Twitter: What did you change in OAuth?
11 views
Skip to first unread message
Duane Roelands
Jul 28, 2009, 12:27:40 AM7/28/09
to Twitter Development Talk
Simply telling developers that "something" changed is not sufficient
information to help us get our applications back online.
We need specific information concerning which part of the signature
generation/validation was changed.
information to help us get our applications back online.
We need specific information concerning which part of the signature
generation/validation was changed.
Doug Williams
Jul 28, 2009, 12:39:09 AM7/28/09
to twitter-deve...@googlegroups.com
Duane,
I will gather some specifics and post them here. We appreciate your patience.
In the mean time, you can use the OAuth playground to see where your signature is failing:
Thanks,
Doug
Duane Roelands
Jul 28, 2009, 1:05:51 AM7/28/09
to Twitter Development Talk
The OAuth Playground appears to be broken. Fill out the appropriate
fields and the "Loading" spinner just spins forever.
On Jul 28, 12:39 am, Doug Williams <d...@twitter.com> wrote:
> Duane,I will gather some specifics and post them here. We appreciate your
fields and the "Loading" spinner just spins forever.
On Jul 28, 12:39 am, Doug Williams <d...@twitter.com> wrote:
> Duane,I will gather some specifics and post them here. We appreciate your
> patience.
>
> In the mean time, you can use the OAuth playground to see where your
> signature is failing:http://googlecodesamples.com/oauth_playground/
>
> Thanks,
> Doug
>
>
> In the mean time, you can use the OAuth playground to see where your
> signature is failing:http://googlecodesamples.com/oauth_playground/
>
> Thanks,
> Doug
>
chinaski007
Jul 28, 2009, 1:23:41 AM7/28/09
to Twitter Development Talk
Confirmed. Google Playground does not work.
TheSaintr
Jul 28, 2009, 3:53:29 AM7/28/09
to Twitter Development Talk
I'm Using , Using http://oauth.googlecode.com/svn/code/csharp/
And it fails :( any thoughts on what might help?
And it fails :( any thoughts on what might help?
scotth_uk
Jul 28, 2009, 6:16:51 AM7/28/09
to Twitter Development Talk
It's quite funny I suppose, been using basic auth forever, last week
change over to OAuth...today, concidering going back, give a couple of
years to iron out the bugs and maybe try again.
I'm using Abraham Williams' PHP twitter OAuth library, I don't suppose
anyone has found a fix for this?
getting simply 'Invalid signature' is about as helpful as "an unknown
error occurred"
Cheers.
change over to OAuth...today, concidering going back, give a couple of
years to iron out the bugs and maybe try again.
I'm using Abraham Williams' PHP twitter OAuth library, I don't suppose
anyone has found a fix for this?
getting simply 'Invalid signature' is about as helpful as "an unknown
error occurred"
Cheers.
Duane Roelands
Jul 28, 2009, 7:22:16 AM7/28/09
to Twitter Development Talk
Looks like it's more than spaces. Looks like other characters are
affected and URLPathEncode isn't handling it.
Has -anyone- heard -anything- from Twitter?
affected and URLPathEncode isn't handling it.
Has -anyone- heard -anything- from Twitter?
scotth_uk
Jul 28, 2009, 7:08:28 AM7/28/09
to Twitter Development Talk
Twitter Status : ... Is adding feature to his app so it can switch
between OAuth and Basic for when OAuth breaks again.
:-)
Well, at least Basic auth's phase-out date has been pushed back
another year.
ant...@cloudangels.com
Jul 28, 2009, 9:18:35 AM7/28/09
to Twitter Development Talk
Apparently two things were changed:
1. Setting the Consumer Secret is now a mandatory part of the signing
process, empty consumer secrets don't work anymore.
2. Parameter encoding didn't previously enforce the part of section
5.1 that says that "Hexadecimal characters in encodings MUST be upper
case."
Maybe more was changed, but these two did it for me.
best regards,
Toni
1. Setting the Consumer Secret is now a mandatory part of the signing
process, empty consumer secrets don't work anymore.
2. Parameter encoding didn't previously enforce the part of section
5.1 that says that "Hexadecimal characters in encodings MUST be upper
case."
Maybe more was changed, but these two did it for me.
best regards,
Toni
Duane Roelands
Jul 28, 2009, 9:42:13 AM7/28/09
to Twitter Development Talk
Glad things are working for you. ;)
Still no luck here. I'm signing the requests with both keys and I'm
URLEncoding all "%"-values to upper case.
On Jul 28, 9:18 am, "thetago...@googlemail.com"
Still no luck here. I'm signing the requests with both keys and I'm
URLEncoding all "%"-values to upper case.
On Jul 28, 9:18 am, "thetago...@googlemail.com"
goodtest
Jul 28, 2009, 12:35:22 PM7/28/09
to Twitter Development Talk
Also check out things that broke for me(and their solutions)
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/59ed5372f7c1b623
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/59ed5372f7c1b623
timwhitlock
Jul 28, 2009, 9:55:21 AM7/28/09
to Twitter Development Talk
I am signing with both secrets too, and have upper case urlencoding.
Signing requests with an empty token secret (i.e. when getting
original request token) work 100%
I am doing the following to obtain the hmac key:
$key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this-
>token_secret);
when token_secret is an empty string - no probs!
Example request:
GET /statuses/followers.json?
screen_name=timwhitlock&page=1&oauth_consumer_key=[removed]
&oauth_nonce=1248788126.331844&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1248788126&oauth_token=[removed]
&oauth_version=1.0&oauth_signature=bGLpUe4LisXrn1ffGIafwod54ZE%3D HTTP/
1.0
PHP source code snippet:
public function sign_hmac( $http_method, $http_rsc ){
$this->args['oauth_signature_method'] = 'HMAC-SHA1';
$this->args['oauth_timestamp'] = sprintf('%u', time() );
$this->args['oauth_nonce'] = sprintf('%f', microtime(true) );
// normalize args first
unset( $this->args['oauth_signature'] );
$str = $this->__toString();
// prepend other values, double-encoding the args
$str = strtoupper($http_method).'&'.rawurlencode
($http_rsc).'&'.rawurlencode($str);
// sign it
$key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this-
>token_secret);
$this->args['oauth_signature'] = base64_encode( hash_hmac( 'sha1',
$str, $key, true ) );
return parent::serialize( $this->args );
}
Signing requests with an empty token secret (i.e. when getting
original request token) work 100%
I am doing the following to obtain the hmac key:
$key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this-
>token_secret);
when token_secret is an empty string - no probs!
Example request:
GET /statuses/followers.json?
screen_name=timwhitlock&page=1&oauth_consumer_key=[removed]
&oauth_nonce=1248788126.331844&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1248788126&oauth_token=[removed]
&oauth_version=1.0&oauth_signature=bGLpUe4LisXrn1ffGIafwod54ZE%3D HTTP/
1.0
PHP source code snippet:
public function sign_hmac( $http_method, $http_rsc ){
$this->args['oauth_signature_method'] = 'HMAC-SHA1';
$this->args['oauth_timestamp'] = sprintf('%u', time() );
$this->args['oauth_nonce'] = sprintf('%f', microtime(true) );
// normalize args first
unset( $this->args['oauth_signature'] );
$str = $this->__toString();
// prepend other values, double-encoding the args
$str = strtoupper($http_method).'&'.rawurlencode
($http_rsc).'&'.rawurlencode($str);
// sign it
$key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this-
>token_secret);
$this->args['oauth_signature'] = base64_encode( hash_hmac( 'sha1',
$str, $key, true ) );
return parent::serialize( $this->args );
}
unVOXT
Jul 28, 2009, 7:50:48 PM7/28/09
to Twitter Development Talk
other threads suggest resolution by checking and changing the method
of url encoding.
of url encoding.
Duane Roelands
Jul 28, 2009, 10:10:56 PM7/28/09
to Twitter Development Talk
Check this thread for a solution for VB.NET libraries (and perhaps a
good starting point for other languages).
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/734a29fd71d7fdd9#
good starting point for other languages).
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/734a29fd71d7fdd9#
Reply all
Reply to author
Forward
0 new messages