"Failed to validate oauth signature and token" using python/django libs
1,393 views
Skip to first unread message
Blaine Garrett
Jul 3, 2009, 5:10:40 PM7/3/09
to Twitter Development Talk
Hi,
I get the 401:Unauthorized Error every time I attempt to get a request
token. When I attempt to go to the URL directly in the browser (not
yet accessed to preserve nonce) I get a body of "Failed to validate
oauth signature and token".
I am using the Leah's oauth client listed at http://oauth.net/code
as well as the python-twitter (0.7-devel) and oauth-python-twitter
(v0.1)
I was able to get these same libraries to work on a different project
but not on the current one I am working on.
I have refreshed my tokens numerous times and also tried the working
ones from the other project. I also tried the tokens from this project
on the other project that was working and that WORKED.
As such, I am guessing it is an issue with my setup or some other lib
I am working with.
Both projects however have Python Versions 2.5.2 and should otherwise
be the same setups.
Domain the project is on is http://articulture.blainegarrett.com if
the matters for some odd reason.
Any thoughts?
Here is the code I am using to call the libs if it helps:
oauth_consumer = oauthtwitter.OAuthApi(consumer_token,
consumer_secret)
request_token = oauth_consumer.getRequestToken() # httplib exception
bubbles from within here
authorization_url = oauth_consumer.getAuthorizationURL(request_token)
Thank you!
~Blaine
--
Blaine Garrett
gchat : bla...@jrcorps.com
aim: zombiediv
y!: zombiediv
I get the 401:Unauthorized Error every time I attempt to get a request
token. When I attempt to go to the URL directly in the browser (not
yet accessed to preserve nonce) I get a body of "Failed to validate
oauth signature and token".
I am using the Leah's oauth client listed at http://oauth.net/code
as well as the python-twitter (0.7-devel) and oauth-python-twitter
(v0.1)
I was able to get these same libraries to work on a different project
but not on the current one I am working on.
I have refreshed my tokens numerous times and also tried the working
ones from the other project. I also tried the tokens from this project
on the other project that was working and that WORKED.
As such, I am guessing it is an issue with my setup or some other lib
I am working with.
Both projects however have Python Versions 2.5.2 and should otherwise
be the same setups.
Domain the project is on is http://articulture.blainegarrett.com if
the matters for some odd reason.
Any thoughts?
Here is the code I am using to call the libs if it helps:
oauth_consumer = oauthtwitter.OAuthApi(consumer_token,
consumer_secret)
request_token = oauth_consumer.getRequestToken() # httplib exception
bubbles from within here
authorization_url = oauth_consumer.getAuthorizationURL(request_token)
Thank you!
~Blaine
--
Blaine Garrett
gchat : bla...@jrcorps.com
aim: zombiediv
y!: zombiediv
Matt Sanford
Jul 6, 2009, 11:59:33 AM7/6/09
to twitter-deve...@googlegroups.com
Hi Blaine,
Failing the validate the signature when getting a request token
is pretty rare. As you said the fact this all works from other
libraries seems to point to a library issue. The most helpful things
to see in these cases are:
• The actual HTTP request and response that fails. By seeing the URL
requested I can try and recreate the signature and find the mismatch.
• The "signature base string" used to create the oauth_signature
parameter. This usually requires adding some print statements to the
oauth library you're using but can be really helpful.
If you can send the HTTP request and response (headers and
bodies) that will be a good start. If you're not sure how to get them
from your library I recommend using a debugging proxy like Charles [1].
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
[1] - http://www.charlesproxy.com/
Blaine Garrett
Jul 9, 2009, 11:24:11 PM7/9/09
to Twitter Development Talk
Hi,
Thanks for the quick reply Matt. Below is a recap of the setup with a
bit more clarity as well as the keys, url, and pre-encoded data.
Hopefully this sheds some light on the issue. I also tried the PHP lib
someone recommended with the same results - i.e 401 error. So again, I
am thinking it is something external to the Django setup - be it on
either end of the requests.
Thanks again!
Blaine
----
1. Url I am trying to call the twitter API:
http://articulture.blainegarrett.com/signin/
2. View Code being called:
[python_code]
def signin(request):
from acsite.people import oauthtwitter
import acsite.settings as settings
# Step 1: Create an anonymous twitter oauth consumer
oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
'MY_SECRET_KEY') # Blaine's Personal Dev Site keys
# Step 2: Fetch Request Token From Twitter
request_token = oauth_consumer.getRequestToken() # In here I get
the 401 error
raise Exception(request_token) # Never gets here
[/python_code]
3: I installed fresh copies:
python-twitter : http://code.google.com/p/python-twitter/
oauth-python-twitter : http://code.google.com/p/oauth-python-twitter/
oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
In the oauth.py, I changed the line 36:
SIGNATURE_METHOD = 'HMAC-SHA1'
4. With no other changes, I get: the urllib2 exception: HTTPError at /
signin/ "HTTP Error 401: Unauthorized"
5. When I wrap the url opener code in oauthtwitter.py on approx line
102 in:
try:
url_data = opener.open(url).read()
except urllib2.HTTPError, e:
raise Exception('GET REQUEST VERSION : Unable to connect to the
oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url,
e.msg))
I get the exception:
GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
401 - Url:
https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_timestamp=1247173406&oauth_consumer_key=Vx43QEmSCP1whLq1OSPg&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D
: Content - Unauthorized
6. Trying again with a new request, adding an exception of the key,raw
returned from build_signature_base_string in build_signature in
oauth.py line 563, I get:
key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
%26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"
Note trailing ampersand on the key returned. Could this be a query
string artifact?
On Jul 6, 10:59 am, Matt Sanford <m...@twitter.com> wrote:
> Hi Blaine,
>
> Failing the validate the signature when getting a request token
> is pretty rare. As you said the fact this all works from other
> libraries seems to point to a library issue. The most helpful things
> to see in these cases are:
>
> • The actual HTTP request and response that fails. By seeing the URL
> requested I can try and recreate the signature and find the mismatch.
> • The "signature base string" used to create the oauth_signature
> parameter. This usually requires adding some print statements to the
> oauth library you're using but can be really helpful.
>
> If you can send the HTTP request and response (headers and
> bodies) that will be a good start. If you're not sure how to get them
> from your library I recommend using a debugging proxy like Charles [1].
>
> Thanks;
> – Matt Sanford / @mzsanford
> Twitter Dev
>
> [1] -http://www.charlesproxy.com/
Thanks for the quick reply Matt. Below is a recap of the setup with a
bit more clarity as well as the keys, url, and pre-encoded data.
Hopefully this sheds some light on the issue. I also tried the PHP lib
someone recommended with the same results - i.e 401 error. So again, I
am thinking it is something external to the Django setup - be it on
either end of the requests.
Thanks again!
Blaine
----
1. Url I am trying to call the twitter API:
http://articulture.blainegarrett.com/signin/
2. View Code being called:
[python_code]
def signin(request):
from acsite.people import oauthtwitter
import acsite.settings as settings
# Step 1: Create an anonymous twitter oauth consumer
oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
'MY_SECRET_KEY') # Blaine's Personal Dev Site keys
# Step 2: Fetch Request Token From Twitter
request_token = oauth_consumer.getRequestToken() # In here I get
the 401 error
raise Exception(request_token) # Never gets here
[/python_code]
3: I installed fresh copies:
python-twitter : http://code.google.com/p/python-twitter/
oauth-python-twitter : http://code.google.com/p/oauth-python-twitter/
oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
In the oauth.py, I changed the line 36:
SIGNATURE_METHOD = 'HMAC-SHA1'
4. With no other changes, I get: the urllib2 exception: HTTPError at /
signin/ "HTTP Error 401: Unauthorized"
5. When I wrap the url opener code in oauthtwitter.py on approx line
102 in:
try:
url_data = opener.open(url).read()
except urllib2.HTTPError, e:
raise Exception('GET REQUEST VERSION : Unable to connect to the
oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url,
e.msg))
I get the exception:
GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
401 - Url:
https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_timestamp=1247173406&oauth_consumer_key=Vx43QEmSCP1whLq1OSPg&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D
: Content - Unauthorized
6. Trying again with a new request, adding an exception of the key,raw
returned from build_signature_base_string in build_signature in
oauth.py line 563, I get:
key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
%26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"
Note trailing ampersand on the key returned. Could this be a query
string artifact?
On Jul 6, 10:59 am, Matt Sanford <m...@twitter.com> wrote:
> Hi Blaine,
>
> Failing the validate the signature when getting a request token
> is pretty rare. As you said the fact this all works from other
> libraries seems to point to a library issue. The most helpful things
> to see in these cases are:
>
> • The actual HTTP request and response that fails. By seeing the URL
> requested I can try and recreate the signature and find the mismatch.
> • The "signature base string" used to create the oauth_signature
> parameter. This usually requires adding some print statements to the
> oauth library you're using but can be really helpful.
>
> If you can send the HTTP request and response (headers and
> bodies) that will be a good start. If you're not sure how to get them
> from your library I recommend using a debugging proxy like Charles [1].
>
> Thanks;
> – Matt Sanford / @mzsanford
> Twitter Dev
>
>
> On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
>
>
>
> > Hi,
>
> > I get the 401:Unauthorized Error every time I attempt to get a request
> > token. When I attempt to go to the URL directly in the browser (not
> > yet accessed to preserve nonce) I get a body of "Failed to validate
> > oauth signature and token".
>
> > I am using the Leah's oauth client listed athttp://oauth.net/code
> On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
>
>
>
> > Hi,
>
> > I get the 401:Unauthorized Error every time I attempt to get a request
> > token. When I attempt to go to the URL directly in the browser (not
> > yet accessed to preserve nonce) I get a body of "Failed to validate
> > oauth signature and token".
>
JDG
Jul 9, 2009, 11:57:33 PM7/9/09
to twitter-deve...@googlegroups.com
No. According to the oauth spec, your signature key is always "consumer_secret&token_secret", even if token_secret is empty, so when you first call request_token, your key will be "consumer_secret&"--
Internets. Serious business.
Internets. Serious business.
Blaine Garrett
Jul 13, 2009, 6:06:29 PM7/13/09
to Twitter Development Talk
Update: It works now. Thanks to everyone who tried to help me diagnose
the issue.
Today, Hedley posted about the system being off can cause the request
token to fail. This was my exact problem it turns out.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/aadee92bc5c34f29?pli=1
Thanks again!
~Blaine
> > oauth-python-twitter<http://code.google.com/p/python-twitter/%0Aoauth-python-twitter>:
the issue.
Today, Hedley posted about the system being off can cause the request
token to fail. This was my exact problem it turns out.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/aadee92bc5c34f29?pli=1
Thanks again!
~Blaine
> >http://code.google.com/p/oauth-python-twitter/
> > oauth :http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
>
> > In the oauth.py, I changed the line 36:
> > SIGNATURE_METHOD = 'HMAC-SHA1'
>
> > 4. With no other changes, I get: the urllib2 exception: HTTPError at /
> > signin/ "HTTP Error 401: Unauthorized"
> > 5. When I wrap the url opener code in oauthtwitter.py on approx line
> > 102 in:
> > try:
> > url_data = opener.open(url).read()
> > except urllib2.HTTPError, e:
> > raise Exception('GET REQUEST VERSION : Unable to connect to the
> > oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url,
> > e.msg))
>
> > I get the exception:
> > GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
> > 401 - Url:
>
> >https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_ti...
> > oauth :http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
>
> > In the oauth.py, I changed the line 36:
> > SIGNATURE_METHOD = 'HMAC-SHA1'
>
> > 4. With no other changes, I get: the urllib2 exception: HTTPError at /
> > signin/ "HTTP Error 401: Unauthorized"
> > 5. When I wrap the url opener code in oauthtwitter.py on approx line
> > 102 in:
> > try:
> > url_data = opener.open(url).read()
> > except urllib2.HTTPError, e:
> > raise Exception('GET REQUEST VERSION : Unable to connect to the
> > oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url,
> > e.msg))
>
> > I get the exception:
> > GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
> > 401 - Url:
>
Reply all
Reply to author
Forward
0 new messages