Sorry for the trouble, but could you include the message you're
getting in the body of that 401? Without the error message it's hard
to tell what the problem is or where the source of all of this "suck"
is. Thanks for the hostile tone though … it really got my morning going.
Thanks;
— Matt Sanford / @mzsanford
When you get an HTTP 401 there should be a body, Something like:
"Failed to validate oauth signature or token", or the more informative
"Invalid / expired token", or a host of other things. The "401
Unauthorized" is the HTTP status line itself and is the error we use
for all OAuth failures. If you're using a library to access Twitter
via OAuth perhaps it is not displaying the body message be default. If
that's the case I recommend adding some print statements, using a
debugging proxy (such as Charles), or watching via tcpdump (or
equivalent) so you can see the body.
Also helpful for debugging just about any error with the API is
the full request and response headers. Look at this from my
perspective … right now I have even less to go on than you. I don't
know your code, what request you made, and I cannot debug interactively.
Thanks;
— Matt Sanford
ProTip: When reporting bugs try to remember that no matter how
frustrated you are you're asking someone who is not sitting with you
and is not in the same frame of mind. This is like shouting at the
police when you called them. Therapeutic? yes. Helpful? probably not.
Good matrial for the show Cops? definitely.
You need to apply a lexicographical byte ordering to the OAuth
parameters--that is, sort them alphabetically.
I ran into this in the beginning, and scratched my head for a while
until I read the OAuth standard.
Cheers,
- --
Bojan Rajkovic <boj...@brandeis.edu>
Biochemistry '10, Brandeis University
PGP Signature Key ID: 0x8783D016
PGP Encryption Key ID: 0x2497B8B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBAgAGBQJKQ647AAoJEO4IwQyHg9AWnVkP/2H5dQWnGSYXGGQV0YW6oswQ
gBELIhWjHiq9lkQQbOrCUqV6hR4wycSa5hNfaW+YxQsVEuORTw1FAhiayJPRcVAH
I8cgewOSgXG5CSbXfutPmfQFHZNdN3zgJMaS0sAwoyEik+nb/JePlUEkn7f9CPzb
buqLAjadh0bLNdB/U2ld5FBgnAc1zQEJrGCePqfzYls3RTQm+dc6wtpzRnlKVDER
hfsVh0E9OUZOIjEmaHsc7KUjoiATSB/j0LXrF+3x3BR/ISYkoLW0cJPQEscJVrG+
JbtJ3Q4H1uJpDn5iF4ENhzjZa1/v45w/zliXk8MeDixLC4jtTUE54oKZsYFjhL/v
d1BMgmgTVCJq7Qj2jJNKjD/A2nriAErh/i/42850MsF9JCnff6d2kruXccdHM8Lv
ExttUH9k6c0U4SBVYjjv+Np4OOwWDJvwNx3mXW5mgfLsCtMKdSDD+mm4/M9MHDxR
sHo54jlWDXGYHrbAJLtCBp02UN3FTlieQ61QYniaUJcZOuzMoKkmVn4/uHMJT7SQ
u+DxUMYaFEpot72IOzgFmAmeToGw1GWyeBzeZnkPq5li5Y+EyUCVKH8dxSj4omM+
qUHwvhI93cS6+mmh3L1KGsfg6uXl88xi1oP3d+k1N65nX4troGWE00VPROTbAPzk
+UNJsrk9WkRuaif1le0b
=M/IL
-----END PGP SIGNATURE-----
--
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
The access token URL [1] should be accessed by your application
to exchange a request token for an access token, not from a browser.
You're seeing a login dialog because that is what browsers do with
HTTP 401 (Unauthorized). Your description has been a bit confusing,
is this the problem (excluding this browser thing):
1. Application gets a request token
2. Redirect the user to twitter.com/oauth/authorize … user clicks
through to accept
3. User returns to your site
4. Your site called twitter.com/oauth/access_token
5. BOOM: twitter.com/oauth/access_token returns 401
Is that the flow? If so, the body of the 401 would be most
helpful. If that is not the flow, please try and describe what you are
doing so I can try and reproduce the error and look for bugs on our
side.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
[1] - http://twitter.com/oauth/access_token
A nonce is expected to be unique for each request, that is really
it's only function. You should not need the login/password anywhere,
and if the library you're using requires that it's doing something
incorrectly. I'm not much of a VB programmer, but I just read through
your source and from the Form1 class it looks like you're writing a
desktop application, is that correct?
The other thing I noticed in Form1 is that you try to call
OAuth.AccessTokenGet without ever getting a request token. I think one
step you're missing here is OAuth.AuthorizationLinkGet, which gets a
request token and returns the URL the user's browser should be sent
to. Your code from Form1 does not appear to get the URL or send the
user there, unless the source on this site is incomplete or I'm mis-
reading it.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev