitpic
always returns a 401.
On May 15, 6:26 pm, Rich <rhyl...@gmail.com> wrote:
> To follow up, if I simply actually call verify_credentials it returns
> a valid json object for my request but returns a status code of 401
>
> On May 16, 12:01 am, Rich <rhyl...@gmail.com> wrote:
>
> > Has anyone else had problems with oAuth echo and services like TwitPic
>
> > I'm using the SAME objective-c library to generate the oAuth signature
> > as for the client (which by the way the client works fine so the oAuth
> > signatures for that are fine).
>
Rich
May 16, 2010, 10:18:39 AM5/16/10
to Twitter Development Talk
I've spent a good 12 hours on this so far and this is where I've got
to
1) I use the same code to generate the oAuth header for echo and
communicating to the Twitter API
2) I generate a fake request to verify_credentials and generate the
oauth http header but change Authorization to X-Verify-Credentials-
Authorization and add the X-Auth-Service-Provider header
3) I change the request url to the TwitPic api and post the image
4) TwitPic comes back with a 401 oauth header error (specifically says
oauth header in the response)
To check the oAuth header was OK I change my code to use Authorization
instead of X-Verify-Credentials-Authorization and send it directly to
verify_credentials (obviously ignoring the image data part!)
Twitter responds with JSON and an HTTP status of 200, so I'm pretty
sure that my oAuth header is right
to
1) I use the same code to generate the oAuth header for echo and
communicating to the Twitter API
2) I generate a fake request to verify_credentials and generate the
oauth http header but change Authorization to X-Verify-Credentials-
Authorization and add the X-Auth-Service-Provider header
3) I change the request url to the TwitPic api and post the image
4) TwitPic comes back with a 401 oauth header error (specifically says
oauth header in the response)
To check the oAuth header was OK I change my code to use Authorization
instead of X-Verify-Credentials-Authorization and send it directly to
verify_credentials (obviously ignoring the image data part!)
Twitter responds with JSON and an HTTP status of 200, so I'm pretty
sure that my oAuth header is right
Rich
May 16, 2010, 11:44:00 AM5/16/10
to Twitter Development Talk
After chatting with one of the engineers at TwitPic they appear to
have fixed the invalid oauth header issue, now I get a 401 error
saying my API key is invalid even though it's a copy and paste from
their site
have fixed the invalid oauth header issue, now I get a 401 error
saying my API key is invalid even though it's a copy and paste from
their site
uprise78
May 18, 2010, 10:41:34 PM5/18/10
to Twitter Development Talk
I'm in the same boat. My call to Twitter works fine but I get 401's
from TwitPic every time.
from TwitPic every time.
Rich
May 19, 2010, 3:54:56 AM5/19/10
to Twitter Development Talk
Their echo service is working properly as of Sunday when I was talking
with one of their engineers who deployed a fix.
If you still get a 401 it's likely you haven't signed the echo header
properly
1) You do not oAuth sign the actual request to TwitPic
2) You make a fake request to Twitter's verify credentials api over
SSL and grab the Authorization header that would be sent, however when
you create the header make sure you include a 'Realm' of https://api.twitter.com
3) Create a new post request to TwitPic and put the oAuth header that
you grabbed from Authorization in the HTTP header X-Verify-Credentials-
Authorization
4) Add a X-Auth-Service-Provider header with the URL to verify
credentials.
5) You should be good to go after that
If you get the signature right, it will work as I and a few others
have got it working when we were liasing with their engineers on
Sunday
with one of their engineers who deployed a fix.
If you still get a 401 it's likely you haven't signed the echo header
properly
1) You do not oAuth sign the actual request to TwitPic
2) You make a fake request to Twitter's verify credentials api over
SSL and grab the Authorization header that would be sent, however when
you create the header make sure you include a 'Realm' of https://api.twitter.com
3) Create a new post request to TwitPic and put the oAuth header that
you grabbed from Authorization in the HTTP header X-Verify-Credentials-
Authorization
4) Add a X-Auth-Service-Provider header with the URL to verify
credentials.
5) You should be good to go after that
If you get the signature right, it will work as I and a few others
have got it working when we were liasing with their engineers on
Sunday
uprise78
May 19, 2010, 10:22:04 AM5/19/10
to Twitter Development Talk
Works like a charm now. Thanks!
Greg
May 20, 2010, 4:41:16 PM5/20/10
to Twitter Development Talk
Does anyone have a sample code for PHP? I'm having some trouble
creating the OAuth headers.
creating the OAuth headers.
Miguel de Icaza
May 21, 2010, 11:51:15 PM5/21/10
to Twitter Development Talk
Hello,
> 1) You do not oAuth sign the actual request toTwitPic
> 2) You make a fake request to Twitter's verify credentials api over
> SSL and grab the Authorization header that would be sent, however when
> you create the header make sure you include a 'Realm' ofhttps://api.twitter.com
> 3) Create a new post request toTwitPicand put the oAuth header that
"could not authenticate you (header rejected by twitter)"
I created the OAuth headers as if I was trying to send an OAuth
request to https://api.twitter.com/1/account/verify_credentials.json
and added those headers to X-Verify-Credential-Authorization
The headers contain realm "http://api.twitter.com" (tried also with
https)
Any ideas what "Header rejected by twitter" means?
> 1) You do not oAuth sign the actual request toTwitPic
> 2) You make a fake request to Twitter's verify credentials api over
> SSL and grab the Authorization header that would be sent, however when
> 3) Create a new post request toTwitPicand put the oAuth header that
> you grabbed from Authorization in the HTTP header X-Verify-Credentials-
> Authorization
> 4) Add a X-Auth-Service-Provider header with the URL to verify
> credentials.
> 5) You should be good to go after that
I tried this, but I am getting the following message from TwitPic:
> Authorization
> 4) Add a X-Auth-Service-Provider header with the URL to verify
> credentials.
> 5) You should be good to go after that
"could not authenticate you (header rejected by twitter)"
I created the OAuth headers as if I was trying to send an OAuth
request to https://api.twitter.com/1/account/verify_credentials.json
and added those headers to X-Verify-Credential-Authorization
The headers contain realm "http://api.twitter.com" (tried also with
https)
Any ideas what "Header rejected by twitter" means?
Rich
May 22, 2010, 3:14:40 AM5/22/10
to Twitter Development Talk
The request to verify_credentials should be a GET and shouldn't
contain any of the parameters you intend to send to TwitPic either
On May 22, 4:51 am, Miguel de Icaza <miguel.de.ic...@gmail.com> wrote:
> Hello,
>
> > 1) You do not oAuth sign the actual request toTwitPic
> > 2) You make a fake request to Twitter's verify credentials api over
> > SSL and grab the Authorization header that would be sent, however when
> > you create the header make sure you include a 'Realm' ofhttps://api.twitter.com
> > 3) Create a new post request toTwitPicand put the oAuth header that
> > you grabbed from Authorization in the HTTP header X-Verify-Credentials-
> > Authorization
> > 4) Add a X-Auth-Service-Provider header with the URL to verify
> > credentials.
> > 5) You should be good to go after that
>
> I tried this, but I am getting the following message from TwitPic:
>
> "could not authenticate you (header rejected by twitter)"
>
> I created the OAuth headers as if I was trying to send an OAuth
> request tohttps://api.twitter.com/1/account/verify_credentials.json
contain any of the parameters you intend to send to TwitPic either
On May 22, 4:51 am, Miguel de Icaza <miguel.de.ic...@gmail.com> wrote:
> Hello,
>
> > 1) You do not oAuth sign the actual request toTwitPic
> > 2) You make a fake request to Twitter's verify credentials api over
> > SSL and grab the Authorization header that would be sent, however when
> > you create the header make sure you include a 'Realm' ofhttps://api.twitter.com
> > 3) Create a new post request toTwitPicand put the oAuth header that
> > you grabbed from Authorization in the HTTP header X-Verify-Credentials-
> > Authorization
> > 4) Add a X-Auth-Service-Provider header with the URL to verify
> > credentials.
> > 5) You should be good to go after that
>
> I tried this, but I am getting the following message from TwitPic:
>
> "could not authenticate you (header rejected by twitter)"
>
> I created the OAuth headers as if I was trying to send an OAuth
Twitter Guy
May 25, 2010, 8:17:20 AM5/25/10
to Twitter Development Talk
I created a curl command using the example in your API Documentation:
---- CURL COMMAND START -----
curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json'
-H 'X-Verify-Credentials-Authorization: OAuth realm="http://
api.twitter.com/", oauth_consumer_key="9tMgFXW0rFtb2YLrBIFbIQ",
oauth_signature_method="HMAC-SHA1", oauth_token="69570246-
r0Z9nrgf5OKy2qyrTyOSKzvJn75hO2RcLurK9H3S8",
oauth_timestamp="1274766777", oauth_nonce="19583AFE-D5AD-4DD7-BAF7-
E842254D1CA7", oauth_version="1.0", oauth_signature="RidHgN2dR4NZNJMq
%2FSrfFuPN1HQ%3D%3D"' -F "key= xxxxxxxxMYAPPKEYxxxxxxxx" -F "media=@./
Picture11.png" http://api.twitpic.com/2/upload.json
---- CURL COMMAND END -----
And the response i keep getting is:
------ RESPONSE START --------
* About to connect() to api.twitpic.com port 80 (#0)
* Trying 174.36.58.233... connected
* Connected to api.twitpic.com (174.36.58.233) port 80 (#0)
> POST /2/upload.json HTTP/1.1
> User-Agent: curl/7.16.3 (powerpc-apple-darwin9.0) libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
> Host: api.twitpic.com
> Accept: */*
> X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json
> X-Verify-Credentials-Authorization: OAuth realm="http://api.twitter.com/", oauth_consumer_key="9tMgFXW0rFtb2YLrBIFbIQ", oauth_signature_method="HMAC-SHA1", oauth_token="69570246-r0Z9nrgf5OKy2qyrTyOSKzvJn75hO2RcLurK9H3S8", oauth_timestamp="1274766777", oauth_nonce="19583AFE-D5AD-4DD7-BAF7-E842254D1CA7", oauth_version="1.0", oauth_signature="RidHgN2dR4NZNJMq%2FSrfFuPN1HQ%3D%3D"
> Content-Length: 1831
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------e33c68df21fa
>
< HTTP/1.1 100 Continue
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Tue, 25 May 2010 05:52:06 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.3.2
<
* Connection #0 to host api.twitpic.com left intact
* Closing connection #0
{"errors":[{"code":401,"message":"Could not authenticate you (header
rejected by twitter)."}]}
------ RESPONSE END --------
can you please tell me what am i doing wrong so i can integrate the
Oauth Functionality in my twitpic app ASAP.
Thanks!
---- CURL COMMAND START -----
curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json'
-H 'X-Verify-Credentials-Authorization: OAuth realm="http://
api.twitter.com/", oauth_consumer_key="9tMgFXW0rFtb2YLrBIFbIQ",
oauth_signature_method="HMAC-SHA1", oauth_token="69570246-
r0Z9nrgf5OKy2qyrTyOSKzvJn75hO2RcLurK9H3S8",
oauth_timestamp="1274766777", oauth_nonce="19583AFE-D5AD-4DD7-BAF7-
E842254D1CA7", oauth_version="1.0", oauth_signature="RidHgN2dR4NZNJMq
%2FSrfFuPN1HQ%3D%3D"' -F "key= xxxxxxxxMYAPPKEYxxxxxxxx" -F "media=@./
Picture11.png" http://api.twitpic.com/2/upload.json
---- CURL COMMAND END -----
And the response i keep getting is:
------ RESPONSE START --------
* About to connect() to api.twitpic.com port 80 (#0)
* Trying 174.36.58.233... connected
* Connected to api.twitpic.com (174.36.58.233) port 80 (#0)
> POST /2/upload.json HTTP/1.1
> User-Agent: curl/7.16.3 (powerpc-apple-darwin9.0) libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
> Host: api.twitpic.com
> Accept: */*
> X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json
> X-Verify-Credentials-Authorization: OAuth realm="http://api.twitter.com/", oauth_consumer_key="9tMgFXW0rFtb2YLrBIFbIQ", oauth_signature_method="HMAC-SHA1", oauth_token="69570246-r0Z9nrgf5OKy2qyrTyOSKzvJn75hO2RcLurK9H3S8", oauth_timestamp="1274766777", oauth_nonce="19583AFE-D5AD-4DD7-BAF7-E842254D1CA7", oauth_version="1.0", oauth_signature="RidHgN2dR4NZNJMq%2FSrfFuPN1HQ%3D%3D"
> Content-Length: 1831
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------e33c68df21fa
>
< HTTP/1.1 100 Continue
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Tue, 25 May 2010 05:52:06 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.3.2
<
* Connection #0 to host api.twitpic.com left intact
* Closing connection #0
{"errors":[{"code":401,"message":"Could not authenticate you (header
rejected by twitter)."}]}
------ RESPONSE END --------
can you please tell me what am i doing wrong so i can integrate the
Oauth Functionality in my twitpic app ASAP.
Thanks!
Cameron Kaiser
May 25, 2010, 11:16:18 AM5/25/10
to twitter-deve...@googlegroups.com
> I created a curl command using the example in your API Documentation:
>
> ---- CURL COMMAND START -----
>
> curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json'
> -H 'X-Verify-Credentials-Authorization:
Just use Authorization:.
>
> ---- CURL COMMAND START -----
>
> curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json'
> -H 'X-Verify-Credentials-Authorization:
--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * cka...@floodgap.com
-- You can't have everything. Where would you put it? -- Steven Wright --------
Cameron Kaiser
May 25, 2010, 11:18:49 AM5/25/10
to twitter-deve...@googlegroups.com
> > I created a curl command using the example in your API Documentation:
> >
> > ---- CURL COMMAND START -----
> >
> > curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json'
> > -H 'X-Verify-Credentials-Authorization:
>
> Just use Authorization:.
Er, sorry: try X-OAuth-Authorization:.
> >
> > ---- CURL COMMAND START -----
> >
> > curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json'
> > -H 'X-Verify-Credentials-Authorization:
>
> Just use Authorization:.
--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * cka...@floodgap.com
gotosleep
May 28, 2010, 12:22:22 PM5/28/10
to Twitter Development Talk
Rich, thanks so much.. my issue ended up being that I was signing my
OAuth Echo header as a POST request (because my request is a POST to
twitpic), not GET.
OAuth Echo header as a POST request (because my request is a POST to
twitpic), not GET.
Reply all
Reply to author
Forward
0 new messages