/oauth/request_token - Can't get one
42 views
Skip to first unread message
DoXiD
Jun 28, 2011, 12:31:02 PM6/28/11
to Twitter Development Talk
First off, i'm uncertain which keys i can and can not post, so i'll
obscure them.
My main problem is that i don't know which keys to send to the
"request_token".
Here is that i'm trying to send:
(Note: time matches the servers, i've made sure of that)
(Note: I have checked so that _all_ my keys are correct)
(Note: I've also made sure that the signature matches up to my content
of POST)
POST /oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce="1309272106", oauth_callback="",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1309272106",
oauth_consumer_key="pk...8pw", oauth_token="",
oauth_signature="T5...5pQ%3D", oauth_version="1.0"
User-Agent: InetCheck
Host: api.twitter.com
Keep-Alive: 115
Content-Length: 171
oauth_callback=&oauth_consumer_key=pk...
8pw&oauth_nonce=1309272106&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1309272106&oauth_token=&oauth_version=1.0
After tat i recive either "Failed to validate oauth signature and
token" or just a 401 return code.
I'm trying to get my hands dirty here by developing my own API for
Python.
I know there are some out there but i don't like em + i don't trust
other people.
So i'm running Python2.6.5
And i'm using the modules:
from socket import *
from time import time, gmtime
from random import randint
import base64
import hashlib
import hmac
import urllib
(i know, you're not supposed to do from <m> import * but i'm just
making some basic code for a skeleton atm).
The code to generate the header + POST data:
(again, just a skeleton, ugly code, will be fixed when i got a working
copy)
dstr = ''
if data:
dstr += ''
for k in ('oauth_callback', 'oauth_consumer_key', 'oauth_nonce',
'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
'oauth_version'):
if not k in data: raise KeyError("Missing " + k + ", please
specify it at the login")
dstr += k + '=' + data[k] + '&'
dstr = dstr[:-1]
secr = self.keySet[1]
sign_key_base = 'POST' + '&' + urllib.quote_plus('http://
api.twitter.com/oauth/request_token') + '&'
sign_key_base += urllib.quote_plus(dstr)
print 'Using sign base:'
print '\t' + sign_key_base + '\n'
print '\t Key:'
print '\t\t', [data['consumer_secret'] + '&']
print '\t\t', [hmac.new(data['consumer_secret'] + '&',
sign_key_base, hashlib.sha1).digest()]
print '\t\t', [base64.encodestring(hmac.new(data['consumer_secret']
+ '&', sign_key_base, hashlib.sha1).digest())]
secr =
urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
'&', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
print '\t\t', [secr], '\n'
ret = 'POST ' + URL + ' HTTP/1.1\r\n'
ret += 'Content-Type: application/x-www-form-urlencoded\r\n'
ret += 'Authorization: OAuth oauth_nonce="' + data['oauth_nonce'] +
'", '
ret += 'oauth_callback="' + data['oauth_callback'] + '", '
ret += 'oauth_signature_method="HMAC-SHA1", '
ret += 'oauth_timestamp="' + data['oauth_nonce'] + '", '
ret += 'oauth_consumer_key="' + data['oauth_consumer_key'] + '", '
ret += 'oauth_token="' + data['oauth_token'] + '", '
ret += 'oauth_signature="' + secr + '", '
ret += 'oauth_version="1.0"\r\n'
ret += 'User-Agent: InetCheck\r\n'
ret += 'Host: ' + host + '\r\n'
ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr)) + '\r\n
\r\n' + dstr
Please help me, it's getting on my nerves this oAuth stuff,
really never ever came in contact with it until Twitter, sure it looks
like a good security implementation but atm i don't like it :/
Any help is apritiated.
Also, validated my oauth_signature and content via:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
Everyting matches up against what i'm sending to the server.
So if Twitter follows that standard it should all be good.
I don't know tho if i should skip "oauth_callback" since it's an empty
string anyways, or if i should skip "oauth_token" because i don't have
one (also a empty string).
obscure them.
My main problem is that i don't know which keys to send to the
"request_token".
Here is that i'm trying to send:
(Note: time matches the servers, i've made sure of that)
(Note: I have checked so that _all_ my keys are correct)
(Note: I've also made sure that the signature matches up to my content
of POST)
POST /oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce="1309272106", oauth_callback="",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1309272106",
oauth_consumer_key="pk...8pw", oauth_token="",
oauth_signature="T5...5pQ%3D", oauth_version="1.0"
User-Agent: InetCheck
Host: api.twitter.com
Keep-Alive: 115
Content-Length: 171
oauth_callback=&oauth_consumer_key=pk...
8pw&oauth_nonce=1309272106&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1309272106&oauth_token=&oauth_version=1.0
After tat i recive either "Failed to validate oauth signature and
token" or just a 401 return code.
I'm trying to get my hands dirty here by developing my own API for
Python.
I know there are some out there but i don't like em + i don't trust
other people.
So i'm running Python2.6.5
And i'm using the modules:
from socket import *
from time import time, gmtime
from random import randint
import base64
import hashlib
import hmac
import urllib
(i know, you're not supposed to do from <m> import * but i'm just
making some basic code for a skeleton atm).
The code to generate the header + POST data:
(again, just a skeleton, ugly code, will be fixed when i got a working
copy)
dstr = ''
if data:
dstr += ''
for k in ('oauth_callback', 'oauth_consumer_key', 'oauth_nonce',
'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
'oauth_version'):
if not k in data: raise KeyError("Missing " + k + ", please
specify it at the login")
dstr += k + '=' + data[k] + '&'
dstr = dstr[:-1]
secr = self.keySet[1]
sign_key_base = 'POST' + '&' + urllib.quote_plus('http://
api.twitter.com/oauth/request_token') + '&'
sign_key_base += urllib.quote_plus(dstr)
print 'Using sign base:'
print '\t' + sign_key_base + '\n'
print '\t Key:'
print '\t\t', [data['consumer_secret'] + '&']
print '\t\t', [hmac.new(data['consumer_secret'] + '&',
sign_key_base, hashlib.sha1).digest()]
print '\t\t', [base64.encodestring(hmac.new(data['consumer_secret']
+ '&', sign_key_base, hashlib.sha1).digest())]
secr =
urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
'&', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
print '\t\t', [secr], '\n'
ret = 'POST ' + URL + ' HTTP/1.1\r\n'
ret += 'Content-Type: application/x-www-form-urlencoded\r\n'
ret += 'Authorization: OAuth oauth_nonce="' + data['oauth_nonce'] +
'", '
ret += 'oauth_callback="' + data['oauth_callback'] + '", '
ret += 'oauth_signature_method="HMAC-SHA1", '
ret += 'oauth_timestamp="' + data['oauth_nonce'] + '", '
ret += 'oauth_consumer_key="' + data['oauth_consumer_key'] + '", '
ret += 'oauth_token="' + data['oauth_token'] + '", '
ret += 'oauth_signature="' + secr + '", '
ret += 'oauth_version="1.0"\r\n'
ret += 'User-Agent: InetCheck\r\n'
ret += 'Host: ' + host + '\r\n'
ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr)) + '\r\n
\r\n' + dstr
Please help me, it's getting on my nerves this oAuth stuff,
really never ever came in contact with it until Twitter, sure it looks
like a good security implementation but atm i don't like it :/
Any help is apritiated.
Also, validated my oauth_signature and content via:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
Everyting matches up against what i'm sending to the server.
So if Twitter follows that standard it should all be good.
I don't know tho if i should skip "oauth_callback" since it's an empty
string anyways, or if i should skip "oauth_token" because i don't have
one (also a empty string).
DoXiD
Jun 28, 2011, 3:40:35 PM6/28/11
to Twitter Development Talk
After talking with a nice guy at the IRC channel he mentioned that i
needed to sort my headers and my POST data.
Sad and done, i sorted my things but still didn't help, any other
suggestions?
Here's a output (readable version) of my HEAD+POST:
http://pastebin.com/H8uSuEd0
> Also, validated my oauth_signature and content via:http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
needed to sort my headers and my POST data.
Sad and done, i sorted my things but still didn't help, any other
suggestions?
Here's a output (readable version) of my HEAD+POST:
http://pastebin.com/H8uSuEd0
DoXiD
Jun 28, 2011, 4:30:50 PM6/28/11
to Twitter Development Talk
And this is what my sign_key_base looks like:
POST&http%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3Dp...8pw%26oauth_nonce
%3D1309289330%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1309289330%26oauth_version%3D1.0
POST&http%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3Dp...8pw%26oauth_nonce
%3D1309289330%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1309289330%26oauth_version%3D1.0
DoXiD
Jul 1, 2011, 7:46:48 AM7/1/11
to Twitter Development Talk
I need to know, is this corner dead cause i got a response in less
then a few hours in the bug department and i can't get any help with
this at all.
Am i missing some information? then please tell me, i'll feed you with
whatever you want, i'm a developer and i'm developing core functions
and API's so i can bring up whatever output data you need... urm yea,
i'm desperate!
> > > one (also a empty string).- Hide quoted text -
>
> - Show quoted text -
then a few hours in the bug department and i can't get any help with
this at all.
Am i missing some information? then please tell me, i'll feed you with
whatever you want, i'm a developer and i'm developing core functions
and API's so i can bring up whatever output data you need... urm yea,
i'm desperate!
>
> - Show quoted text -
Reply all
Reply to author
Forward
0 new messages