Oauth Echo Twitpic problems
101 views
Skip to first unread message
globaljobber
Jul 26, 2010, 10:26:27 AM7/26/10
to Twitter Development Talk
Hi,
I am having trouble getting Twitpic to authorize an image upload
request.
I have checked my Oauth 'X-Verify-Credentials-Authorization'
authorization header with a call to
'https://api.twitter.com/' and I get a 200 OK status. So it appears my
authentication requests are ok.
However if I take the same header construct and make a request to
'http://api.twitpic.com/2/upload.json' using OAuth Echo with Twitpic I
continually receive a 401 Unauthorized response.
My typical setup is this:
Parameters for Twitpic:
Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
Requiredparameters.Add("message", "This is a test upload");
requestUrl = OAuthUtility.AppendParametersForPOST("http://
api.twitpic.com/2/upload.json", Requiredparameters);
HttpWebRequest webRequest =
(HttpWebRequest)WebRequest.Create(requestUrl);
webRequest.Method = "POST";
webRequest.Headers.Add("X-Verify-Credentials-Authorization",
AuthorizationHeaderForAuth);
webRequest.Headers.Add("X-Auth-Service-Provider", "https://
api.twitter.com/1/account/verify_credentials.json");
where a typical AuthorizationHeaderForAuth looks like this:
OAuth realm="http://
api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
Can anyone please suggest where things may be going wrong?
Many thanks
Gerard
I am having trouble getting Twitpic to authorize an image upload
request.
I have checked my Oauth 'X-Verify-Credentials-Authorization'
authorization header with a call to
'https://api.twitter.com/' and I get a 200 OK status. So it appears my
authentication requests are ok.
However if I take the same header construct and make a request to
'http://api.twitpic.com/2/upload.json' using OAuth Echo with Twitpic I
continually receive a 401 Unauthorized response.
My typical setup is this:
Parameters for Twitpic:
Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
Requiredparameters.Add("message", "This is a test upload");
requestUrl = OAuthUtility.AppendParametersForPOST("http://
api.twitpic.com/2/upload.json", Requiredparameters);
HttpWebRequest webRequest =
(HttpWebRequest)WebRequest.Create(requestUrl);
webRequest.Method = "POST";
webRequest.Headers.Add("X-Verify-Credentials-Authorization",
AuthorizationHeaderForAuth);
webRequest.Headers.Add("X-Auth-Service-Provider", "https://
api.twitter.com/1/account/verify_credentials.json");
where a typical AuthorizationHeaderForAuth looks like this:
OAuth realm="http://
api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
Can anyone please suggest where things may be going wrong?
Many thanks
Gerard
Taylor Singletary
Jul 26, 2010, 10:38:41 AM7/26/10
to twitter-deve...@googlegroups.com
Hi Gerard,
Though I know it doesn't sound like it should matter, can you try your
request against Twitpic after inserting spaces after each comma in
your Authorization Header? Also want to make sure that you aren't
executing your verify_credentials request in the preparation sequence
(calling the resource prior to TwitPic calling it would invalidate
it).
Thanks,
Taylor
globaljobber
Jul 26, 2010, 11:03:43 AM7/26/10
to Twitter Development Talk
Hi Taylor,
Thanks for your reply. I just tried that and still the same 401 error.
The new header was like this with spaces after each comma:
oauth_consumer_key="9cjtaDfffOYCRJqyp7XKzA", oauth_nonce="59E4358",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280156335",
oauth_token="15389554-7q4tjgtwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
oauth_version="1.0", oauth_signature="ZmiBuqZC2SUsRx2%2B7x4O7TrDDWE
%3D"
I'm also sure no call is made during the generation of the header.
According to other posts I've read, this header is created using a GET
and uses the following URL:
https://api.twitter.com/1/account/verify_credentials.json
Any other ideas would be grateful, as I've spent over a week on trying
to get Twitpic to work.
Thank you
Gerard
On Jul 26, 3:38 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
Thanks for your reply. I just tried that and still the same 401 error.
The new header was like this with spaces after each comma:
oauth_consumer_key="9cjtaDfffOYCRJqyp7XKzA", oauth_nonce="59E4358",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280156335",
oauth_token="15389554-7q4tjgtwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
oauth_version="1.0", oauth_signature="ZmiBuqZC2SUsRx2%2B7x4O7TrDDWE
%3D"
I'm also sure no call is made during the generation of the header.
According to other posts I've read, this header is created using a GET
and uses the following URL:
https://api.twitter.com/1/account/verify_credentials.json
Any other ideas would be grateful, as I've spent over a week on trying
to get Twitpic to work.
Thank you
Gerard
On Jul 26, 3:38 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Gerard,
>
> Though I know it doesn't sound like it should matter, can you try your
> request against Twitpic after inserting spaces after each comma in
> your Authorization Header? Also want to make sure that you aren't
> executing your verify_credentials request in the preparation sequence
> (calling the resource prior to TwitPic calling it would invalidate
> it).
>
> Thanks,
> Taylor
>
> On Mon, Jul 26, 2010 at 7:26 AM, globaljobber
>
>
> Though I know it doesn't sound like it should matter, can you try your
> request against Twitpic after inserting spaces after each comma in
> your Authorization Header? Also want to make sure that you aren't
> executing your verify_credentials request in the preparation sequence
> (calling the resource prior to TwitPic calling it would invalidate
> it).
>
> Thanks,
> Taylor
>
> On Mon, Jul 26, 2010 at 7:26 AM, globaljobber
>
globaljobber
Jul 26, 2010, 11:21:12 AM7/26/10
to Twitter Development Talk
Just to check my process is correct:
1) Web page goes to twitter to get a request Token
2) Token request granted, and a URL for user is generated with this
Token
3) User authenticates app via Twitter pop-up
3) Twitter reponse redirects to new page which has Access Token and
access token secret given to it.
4) Using these tokens, and using GET and the following URL: 'https://
api.twitter.com/1/account/verify_credentials.json'
an authorisation header is generated.
5) This header, along with the other header: 'X-Auth-Service-
Provider' is then sent off using a post to http://api.twitpic.com/2/upload.json
Have I missed anything?
Regards
Gerard
On Jul 26, 4:03 pm, globaljobber <gerardn...@exciteinternet.co.uk>
wrote:
> > > 'https://api.twitter.com/'andI get a 200 OK status. So it appears my
1) Web page goes to twitter to get a request Token
2) Token request granted, and a URL for user is generated with this
Token
3) User authenticates app via Twitter pop-up
3) Twitter reponse redirects to new page which has Access Token and
access token secret given to it.
4) Using these tokens, and using GET and the following URL: 'https://
api.twitter.com/1/account/verify_credentials.json'
an authorisation header is generated.
5) This header, along with the other header: 'X-Auth-Service-
Provider' is then sent off using a post to http://api.twitpic.com/2/upload.json
Have I missed anything?
Regards
Gerard
On Jul 26, 4:03 pm, globaljobber <gerardn...@exciteinternet.co.uk>
wrote:
> > > authentication requests are ok.
>
> > > However if I take the same header construct and make a request to
> > > 'http://api.twitpic.com/2/upload.json'usingOAuth Echo with Twitpic I
>
> > > However if I take the same header construct and make a request to
Taylor Singletary
Jul 26, 2010, 12:05:30 PM7/26/10
to twitter-deve...@googlegroups.com
Hi Gerard,
Steps 1-3 of this process are correct from the perspective of
initially negotiating permissions for your user. Once you've performed
steps 1-3 you shouldn't need to do these steps for this user again
unless re-negotiating for the tokens.
Your step 4: I'll improve the documentation we have for OAuth Echo
here, as it's not obvious that you should be performing a POST for
verify_credentials in this case. The Authorization Header you generate
for the verify_credentials request should be a POST, as that's what
Twitpic will do.
Step 5: Yes, your OAuth authorization header for the
verify_credentials request is presented in the
X-Verify-Credentials-Authorization header, and X-Auth-Service-Provider
contains "https://api.twitter.com/1/account/verify_credentials.json"
Let me know if the transition to POST works for you. I have some
sample code in PHP available here: http://gist.github.com/490753
Taylor
globaljobber
Jul 26, 2010, 12:31:52 PM7/26/10
to Twitter Development Talk
Hi Taylor,
Thanks again. Tried generating a header using Post instead of GET and
didn't work.
I note in the sample PHP code, line 25, that a GET is used.
I have read in numerous posts that a GET was used with the 'dummy'
request to generate the Header.
I'm not a php programmer, I do C# ASP.Net for my sins, which doesn't
help. But I have tried to go through your PHP example, which I've seen
before and I reckon I am replicating what is being done.
The header I generate is ok'd by Twitter api, i.e. get a 200 OK
response, but not using Echo.
Thanks for your help thus far.
Gerard
On Jul 26, 5:05 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Gerard,
>
> > Provider' is then sent off using a post tohttp://api.twitpic.com/2/upload.json
> >> > > 'https://api.twitter.com/'andIget a 200 OK status. So it appears my
> >> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
>
> - Show quoted text -
Thanks again. Tried generating a header using Post instead of GET and
didn't work.
I note in the sample PHP code, line 25, that a GET is used.
I have read in numerous posts that a GET was used with the 'dummy'
request to generate the Header.
I'm not a php programmer, I do C# ASP.Net for my sins, which doesn't
help. But I have tried to go through your PHP example, which I've seen
before and I reckon I am replicating what is being done.
The header I generate is ok'd by Twitter api, i.e. get a 200 OK
response, but not using Echo.
Thanks for your help thus far.
Gerard
On Jul 26, 5:05 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Gerard,
>
> >> > > authentication requests are ok.
>
> >> > > However if I take the same header construct and make a request to
> >> > > 'http://api.twitpic.com/2/upload.json'usingOAuthEcho with Twitpic I
>
> >> > > However if I take the same header construct and make a request to
> >> > > continually receive a 401 Unauthorized response.
>
> >> > > My typical setup is this:
>
> >> > > Parameters for Twitpic:
>
> >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> >> > > Requiredparameters.Add("message", "This is a test upload");
>
> >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> >> > > HttpWebRequest webRequest =
> >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> >> > > webRequest.Method = "POST";
>
> >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> >> > > AuthorizationHeaderForAuth);
> >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> >> > > api.twitter.com/1/account/verify_credentials.json");
>
> >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> >> > > OAuth realm="http://
> >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
>
> >> > > My typical setup is this:
>
> >> > > Parameters for Twitpic:
>
> >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> >> > > Requiredparameters.Add("message", "This is a test upload");
>
> >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> >> > > HttpWebRequest webRequest =
> >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> >> > > webRequest.Method = "POST";
>
> >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> >> > > AuthorizationHeaderForAuth);
> >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> >> > > api.twitter.com/1/account/verify_credentials.json");
>
> >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> >> > > OAuth realm="http://
> >> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
>
> >> > > Can anyone please suggest where things may be going wrong?
>
> >> > > Many thanks
> >> > > Gerard- Hide quoted text -
> >> > > Can anyone please suggest where things may be going wrong?
>
> >> > > Many thanks
>
> - Show quoted text -
globaljobber
Jul 26, 2010, 1:12:28 PM7/26/10
to Twitter Development Talk
Hi Taylor,
I decided to post my code in brief. I can't expect you or anyone else
to go through the real stuff line by line, so I've tried to simplify
it so that a relatively quick look should perhaps show if there's
somewhere I'm going wrong. The code shows the tasks done rather than
detail....
string requestUrl = "https://api.twitter.com/1/account/
verify_credentials.json";
Parameters.Add("oauth_version", "1.0");
Parameters.Add("oauth_nonce", GenerateNonce());
Parameters.Add("oauth_timestamp", GenerateTimeStamp());
Parameters.Add("oauth_signature_method", "HMAC-SHA1");
Parameters.Add("oauth_consumer_key", consumerKey);
Parameters.Add("oauth_consumer_secret", consumerSecret);
//Use these parameters to create the signature
AddSignatureToParameters(requestUrl,Parameters,"GET",consumerSecret,tokenSecret);
//Now create the header
string authHeader = "OAuth realm=\"http://api.twitter.com\"";
foreach(Parameter)
{
authHeader = authHeader + ", " + URLEncode(Parameter.Key) + "="
URLEncode(Paramter.Value)
}
//Now build POST request to send to Twitpic
requestUrl = "http://api.twitpic.com/2/upload.json";
Requiredparameters.Add("key", "97bfc7bd3d7827ca44444444ef4eea82");
Requiredparameters.Add("message", "TestMessage");
requestUrl = requestUrl + AddPerameters(Requiredparameters);
HttpWebRequest webRequest =
(HttpWebRequest)WebRequest.Create(requestUrl);
webRequest.Method = "POST";
webRequest.Headers.Add("X-Verify-Credentials-Authorization",
authHeader);
string responseString = new
StreamReader(response.GetResponseStream()).ReadToEnd();
Hope this is not too hard to read or follow.
Thanks
Gerard
On Jul 26, 5:31 pm, globaljobber <gerardn...@exciteinternet.co.uk>
> > >> > > 'https://api.twitter.com/'andIgeta 200 OK status. So it appears my
I decided to post my code in brief. I can't expect you or anyone else
to go through the real stuff line by line, so I've tried to simplify
it so that a relatively quick look should perhaps show if there's
somewhere I'm going wrong. The code shows the tasks done rather than
detail....
string requestUrl = "https://api.twitter.com/1/account/
verify_credentials.json";
Parameters.Add("oauth_version", "1.0");
Parameters.Add("oauth_nonce", GenerateNonce());
Parameters.Add("oauth_timestamp", GenerateTimeStamp());
Parameters.Add("oauth_signature_method", "HMAC-SHA1");
Parameters.Add("oauth_consumer_key", consumerKey);
Parameters.Add("oauth_consumer_secret", consumerSecret);
//Use these parameters to create the signature
AddSignatureToParameters(requestUrl,Parameters,"GET",consumerSecret,tokenSecret);
//Now create the header
string authHeader = "OAuth realm=\"http://api.twitter.com\"";
foreach(Parameter)
{
authHeader = authHeader + ", " + URLEncode(Parameter.Key) + "="
URLEncode(Paramter.Value)
}
//Now build POST request to send to Twitpic
requestUrl = "http://api.twitpic.com/2/upload.json";
Requiredparameters.Add("key", "97bfc7bd3d7827ca44444444ef4eea82");
Requiredparameters.Add("message", "TestMessage");
requestUrl = requestUrl + AddPerameters(Requiredparameters);
HttpWebRequest webRequest =
(HttpWebRequest)WebRequest.Create(requestUrl);
webRequest.Method = "POST";
webRequest.Headers.Add("X-Verify-Credentials-Authorization",
webRequest.Headers.Add("X-Auth-Service-Provider", "https://
api.twitter.com/1/account/verify_credentials.json");
WebResponse response = webRequest.GetResponse();
api.twitter.com/1/account/verify_credentials.json");
string responseString = new
StreamReader(response.GetResponseStream()).ReadToEnd();
Hope this is not too hard to read or follow.
Thanks
Gerard
On Jul 26, 5:31 pm, globaljobber <gerardn...@exciteinternet.co.uk>
> > >> > > authentication requests are ok.
>
> > >> > > However if I take the same header construct and make a request to
> > >> > > 'http://api.twitpic.com/2/upload.json'usingOAuthEchowith Twitpic I
>
> > >> > > However if I take the same header construct and make a request to
> > >> > > continually receive a 401 Unauthorized response.
>
> > >> > > My typical setup is this:
>
> > >> > > Parameters for Twitpic:
>
> > >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> > >> > > Requiredparameters.Add("message", "This is a test upload");
>
> > >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> > >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> > >> > > HttpWebRequest webRequest =
> > >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> > >> > > webRequest.Method = "POST";
>
> > >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> > >> > > AuthorizationHeaderForAuth);
> > >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> > >> > > api.twitter.com/1/account/verify_credentials.json");
>
> > >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> > >> > > OAuth realm="http://
> > >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
> > >> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
>
> > >> > > My typical setup is this:
>
> > >> > > Parameters for Twitpic:
>
> > >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> > >> > > Requiredparameters.Add("message", "This is a test upload");
>
> > >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> > >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> > >> > > HttpWebRequest webRequest =
> > >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> > >> > > webRequest.Method = "POST";
>
> > >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> > >> > > AuthorizationHeaderForAuth);
> > >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> > >> > > api.twitter.com/1/account/verify_credentials.json");
>
> > >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> > >> > > OAuth realm="http://
> > >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
>
> > >> > > Can anyone please suggest where things may be going wrong?
>
> > >> > > Many thanks
> > >> > > Gerard- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
> > >> > > Can anyone please suggest where things may be going wrong?
>
> > >> > > Many thanks
> > >> > > Gerard- Hide quoted text -
>
Taylor Singletary
Jul 26, 2010, 1:30:57 PM7/26/10
to twitter-deve...@googlegroups.com
Gerard,
Thanks for the code sample. Nothing is jumping out at me here.. can
you share an example signature base string? (likely generated
somewhere in the "AddSignatureToParameters" method in an intermediary
step).
Taylor
globaljobber
Jul 26, 2010, 1:46:21 PM7/26/10
to Twitter Development Talk
Hi Taylor,
Here's one I just generated:
oauth_consumer_key="9vjtaDCxlOYCRJqyp7XKzA", oauth_nonce="523A02EE",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280166265",
oauth_token="15389554-7q4tTgSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
oauth_version="1.0", oauth_signature="ImtWt09x9StbIV5H3G7xC3PM4bc%3D"
There's also another one in the first post.
Thanks
Gerard
On Jul 26, 6:30 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> >> > >> > > 'https://api.twitter.com/'andIgeta200 OK status. So it appears my
Here's one I just generated:
oauth_consumer_key="9vjtaDCxlOYCRJqyp7XKzA", oauth_nonce="523A02EE",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280166265",
oauth_token="15389554-7q4tTgSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",
oauth_version="1.0", oauth_signature="ImtWt09x9StbIV5H3G7xC3PM4bc%3D"
There's also another one in the first post.
Thanks
Gerard
On Jul 26, 6:30 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Gerard,
>
> Thanks for the code sample. Nothing is jumping out at me here.. can
> you share an example signature base string? (likely generated
> somewhere in the "AddSignatureToParameters" method in an intermediary
> step).
>
> Taylor
>
> On Mon, Jul 26, 2010 at 10:12 AM, globaljobber
>
>
>
> <gerardn...@exciteinternet.co.uk> wrote:
> > Hi Taylor,
>
> > I decided to post my code in brief. I can't expect you or anyone else
> > to go through the real stuff line by line, so I've tried to simplify
> > it so that a relatively quick look should perhaps show if there's
> > somewhere I'm going wrong. The code shows the tasks done rather than
> > detail....
>
> > string requestUrl = "https://api.twitter.com/1/account/
> > verify_credentials.json";
>
> > Parameters.Add("oauth_version", "1.0");
> > Parameters.Add("oauth_nonce", GenerateNonce());
> > Parameters.Add("oauth_timestamp", GenerateTimeStamp());
> > Parameters.Add("oauth_signature_method", "HMAC-SHA1");
> > Parameters.Add("oauth_consumer_key", consumerKey);
> > Parameters.Add("oauth_consumer_secret", consumerSecret);
>
> > //Use these parameters to create the signature
> > AddSignatureToParameters(requestUrl,Parameters,"GET",consumerSecret,tokenSecret);
>
> Thanks for the code sample. Nothing is jumping out at me here.. can
> you share an example signature base string? (likely generated
> somewhere in the "AddSignatureToParameters" method in an intermediary
> step).
>
> Taylor
>
> On Mon, Jul 26, 2010 at 10:12 AM, globaljobber
>
>
>
> <gerardn...@exciteinternet.co.uk> wrote:
> > Hi Taylor,
>
> > I decided to post my code in brief. I can't expect you or anyone else
> > to go through the real stuff line by line, so I've tried to simplify
> > it so that a relatively quick look should perhaps show if there's
> > somewhere I'm going wrong. The code shows the tasks done rather than
> > detail....
>
> > string requestUrl = "https://api.twitter.com/1/account/
> > verify_credentials.json";
>
> > Parameters.Add("oauth_version", "1.0");
> > Parameters.Add("oauth_nonce", GenerateNonce());
> > Parameters.Add("oauth_timestamp", GenerateTimeStamp());
> > Parameters.Add("oauth_signature_method", "HMAC-SHA1");
> > Parameters.Add("oauth_consumer_key", consumerKey);
> > Parameters.Add("oauth_consumer_secret", consumerSecret);
>
> > //Use these parameters to create the signature
> >> > >> > > authentication requests are ok.
>
> >> > >> > > However if I take the same header construct and make a request to
> >> > >> > > 'http://api.twitpic.com/2/upload.json'usingOAuthEchowithTwitpic I
>
> >> > >> > > However if I take the same header construct and make a request to
> >> > >> > > continually receive a 401 Unauthorized response.
>
> >> > >> > > My typical setup is this:
>
> >> > >> > > Parameters for Twitpic:
>
> >> > >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> >> > >> > > Requiredparameters.Add("message", "This is a test upload");
>
> >> > >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> >> > >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> >> > >> > > HttpWebRequest webRequest =
> >> > >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> >> > >> > > webRequest.Method = "POST";
>
> >> > >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> >> > >> > > AuthorizationHeaderForAuth);
> >> > >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> >> > >> > > api.twitter.com/1/account/verify_credentials.json");
>
> >> > >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> >> > >> > > OAuth realm="http://
> >> > >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
> >> > >> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
>
> >> > >> > > My typical setup is this:
>
> >> > >> > > Parameters for Twitpic:
>
> >> > >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> >> > >> > > Requiredparameters.Add("message", "This is a test upload");
>
> >> > >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> >> > >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> >> > >> > > HttpWebRequest webRequest =
> >> > >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> >> > >> > > webRequest.Method = "POST";
>
> >> > >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> >> > >> > > AuthorizationHeaderForAuth);
> >> > >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> >> > >> > > api.twitter.com/1/account/verify_credentials.json");
>
> >> > >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> >> > >> > > OAuth realm="http://
> >> > >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
Taylor Singletary
Jul 26, 2010, 1:57:43 PM7/26/10
to twitter-deve...@googlegroups.com
Hi Gerard,
That's the actual authorization header -- I'm looking for the
signature base string, which is the string that's signed with both
your consumer key and consumer secret to generate your oauth_signature
-- might take you a bit of debugging to get at that information.
Taylor
globaljobber
Jul 26, 2010, 2:27:05 PM7/26/10
to Twitter Development Talk
Hi Taylor,
OK, I dug out this string just before it gets HMASHA'd up:
GET&https%3A%2F%2Fapi.twitter.com%2F1%2Faccount
%2Fverify_credentials.json&oauth_consumer_key%3D9cjtaDCxlOYCRJqyp7XKzA
%26oauth_nonce%3DC061CD%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1280168455%26oauth_token
%3D15389554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4%26oauth_version
%3D1.0
I also dug out the key (as in code below) although probably no point:
tTef1iEpPjneI9wmSvKpvNN9OKNzPUTsVIf7CoSY&Y4s0mYQm4MVUhDKaKSZczrfSif9Zsgalt0BDGX8hY
The code to generate the signaturebas is as follows:
string signatureBase = string.Format(
CultureInfo.InvariantCulture,
"{0}&{1}&{2}",
PostMethod.ToUpper(CultureInfo.InvariantCulture),
EncodeForUrl(normalizedUrl),
UrlEncode(baseStringParameters));
HMACSHA1 hmacsha1 = new HMACSHA1();
string key = string.Format(
CultureInfo.InvariantCulture,
"{0}&{1}",
EncodeForUrl(consumerSecret),
EncodeForUrl(tokenSecret));
hmacsha1.Key = Encoding.ASCII.GetBytes(key);
string result = Convert.ToBase64String(
hmacsha1.ComputeHash(
Encoding.ASCII.GetBytes(signatureBase)));
parameters.Add("oauth_signature", result);
Thanks
Gerard
On Jul 26, 6:57 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Gerard,
>
> >> >> > >> > > 'https://api.twitter.com/'andIgeta200OK status. So it appears my
>
> read more »- Hide quoted text -
OK, I dug out this string just before it gets HMASHA'd up:
GET&https%3A%2F%2Fapi.twitter.com%2F1%2Faccount
%2Fverify_credentials.json&oauth_consumer_key%3D9cjtaDCxlOYCRJqyp7XKzA
%26oauth_nonce%3DC061CD%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1280168455%26oauth_token
%3D15389554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4%26oauth_version
%3D1.0
I also dug out the key (as in code below) although probably no point:
tTef1iEpPjneI9wmSvKpvNN9OKNzPUTsVIf7CoSY&Y4s0mYQm4MVUhDKaKSZczrfSif9Zsgalt0BDGX8hY
The code to generate the signaturebas is as follows:
string signatureBase = string.Format(
CultureInfo.InvariantCulture,
"{0}&{1}&{2}",
PostMethod.ToUpper(CultureInfo.InvariantCulture),
EncodeForUrl(normalizedUrl),
UrlEncode(baseStringParameters));
HMACSHA1 hmacsha1 = new HMACSHA1();
string key = string.Format(
CultureInfo.InvariantCulture,
"{0}&{1}",
EncodeForUrl(consumerSecret),
EncodeForUrl(tokenSecret));
hmacsha1.Key = Encoding.ASCII.GetBytes(key);
string result = Convert.ToBase64String(
hmacsha1.ComputeHash(
Encoding.ASCII.GetBytes(signatureBase)));
parameters.Add("oauth_signature", result);
Thanks
Gerard
On Jul 26, 6:57 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Gerard,
>
> >> >> > >> > > authentication requests are ok.
>
> >> >> > >> > > However if I take the same header construct and make a request to
> >> >> > >> > > 'http://api.twitpic.com/2/upload.json'usingOAuthEchowithTwitpicI
> >> >> > >> > > continually receive a 401 Unauthorized response.
>
> >> >> > >> > > My typical setup is this:
>
> >> >> > >> > > Parameters for Twitpic:
>
> >> >> > >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> >> >> > >> > > Requiredparameters.Add("message", "This is a test upload");
>
> >> >> > >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> >> >> > >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> >> >> > >> > > HttpWebRequest webRequest =
> >> >> > >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> >> >> > >> > > webRequest.Method = "POST";
>
> >> >> > >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> >> >> > >> > > AuthorizationHeaderForAuth);
> >> >> > >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> >> >> > >> > > api.twitter.com/1/account/verify_credentials.json");
>
> >> >> > >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> >> >> > >> > > OAuth realm="http://
> >> >> > >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
> >> >> > >> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D"
>
> >> >> > >> > > However if I take the same header construct and make a request to
> >> >> > >> > > 'http://api.twitpic.com/2/upload.json'usingOAuthEchowithTwitpicI
> >> >> > >> > > continually receive a 401 Unauthorized response.
>
> >> >> > >> > > My typical setup is this:
>
> >> >> > >> > > Parameters for Twitpic:
>
> >> >> > >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82");
> >> >> > >> > > Requiredparameters.Add("message", "This is a test upload");
>
> >> >> > >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http://
> >> >> > >> > > api.twitpic.com/2/upload.json", Requiredparameters);
>
> >> >> > >> > > HttpWebRequest webRequest =
> >> >> > >> > > (HttpWebRequest)WebRequest.Create(requestUrl);
> >> >> > >> > > webRequest.Method = "POST";
>
> >> >> > >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization",
> >> >> > >> > > AuthorizationHeaderForAuth);
> >> >> > >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https://
> >> >> > >> > > api.twitter.com/1/account/verify_credentials.json");
>
> >> >> > >> > > where a typical AuthorizationHeaderForAuth looks like this:
>
> >> >> > >> > > OAuth realm="http://
> >> >> > >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC-
>
> >> >> > >> > > Can anyone please suggest where things may be going wrong?
>
> >> >> > >> > > Many thanks
> >> >> > >> > > Gerard- Hide quoted text -
>
> >> >> > - Show quoted text -- Hide quoted
>
> ...
> >> >> > >> > > Can anyone please suggest where things may be going wrong?
>
> >> >> > >> > > Many thanks
> >> >> > >> > > Gerard- Hide quoted text -
>
> >> >> > - Show quoted text -- Hide quoted
>
>
> read more »- Hide quoted text -
Reply all
Reply to author
Forward
0 new messages