[twitter-dev] Streaming API OAuth explanation?
118 views
Skip to first unread message
Jonathon Hill
Apr 20, 2010, 1:05:39 PM4/20/10
to Twitter Development Talk
One thing I meant to find out @chirp last week--what will oauth look
like for the Streaming API? I'm having a hard time visualizing how
that will work.
Thanks,
Jonathon Hill
@compwright
Company52
http://company52.com
--
Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
like for the Streaming API? I'm having a hard time visualizing how
that will work.
Thanks,
Jonathon Hill
@compwright
Company52
http://company52.com
--
Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Taylor Singletary
Apr 20, 2010, 1:17:01 PM4/20/10
to twitter-deve...@googlegroups.com
Hi Jonathon,
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
For Streaming API access that isn't from the perspective of a user's account, you would use two-legged OAuth to establish authentication instead of basic auth.
A two-legged OAuth request is very similar to other OAuth requests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have an OAuth consumer key and OAuth consumer secret. Which is unlike three-legged OAuth where you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest.
But the rules remain the same. You take all the OAuth parameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix.
This is essentially what a two-legged request to the streaming API would look like:
Signature Base String
GET&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
Signature
Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
Authorization Header
OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743", oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ", oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0"
Developer Advocate, Twitter
http://twitter.com/episod
Dima Brodsky
Apr 20, 2010, 6:44:53 PM4/20/10
to twitter-deve...@googlegroups.com
Hi,
Question about oauth registration ... do I register the user ID I currently use at the same place as all other apps, i.e.http://dev.twitter.com/apps/new, or is there another endpoint for the streaming api?
Thanks!
ttyl
Dima
Question about oauth registration ... do I register the user ID I currently use at the same place as all other apps, i.e.http://dev.twitter.com/apps/new, or is there another endpoint for the streaming api?
Thanks!
ttyl
Dima
Taylor Singletary
Apr 20, 2010, 6:55:28 PM4/20/10
to twitter-deve...@googlegroups.com
In the current incarnation, you don't need a registered application to use the streaming API -- just a valid username and password to access the endpoints.
While we don't know what the OAuth-based authentication is going to look like in the future of authenticating with the streaming API, we do know that using a username and password won't be tenable for long.
Jonathon Hill
Apr 20, 2010, 11:02:37 PM4/20/10
to Twitter Development Talk
Thanks Taylor for the very detailed and helpful response!
Jonathon
On Apr 20, 1:17 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
Jonathon
On Apr 20, 1:17 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Jonathon,
>
> For Streaming API access that isn't from the perspective of a user's
> account, you would use two-legged OAuth to establish authentication instead
> of basic auth.
>
> A two-legged OAuth request is very similar to other OAuth requests: you have
> a specific resource you are trying to access, you have some parameters you
> want to pass to that resource, and you have an OAuth consumer key and OAuth
> consumer secret. Which is unlike three-legged OAuth where you also have
> oauth_tokens representing either a user/access_token or a request token in
> addition to the rest.
>
> But the rules remain the same. You take all the OAuth parameters and the
> parameters you are sending to the resource, organize them, build a signature
> base string, then sign that with your consumer secret and send the request
> on to Twitter properly signed. The only difference is that there is no
> oauth_token and oauth_token_secret getting involved in the mix.
>
> This is essentially what a two-legged request to the streaming API would
> look like:
>
> Signature Base String
> GET&http%3A%2F%2Fstream.twitter.com
> %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
>
> For Streaming API access that isn't from the perspective of a user's
> account, you would use two-legged OAuth to establish authentication instead
> of basic auth.
>
> A two-legged OAuth request is very similar to other OAuth requests: you have
> a specific resource you are trying to access, you have some parameters you
> want to pass to that resource, and you have an OAuth consumer key and OAuth
> consumer secret. Which is unlike three-legged OAuth where you also have
> oauth_tokens representing either a user/access_token or a request token in
> addition to the rest.
>
> But the rules remain the same. You take all the OAuth parameters and the
> parameters you are sending to the resource, organize them, build a signature
> base string, then sign that with your consumer secret and send the request
> on to Twitter properly signed. The only difference is that there is no
> oauth_token and oauth_token_secret getting involved in the mix.
>
> This is essentially what a two-legged request to the streaming API would
> look like:
>
> Signature Base String
> GET&http%3A%2F%2Fstream.twitter.com
>
> Signature
> Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
>
> Authorization Header
> OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743",
> oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ",
> oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0"
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
> Signature
> Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
>
> Authorization Header
> OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743",
> oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ",
> oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0"
>
> Taylor Singletary
Lucas Vickers
May 13, 2010, 1:53:55 PM5/13/10
to Twitter Development Talk
I am writing my own c++ based OAuth library. I know there is liboauth
but I like to do things myself to learn.
Anyhow I am trying to access http://stream.twitter.com/1/statuses/sample.xml
and I keep getting 401.
I have verified pretty much every parameter, and used the tool on
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
to verify my signature is correct. I used twurl to obtain the user
access tokens to my account.
After doing some reading I'm no longer convinced that the streaming
server even supports oauth.
can you fill me in on the current status of stream.twitter.com and
oauth?
thanks!
Lucas
On Apr 20, 11:02 pm, Jonathon Hill <jhill9...@gmail.com> wrote:
> Thanks Taylor for the very detailed and helpful response!
>
> Jonathon
>
> On Apr 20, 1:17 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>
> > Hi Jonathon,
>
> > ForStreamingAPI access that isn't from the perspective of a user's
> > account, you would use two-leggedOAuthto establish authentication instead
> > of basic auth.
>
> > A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have
but I like to do things myself to learn.
Anyhow I am trying to access http://stream.twitter.com/1/statuses/sample.xml
and I keep getting 401.
I have verified pretty much every parameter, and used the tool on
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
to verify my signature is correct. I used twurl to obtain the user
access tokens to my account.
After doing some reading I'm no longer convinced that the streaming
server even supports oauth.
can you fill me in on the current status of stream.twitter.com and
oauth?
thanks!
Lucas
On Apr 20, 11:02 pm, Jonathon Hill <jhill9...@gmail.com> wrote:
> Thanks Taylor for the very detailed and helpful response!
>
> Jonathon
>
> On Apr 20, 1:17 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>
> > Hi Jonathon,
>
> > account, you would use two-leggedOAuthto establish authentication instead
> > of basic auth.
>
> > A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have
> > a specific resource you are trying to access, you have some parameters you
> > want to pass to that resource, and you have anOAuthconsumer key andOAuth
> > consumer secret. Which is unlike three-leggedOAuthwhere you also have
> > want to pass to that resource, and you have anOAuthconsumer key andOAuth
> > oauth_tokens representing either a user/access_token or a request token in
> > addition to the rest.
>
> > But the rules remain the same. You take all theOAuthparameters and the
> > addition to the rest.
>
> > parameters you are sending to the resource, organize them, build a signature
> > base string, then sign that with your consumer secret and send the request
> > on to Twitter properly signed. The only difference is that there is no
> > oauth_token and oauth_token_secret getting involved in the mix.
>
> > This is essentially what a two-legged request to thestreamingAPI would
> > base string, then sign that with your consumer secret and send the request
> > on to Twitter properly signed. The only difference is that there is no
> > oauth_token and oauth_token_secret getting involved in the mix.
>
> > look like:
>
> > Signature Base String
> > GET&http%3A%2F%2Fstream.twitter.com
> > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
>
> > Signature
> > Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
>
> > Authorization Header
> >OAuthoauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8",
>
> > Signature Base String
> > GET&http%3A%2F%2Fstream.twitter.com
> > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
>
> > Signature
> > Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
>
> > Authorization Header
> > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743",
> > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ",
> > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0"
>
> > Taylor Singletary
> > Developer Advocate, Twitterhttp://twitter.com/episod
>
> > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill <jhill9...@gmail.com> wrote:
> > > One thing I meant to find out @chirp last week--what willoauthlook
> > > like for theStreamingAPI? I'm having a hard time visualizing how
> > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ",
> > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0"
>
> > Taylor Singletary
> > Developer Advocate, Twitterhttp://twitter.com/episod
>
> > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill <jhill9...@gmail.com> wrote:
> > > One thing I meant to find out @chirp last week--what willoauthlook
John Kalucki
May 13, 2010, 2:11:55 PM5/13/10
to twitter-deve...@googlegroups.com
Lucas Vickers
May 13, 2010, 3:14:22 PM5/13/10
to twitter-deve...@googlegroups.com
Excellent, it works!
thanks
thanks
Aaron Rankin
May 24, 2010, 3:30:52 PM5/24/10
to Twitter Development Talk
Hi,
Is there an ETA for enabling oauth on stream.twitter.com?
Thanks,
Aaron
On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote:
> OAuthis not enabled on stream.twitter.com. You can try on
> chirpstream.twitter.com.
>
> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers <lucasvick...@gmail.com> wrote:
> > I am writing my own c++ basedOAuthlibrary. I know there is liboauth
Is there an ETA for enabling oauth on stream.twitter.com?
Thanks,
Aaron
On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote:
> OAuthis not enabled on stream.twitter.com. You can try on
> chirpstream.twitter.com.
>
> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers <lucasvick...@gmail.com> wrote:
> > I am writing my own c++ basedOAuthlibrary. I know there is liboauth
> > but I like to do things myself to learn.
>
> > Anyhow I am trying to accesshttp://stream.twitter.com/1/statuses/sample.xml
>
> > and I keep getting 401.
>
> > I have verified pretty much every parameter, and used the tool on
> >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
>
> > I have verified pretty much every parameter, and used the tool on
Mark McBride
May 24, 2010, 4:50:31 PM5/24/10
to twitter-deve...@googlegroups.com
OAuth is now enabled on stream.twitter.com. I'll also send a note out
to the announce list
---Mark
http://twitter.com/mccv
to the announce list
---Mark
http://twitter.com/mccv
140dev
May 24, 2010, 4:57:15 PM5/24/10
to twitter-deve...@googlegroups.com
Does this mean that the streaming API will also make the switch from
basic authentication to OAuth at the end of June?
basic authentication to OAuth at the end of June?
John Kalucki
May 24, 2010, 5:51:35 PM5/24/10
to twitter-deve...@googlegroups.com
We haven't announced our plans for streaming and oAuth, beyond stating that User Streams will only be on oAuth.
Jonathon Hill
May 24, 2010, 10:23:38 PM5/24/10
to Twitter Development Talk
Hey we need documentation!
Jonathon
> >> >> > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
Jonathon
Zac Bowling
May 24, 2010, 10:50:46 PM5/24/10
to twitter-deve...@googlegroups.com
The format is fairly simple and almost self explanatory.
Check out this for a working sample:
http://github.com/zbowling/earlybird
Zac Bowling
Check out this for a working sample:
http://github.com/zbowling/earlybird
Zac Bowling
Wil
Jun 22, 2010, 1:00:09 PM6/22/10
to Twitter Development Talk
I'm a bit dumbfounded here...
I've been trying to login to stream.twitter.com using OAuth
(particularly, I've been trying to access
http://stream.twitter.com/1/statuses/filter.json?follow=####). I used
the access keys obtained from https://api.twitter.com/oauth/access_token
however, I've been getting 401 errors. I've tried basic authentication
and it works fine.
Does that mean that stream:statuses/filter is still can only accept
basic authentication?
Regards,
Wil
On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote:
> We haven't announced our plans for streaming and oAuth, beyond stating that
> User Streams will only be on oAuth.
>
>
>
> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote:
> > Does this mean that the streaming API will also make the switch from
> > basic authentication to OAuth at the end of June?
>
> > On Mon, May 24, 2010 at 4:50 PM, Mark McBride <mmcbr...@twitter.com>
> > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%2 6oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signatu re_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
I've been trying to login to stream.twitter.com using OAuth
(particularly, I've been trying to access
http://stream.twitter.com/1/statuses/filter.json?follow=####). I used
the access keys obtained from https://api.twitter.com/oauth/access_token
however, I've been getting 401 errors. I've tried basic authentication
and it works fine.
Does that mean that stream:statuses/filter is still can only accept
basic authentication?
Regards,
Wil
On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote:
> We haven't announced our plans for streaming and oAuth, beyond stating that
> User Streams will only be on oAuth.
>
>
>
> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote:
> > Does this mean that the streaming API will also make the switch from
> > basic authentication to OAuth at the end of June?
>
> > wrote:
> > > OAuth is now enabled on stream.twitter.com. I'll also send a note out
> > > to the announce list
>
> > > ---Mark
>
> > >http://twitter.com/mccv
>
> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin <aran...@gmail.com>
> > > OAuth is now enabled on stream.twitter.com. I'll also send a note out
> > > to the announce list
>
> > > ---Mark
>
> > >http://twitter.com/mccv
>
John Kalucki
Jun 22, 2010, 1:33:59 PM6/22/10
to twitter-deve...@googlegroups.com
OAuth should work fine on stream.twitter.com
-John Kalucki
http://twitter.com/jkalucki
Infrastructure, Twitter Inc.
Wil
Jun 24, 2010, 10:58:08 AM6/24/10
to Twitter Development Talk
I'm getting this response:
HTTP/1.1 401 Unauthorized
Content-Length: 1296
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html; charset=iso-8859-1
Server: Jetty(6.1.17)
WWW-Authenticate: Basic realm="Firehose"
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1"/>
<title>Error 401 UNAUTHORIZED</title>
</head>
<body>
<h2>HTTP ERROR: 401</h2>
<p>Problem accessing /1/statuses/filter.json. Reason:
<pre> UNAUTHORIZED</pre></p>
<hr /><i><small>Powered by Jetty://</small></i>
Here's what I POSTed(oauth tokens are filtered out):
REQUEST: POST http://stream.twitter.com/1/statuses/filter.json
Authorization: OAuth
oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth_timestamp="#####",oauth_signature_method="HMAC-
SHA1",oauth_signature="########",oauth_version="1.0",
Content-Type: application/x-www-form-urlencoded
Vary: Accept-Encoding
Connection: close
source=softwarename&delimited=1&follow=156934710
On Jun 23, 1:33 am, John Kalucki <j...@twitter.com> wrote:
> OAuthshould work fine onstream.twitter.com
>
> -John Kaluckihttp://twitter.com/jkalucki
> >> > >OAuthis now enabled onstream.twitter.com. I'll also send a note out
HTTP/1.1 401 Unauthorized
Content-Length: 1296
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html; charset=iso-8859-1
Server: Jetty(6.1.17)
WWW-Authenticate: Basic realm="Firehose"
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1"/>
<title>Error 401 UNAUTHORIZED</title>
</head>
<body>
<h2>HTTP ERROR: 401</h2>
<p>Problem accessing /1/statuses/filter.json. Reason:
<pre> UNAUTHORIZED</pre></p>
<hr /><i><small>Powered by Jetty://</small></i>
Here's what I POSTed(oauth tokens are filtered out):
REQUEST: POST http://stream.twitter.com/1/statuses/filter.json
Authorization: OAuth
oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth_timestamp="#####",oauth_signature_method="HMAC-
SHA1",oauth_signature="########",oauth_version="1.0",
Content-Type: application/x-www-form-urlencoded
Vary: Accept-Encoding
Connection: close
source=softwarename&delimited=1&follow=156934710
On Jun 23, 1:33 am, John Kalucki <j...@twitter.com> wrote:
> OAuthshould work fine onstream.twitter.com
>
> -John Kaluckihttp://twitter.com/jkalucki
> Infrastructure, Twitter Inc.
>
>
>
> On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> wrote:
> > I'm a bit dumbfounded here...
>
> > I've been trying to login tostream.twitter.com usingOAuth
> > (particularly, I've been trying to access
> >http://stream.twitter.com/1/statuses/filter.json?follow=####). I used
> > the access keys obtained fromhttps://api.twitter.com/oauth/access_token
>
>
>
> On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> wrote:
> > I'm a bit dumbfounded here...
>
> > I've been trying to login tostream.twitter.com usingOAuth
> > (particularly, I've been trying to access
> >http://stream.twitter.com/1/statuses/filter.json?follow=####). I used
> > however, I've been getting 401 errors. I've tried basic authentication
> > and it works fine.
>
> > Does that mean thatstream:statuses/filter is still can only accept
> > and it works fine.
>
> > basic authentication?
>
> > Regards,
> > Wil
>
> > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote:
> >> We haven't announced our plans for streaming andoAuth, beyond stating that
>
> > Regards,
> > Wil
>
> > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote:
> >> User Streams will only be onoAuth.
>
> >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote:
> >> > Does this mean that the streaming API will also make the switch from
> >> > basic authentication toOAuthat the end of June?
>
> >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote:
> >> > Does this mean that the streaming API will also make the switch from
> >> > >OAuthis now enabled onstream.twitter.com. I'll also send a note out
> >> > > to the announce list
>
> >> > > ---Mark
>
> >> > >http://twitter.com/mccv
>
> >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin <aran...@gmail.com>
> >> > wrote:
> >> > >> Hi,
>
> >> > >> Is there an ETA for enablingoauthonstream.twitter.com?
>
> >> > >> Thanks,
> >> > >> Aaron
>
> >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote:
> >> > >>> OAuthis not enabled onstream.twitter.com. You can try on
>
> >> > > ---Mark
>
> >> > >http://twitter.com/mccv
>
> >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin <aran...@gmail.com>
> >> > wrote:
> >> > >> Hi,
>
> >> > >> Is there an ETA for enablingoauthonstream.twitter.com?
>
> >> > >> Thanks,
> >> > >> Aaron
>
> >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote:
> >> > >>> chirpstream.twitter.com.
>
> >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers <
> >> > lucasvick...@gmail.com> wrote:
> >> > >>> > I am writing my own c++ basedOAuthlibrary. I know there is liboauth
> >> > >>> > but I like to do things myself to learn.
>
> >> > >>> > Anyhow I am trying to accesshttp://
> >> >stream.twitter.com/1/statuses/sample.xml
> >> > >>> > and I keep getting 401.
>
> >> > >>> > I have verified pretty much every parameter, and used the tool on
>
> >> >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> >> > >>> > to verify my signature is correct. I used twurl to obtain the user
> >> > >>> > access tokens to my account.
>
> >> > >>> > After doing some reading I'm no longer convinced that thestreaming
> >> > >>> > server even supportsoauth.
>
> >> > >>> > can you fill me in on the current status ofstream.twitter.com and
>
> >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers <
> >> > lucasvick...@gmail.com> wrote:
> >> > >>> > I am writing my own c++ basedOAuthlibrary. I know there is liboauth
> >> > >>> > but I like to do things myself to learn.
>
> >> > >>> > Anyhow I am trying to accesshttp://
> >> >stream.twitter.com/1/statuses/sample.xml
> >> > >>> > and I keep getting 401.
>
> >> > >>> > I have verified pretty much every parameter, and used the tool on
>
> >> >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> >> > >>> > to verify my signature is correct. I used twurl to obtain the user
> >> > >>> > access tokens to my account.
>
> >> > >>> > After doing some reading I'm no longer convinced that thestreaming
> >> > >>> > server even supportsoauth.
>
John Kalucki
Jun 24, 2010, 11:17:11 AM6/24/10
to twitter-deve...@googlegroups.com
Aside from the oAuth issue, which others can address, the only valid delimited value is length.
-John
Taylor Singletary
Jun 24, 2010, 11:59:16 AM6/24/10
to twitter-deve...@googlegroups.com
Hi Wil,
Thanks,
I can help you with the OAuth component of this. Can you share your signature base string for the request?
Here's an example of a few of the steps of a functioning OAuth request against this endpoint:
POST body
source=softwarename&delimited=1&follow=156934710
Signature Base String
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DVBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1277394877%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0%26source%3Dsoftwarename
Authorization Header
OAuth oauth_nonce="VBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277394877", oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ", oauth_token="819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw", oauth_signature="cLdFEiEy16d2HdWnb5dPBtuxvko%3D", oauth_version="1.0"
How do your values for signature base string differ, if at all? (other than the tokens, timestamp, and nonce being different).
Taylor
Wil
Jun 25, 2010, 1:00:41 PM6/25/10
to Twitter Development Talk
Hi,
Sorry it took me a while since I'm using TweetSharp and am stepping
through the (unfamiliar) code.
The moment you said about the signature, I'm suspecting that the
problem is somewhere with that. However, I got this:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_consumer_key
%3D########%26oauth_nonce%3Dtljnew4g283c50gv%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1277483909%26oauth_token%3D34216267-
QihEsUq7jxULnJzMbn1EC1AliHVkktPXjqgYHw8Zt%26oauth_version
%3D1.0%26source%3Dsoftwarename
"oauth_consumer_key":"##########"
"oauth_token":"34216267-QihEsUq7jxULnJzMbn1EC1AliHVkktPXjqgYHw8Zt"
"oauth_nonce":"tljnew4g283c50gv"
"oauth_timestamp":"1277483909"
"oauth_signature_method":"HMAC-SHA1"
"oauth_signature":"ljXbh0wozsHBV6PRowsuZQUHXQs%3D"
"oauth_version":"1.0"
"source":"softwarename"
"delimited":"1"
"follow":"156934710"
which looks almost like yours.
Thanks,
Wil
On Jun 24, 11:59 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> >> Authorization: OAuth
>
> >> oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth _timestamp="#####",oauth_signature_method="HMAC-
Sorry it took me a while since I'm using TweetSharp and am stepping
through the (unfamiliar) code.
The moment you said about the signature, I'm suspecting that the
problem is somewhere with that. However, I got this:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_consumer_key
%3D########%26oauth_nonce%3Dtljnew4g283c50gv%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1277483909%26oauth_token%3D34216267-
QihEsUq7jxULnJzMbn1EC1AliHVkktPXjqgYHw8Zt%26oauth_version
%3D1.0%26source%3Dsoftwarename
"oauth_consumer_key":"##########"
"oauth_token":"34216267-QihEsUq7jxULnJzMbn1EC1AliHVkktPXjqgYHw8Zt"
"oauth_nonce":"tljnew4g283c50gv"
"oauth_timestamp":"1277483909"
"oauth_signature_method":"HMAC-SHA1"
"oauth_signature":"ljXbh0wozsHBV6PRowsuZQUHXQs%3D"
"oauth_version":"1.0"
"source":"softwarename"
"delimited":"1"
"follow":"156934710"
which looks almost like yours.
Thanks,
Wil
On Jun 24, 11:59 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Wil,
>
> I can help you with the OAuth component of this. Can you share your
> signature base string for the request?
>
> Here's an example of a few of the steps of a functioning OAuth request
> against this endpoint:
>
> POST body
> source=softwarename&delimited=1&follow=156934710
>
> Signature Base String
> POST&http%3A%2F%2Fstream.twitter.com
> %2F1%2Fstatuses%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_co nsumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DVBOxfmeKM2mgMeou28zK78M Klfrkvc7Wo4Hx8BAkf0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp% 3D1277394877%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTm lw%26oauth_version%3D1.0%26source%3Dsoftwarename
>
> Authorization Header
> OAuth oauth_nonce="VBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277394877",
> oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ",
> oauth_token="819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw",
> oauth_signature="cLdFEiEy16d2HdWnb5dPBtuxvko%3D", oauth_version="1.0"
>
> How do your values for signature base string differ, if at all? (other than
> the tokens, timestamp, and nonce being different).
>
> Thanks,
> Taylor
>
>
>
> On Thu, Jun 24, 2010 at 8:17 AM, John Kalucki <j...@twitter.com> wrote:
> > Aside from the oAuth issue, which others can address, the only valid
> > delimited value is length.
>
> > -John
>
>
> I can help you with the OAuth component of this. Can you share your
> signature base string for the request?
>
> Here's an example of a few of the steps of a functioning OAuth request
> against this endpoint:
>
> POST body
> source=softwarename&delimited=1&follow=156934710
>
> Signature Base String
> POST&http%3A%2F%2Fstream.twitter.com
> %2F1%2Fstatuses%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_co nsumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DVBOxfmeKM2mgMeou28zK78M Klfrkvc7Wo4Hx8BAkf0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp% 3D1277394877%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTm lw%26oauth_version%3D1.0%26source%3Dsoftwarename
>
> Authorization Header
> OAuth oauth_nonce="VBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277394877",
> oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ",
> oauth_token="819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw",
> oauth_signature="cLdFEiEy16d2HdWnb5dPBtuxvko%3D", oauth_version="1.0"
>
> How do your values for signature base string differ, if at all? (other than
> the tokens, timestamp, and nonce being different).
>
> Thanks,
> Taylor
>
>
>
> On Thu, Jun 24, 2010 at 8:17 AM, John Kalucki <j...@twitter.com> wrote:
> > Aside from the oAuth issue, which others can address, the only valid
> > delimited value is length.
>
> > -John
>
> > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote:
>
> >> I'm getting this response:
>
> >> HTTP/1.1 401 Unauthorized
> >> Content-Length: 1296
> >> Cache-Control: must-revalidate,no-cache,no-store
> >> Content-Type: text/html; charset=iso-8859-1
> >> Server: Jetty(6.1.17)
> >> WWW-Authenticate: Basic realm="Firehose"
>
> >> <html>
> >> <head>
> >> <meta http-equiv="Content-Type" content="text/html;
> >> charset=ISO-8859-1"/>
> >> <title>Error 401 UNAUTHORIZED</title>
> >> </head>
> >> <body>
> >> <h2>HTTP ERROR: 401</h2>
> >> <p>Problem accessing /1/statuses/filter.json. Reason:
> >> <pre> UNAUTHORIZED</pre></p>
> >> <hr /><i><small>Powered by Jetty://</small></i>
>
> >> Here's what I POSTed(oauth tokens are filtered out):
>
> >> REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json
>
> >> I'm getting this response:
>
> >> HTTP/1.1 401 Unauthorized
> >> Content-Length: 1296
> >> Cache-Control: must-revalidate,no-cache,no-store
> >> Content-Type: text/html; charset=iso-8859-1
> >> Server: Jetty(6.1.17)
> >> WWW-Authenticate: Basic realm="Firehose"
>
> >> <html>
> >> <head>
> >> <meta http-equiv="Content-Type" content="text/html;
> >> charset=ISO-8859-1"/>
> >> <title>Error 401 UNAUTHORIZED</title>
> >> </head>
> >> <body>
> >> <h2>HTTP ERROR: 401</h2>
> >> <p>Problem accessing /1/statuses/filter.json. Reason:
> >> <pre> UNAUTHORIZED</pre></p>
> >> <hr /><i><small>Powered by Jetty://</small></i>
>
> >> Here's what I POSTed(oauth tokens are filtered out):
>
> >> Authorization: OAuth
>
> >> oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth _timestamp="#####",oauth_signature_method="HMAC-
Wil
Jun 25, 2010, 1:10:29 PM6/25/10
to Twitter Development Talk
Hi John,
Uhh, care to elaborate? I don't quite get what you meant...
Thanks,
Wil
On Jun 24, 11:17 pm, John Kalucki <j...@twitter.com> wrote:
> Aside from the oAuth issue, which others can address, the only valid
> delimited value is length.
>
> -John
>
>
>
> On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote:
> > I'm getting this response:
>
> > HTTP/1.1 401 Unauthorized
> > Content-Length: 1296
> > Cache-Control: must-revalidate,no-cache,no-store
> > Content-Type: text/html; charset=iso-8859-1
> > Server: Jetty(6.1.17)
> > WWW-Authenticate: Basic realm="Firehose"
>
> > <html>
> > <head>
> > <meta http-equiv="Content-Type" content="text/html;
> > charset=ISO-8859-1"/>
> > <title>Error 401 UNAUTHORIZED</title>
> > </head>
> > <body>
> > <h2>HTTP ERROR: 401</h2>
> > <p>Problem accessing /1/statuses/filter.json. Reason:
> > <pre> UNAUTHORIZED</pre></p>
> > <hr /><i><small>Powered by Jetty://</small></i>
>
> > Here's what I POSTed(oauth tokens are filtered out):
>
> > REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json
> > Authorization: OAuth
>
> > oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth _timestamp="#####",oauth_signature_method="HMAC-
Uhh, care to elaborate? I don't quite get what you meant...
Thanks,
Wil
On Jun 24, 11:17 pm, John Kalucki <j...@twitter.com> wrote:
> Aside from the oAuth issue, which others can address, the only valid
> delimited value is length.
>
> -John
>
>
>
> On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote:
> > I'm getting this response:
>
> > HTTP/1.1 401 Unauthorized
> > Content-Length: 1296
> > Cache-Control: must-revalidate,no-cache,no-store
> > Content-Type: text/html; charset=iso-8859-1
> > Server: Jetty(6.1.17)
> > WWW-Authenticate: Basic realm="Firehose"
>
> > <html>
> > <head>
> > <meta http-equiv="Content-Type" content="text/html;
> > charset=ISO-8859-1"/>
> > <title>Error 401 UNAUTHORIZED</title>
> > </head>
> > <body>
> > <h2>HTTP ERROR: 401</h2>
> > <p>Problem accessing /1/statuses/filter.json. Reason:
> > <pre> UNAUTHORIZED</pre></p>
> > <hr /><i><small>Powered by Jetty://</small></i>
>
> > Here's what I POSTed(oauth tokens are filtered out):
>
> > Authorization: OAuth
>
> > oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth _timestamp="#####",oauth_signature_method="HMAC-
John Kalucki
Jun 25, 2010, 5:36:18 PM6/25/10
to twitter-deve...@googlegroups.com
You have delimited=1, not delimited=length.
-John
Taylor Singletary
Jun 25, 2010, 5:50:39 PM6/25/10
to twitter-deve...@googlegroups.com
Wil,
Does your OAuth code work against other aspects of the Twitter API? Can you verify if your system's clock is within 5 minutes or so of the times returned by our system? (You can see the current server time in an HTTP header of any of our responses).
Are you sure that your code is actually POSTing the POST body along with the request?
Seems like you are really close.
On Fri, Jun 25, 2010 at 10:10 AM, Wil <will...@gmail.com> wrote:
Wil
Jun 26, 2010, 5:04:49 AM6/26/10
to Twitter Development Talk
Hi,
@John: I removed the delimited=1 parameter and it still gave me 401's.
@Taylor: I checked my system clock and does not differ from the server
time by more than 5 minutes.
The code works with the following which I've used:
1) OAuth authentication methods
2) statuses/user_timeline
3) 1/favorites/create
(3) is a bit wierd since TweetSharp sends favorite requests in this
form:
http://api.twitter.com/1/favorites/create/######.json
and the POST body contains this:
source=Wildfire%20by%20Implication
Yet it still works. I haven't tried other things in TweetSharp that
does POST though.
I thought that it was probably the read/write permissions that's
causing the problem because I initially set the App as read-only (I
changed it to write-access when I implemented the favorite). I then
recreated the client information with read&write access. So I guess
permissions weren't the problem.
I did some packet sniffing to be extra sure that it's sending the data
as POST... and I got this: (using Microsoft NetMon 3.3)
- Http: Request, POST /1/statuses/filter.json , Using OAuth
Authorization
Command: POST
+ URI: /1/statuses/filter.json
ProtocolVersion: HTTP/1.1
- Authorization: OAuth
- Authorization: OAuth
oauth_consumer_key="######",oauth_token="34216267-
BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC-
SHA1",oauth_signature="PeKBoS3uYgL9p7oJ%2
WhiteSpace:
AuthorizationData: OAuth
oauth_consumer_key="#######",oauth_token="34216267-
BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC-
SHA1",oauth_signature="PeKBoS3uYgL9p7o
+ ContentType: application/x-www-form-urlencoded
Host: stream.twitter.com
ContentLength: 51
Connection: Keep-Alive
HeaderEnd: CRLF
The next frame was the HTTP payload
- Http: HTTP Payload, URL: /1/statuses/filter.json
- payload: HttpContentType = application/x-www-form-urlencoded
source: softwarename
follow: ###########
On Jun 26, 5:50 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
@John: I removed the delimited=1 parameter and it still gave me 401's.
@Taylor: I checked my system clock and does not differ from the server
time by more than 5 minutes.
The code works with the following which I've used:
1) OAuth authentication methods
2) statuses/user_timeline
3) 1/favorites/create
(3) is a bit wierd since TweetSharp sends favorite requests in this
form:
http://api.twitter.com/1/favorites/create/######.json
and the POST body contains this:
source=Wildfire%20by%20Implication
Yet it still works. I haven't tried other things in TweetSharp that
does POST though.
I thought that it was probably the read/write permissions that's
causing the problem because I initially set the App as read-only (I
changed it to write-access when I implemented the favorite). I then
recreated the client information with read&write access. So I guess
permissions weren't the problem.
I did some packet sniffing to be extra sure that it's sending the data
as POST... and I got this: (using Microsoft NetMon 3.3)
- Http: Request, POST /1/statuses/filter.json , Using OAuth
Authorization
Command: POST
+ URI: /1/statuses/filter.json
ProtocolVersion: HTTP/1.1
- Authorization: OAuth
- Authorization: OAuth
oauth_consumer_key="######",oauth_token="34216267-
BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC-
SHA1",oauth_signature="PeKBoS3uYgL9p7oJ%2
WhiteSpace:
AuthorizationData: OAuth
oauth_consumer_key="#######",oauth_token="34216267-
BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC-
SHA1",oauth_signature="PeKBoS3uYgL9p7o
+ ContentType: application/x-www-form-urlencoded
Host: stream.twitter.com
ContentLength: 51
Connection: Keep-Alive
HeaderEnd: CRLF
The next frame was the HTTP payload
- Http: HTTP Payload, URL: /1/statuses/filter.json
- payload: HttpContentType = application/x-www-form-urlencoded
source: softwarename
follow: ###########
On Jun 26, 5:50 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
Wil
Jun 26, 2010, 5:32:35 AM6/26/10
to Twitter Development Talk
Just a short follow-up:
I tried the streaming API again with OAuth and statuses/sample
(instead of statuses/filter) and it works...
however the statuses/filter still doesn't work (I get 401) even if I
access the stream using the same account.
Thanks,
Wil
I tried the streaming API again with OAuth and statuses/sample
(instead of statuses/filter) and it works...
however the statuses/filter still doesn't work (I get 401) even if I
access the stream using the same account.
Thanks,
Wil
John Kalucki
Jun 26, 2010, 3:08:55 PM6/26/10
to twitter-deve...@googlegroups.com
An invalid delimited parameter is ignored, and won't cause a 401.
Taylor Singletary
Jun 28, 2010, 10:23:11 AM6/28/10
to twitter-deve...@googlegroups.com
Wil: Can you retrieve the signature base string (again, from your current work) from your library when attempting the call that returns 401? There must be something minor going amiss there with this parameter for some reason.
Thanks,
Taylor
Wil
Jun 28, 2010, 10:35:05 AM6/28/10
to Twitter Development Talk
Hi Taylor,
Ok. Here's the entire thing:
Generated base string:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce
%3Dmvzi5szav5dciif4%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1277735188%26oauth_token%3D156934710-
J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source
%3DWildfire%2520by%2520Implication
calculated signature: %2FgqbnKcwmnpFMGnqNUK3kr6waI0%3D
Sniffed authorization header:
oauth_consumer_key="rHYIlqotmSfiGc6OfFtw"
oauth_token="156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E"
oauth_nonce="6qzbdouhrz40dqs4"
oauth_timestamp="1277735291"
oauth_signature_method="HMAC-SHA1"
oauth_signature="2yRkYN7j8YpS0%2FgrFSNKnoCrk7Y%3D"
oauth_version="1.0"
You're right, something seems to be wrong with the signature. I'll
continue to investigate this....
Regards,
Wil
On Jun 28, 10:23 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> >> BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",o auth_timestamp="1277542341",oauth_signature_method="HMAC-
> >> > > > > > >> > token in...
>
> read more »
Ok. Here's the entire thing:
Generated base string:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce
%3Dmvzi5szav5dciif4%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1277735188%26oauth_token%3D156934710-
J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source
%3DWildfire%2520by%2520Implication
calculated signature: %2FgqbnKcwmnpFMGnqNUK3kr6waI0%3D
Sniffed authorization header:
oauth_consumer_key="rHYIlqotmSfiGc6OfFtw"
oauth_token="156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E"
oauth_nonce="6qzbdouhrz40dqs4"
oauth_timestamp="1277735291"
oauth_signature_method="HMAC-SHA1"
oauth_signature="2yRkYN7j8YpS0%2FgrFSNKnoCrk7Y%3D"
oauth_version="1.0"
You're right, something seems to be wrong with the signature. I'll
continue to investigate this....
Regards,
Wil
On Jun 28, 10:23 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Wil: Can you retrieve the signature base string (again, from your current
> work) from your library when attempting the call that returns 401? There
> must be something minor going amiss there with this parameter for some
> reason.
>
> Thanks,
> Taylor
>
>
>
> On Sat, Jun 26, 2010 at 12:08 PM, John Kalucki <j...@twitter.com> wrote:
> > An invalid delimited parameter is ignored, and won't cause a 401.
>
> work) from your library when attempting the call that returns 401? There
> must be something minor going amiss there with this parameter for some
> reason.
>
> Thanks,
> Taylor
>
>
>
> On Sat, Jun 26, 2010 at 12:08 PM, John Kalucki <j...@twitter.com> wrote:
> > An invalid delimited parameter is ignored, and won't cause a 401.
>
> >> SHA1",oauth_signature="PeKBoS3uYgL9p7oJ%2
> >> WhiteSpace:
> >> AuthorizationData: OAuth
> >> oauth_consumer_key="#######",oauth_token="34216267-
>
> >> BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",o auth_timestamp="1277542341",oauth_signature_method="HMAC-
> >> WhiteSpace:
> >> AuthorizationData: OAuth
> >> oauth_consumer_key="#######",oauth_token="34216267-
>
>
> read more »
Wil
Jun 28, 2010, 10:54:45 AM6/28/10
to Twitter Development Talk
Ah wait, I ran a couple more tests just to be sure and the signatures
match the sent sniffed one.... guess I missed something previously...
Base:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce%3Deodjuo8ystdcyl3f
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1277736634%26oauth_token%3D156934710-
J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source
%3DWildfire%2520by%2520Implication
Signature:
nt%2F5itdHGoVr8gRloaBOakSmUbM%3D
Sent:
oauth_consumer_key="rHYIlqotmSfiGc6OfFtw"
oauth_token="156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E"
oauth_nonce="eodjuo8ystdcyl3f"
oauth_timestamp="1277736634"
oauth_signature_method="HMAC-SHA1"
oauth_signature="nt%2F5itdHGoVr8gRloaBOakSmUbM%3D"
oauth_version="1.0"
> > >> 1)OAuthauthentication methods
> > >> > Does yourOAuthcode work against other aspects of the Twitter API? Can
> > >> > > > > > >> > >>> > can you fill me in on the current status...
>
> read more »
match the sent sniffed one.... guess I missed something previously...
Base:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce%3Deodjuo8ystdcyl3f
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1277736634%26oauth_token%3D156934710-
J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source
%3DWildfire%2520by%2520Implication
Signature:
nt%2F5itdHGoVr8gRloaBOakSmUbM%3D
Sent:
oauth_consumer_key="rHYIlqotmSfiGc6OfFtw"
oauth_token="156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E"
oauth_nonce="eodjuo8ystdcyl3f"
oauth_timestamp="1277736634"
oauth_signature_method="HMAC-SHA1"
oauth_signature="nt%2F5itdHGoVr8gRloaBOakSmUbM%3D"
oauth_version="1.0"
> > >> you
> > >> > verify if your system's clock is within 5 minutes or so of the times
> > >> > returned by our system? (You can see the current server time in an HTTP
> > >> > header of any of our responses).
>
> > >> > Are you sure that your code is actually POSTing the POST body along with
> > >> the
> > >> > request?
>
> > >> > Seems like you are really close.
>
> > >> > On Fri, Jun 25, 2010 at 10:10 AM, Wil <willi...@gmail.com> wrote:
> > >> > > Hi John,
>
> > >> > > Uhh, care to elaborate? I don't quite get what you meant...
>
> > >> > > Thanks,
> > >> > > Wil
>
> > >> > > On Jun 24, 11:17 pm, John Kalucki <j...@twitter.com> wrote:
> > >> > > > Aside from theoAuthissue, which others can address, the only valid
> > >> > verify if your system's clock is within 5 minutes or so of the times
> > >> > returned by our system? (You can see the current server time in an HTTP
> > >> > header of any of our responses).
>
> > >> > Are you sure that your code is actually POSTing the POST body along with
> > >> the
> > >> > request?
>
> > >> > Seems like you are really close.
>
> > >> > On Fri, Jun 25, 2010 at 10:10 AM, Wil <willi...@gmail.com> wrote:
> > >> > > Hi John,
>
> > >> > > Uhh, care to elaborate? I don't quite get what you meant...
>
> > >> > > Thanks,
> > >> > > Wil
>
> > >> > > On Jun 24, 11:17 pm, John Kalucki <j...@twitter.com> wrote:
> > >> > > > delimited value is length.
>
> > >> > > > -John
>
> > >> > > > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote:
> > >> > > > > I'm getting this response:
>
> > >> > > > > HTTP/1.1 401 Unauthorized
> > >> > > > > Content-Length: 1296
> > >> > > > > Cache-Control: must-revalidate,no-cache,no-store
> > >> > > > > Content-Type: text/html; charset=iso-8859-1
> > >> > > > > Server: Jetty(6.1.17)
> > >> > > > > WWW-Authenticate: Basic realm="Firehose"
>
> > >> > > > > <html>
> > >> > > > > <head>
> > >> > > > > <meta http-equiv="Content-Type" content="text/html;
> > >> > > > > charset=ISO-8859-1"/>
> > >> > > > > <title>Error 401 UNAUTHORIZED</title>
> > >> > > > > </head>
> > >> > > > > <body>
> > >> > > > > <h2>HTTP ERROR: 401</h2>
> > >> > > > > <p>Problem accessing /1/statuses/filter.json. Reason:
> > >> > > > > <pre> UNAUTHORIZED</pre></p>
> > >> > > > > <hr /><i><small>Powered by Jetty://</small></i>
>
> > >> > > > > Here's what I POSTed(oauthtokens are filtered out):
>
> > >> > > > -John
>
> > >> > > > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote:
> > >> > > > > I'm getting this response:
>
> > >> > > > > HTTP/1.1 401 Unauthorized
> > >> > > > > Content-Length: 1296
> > >> > > > > Cache-Control: must-revalidate,no-cache,no-store
> > >> > > > > Content-Type: text/html; charset=iso-8859-1
> > >> > > > > Server: Jetty(6.1.17)
> > >> > > > > WWW-Authenticate: Basic realm="Firehose"
>
> > >> > > > > <html>
> > >> > > > > <head>
> > >> > > > > <meta http-equiv="Content-Type" content="text/html;
> > >> > > > > charset=ISO-8859-1"/>
> > >> > > > > <title>Error 401 UNAUTHORIZED</title>
> > >> > > > > </head>
> > >> > > > > <body>
> > >> > > > > <h2>HTTP ERROR: 401</h2>
> > >> > > > > <p>Problem accessing /1/statuses/filter.json. Reason:
> > >> > > > > <pre> UNAUTHORIZED</pre></p>
> > >> > > > > <hr /><i><small>Powered by Jetty://</small></i>
>
>
> read more »
Wil
Jun 28, 2010, 11:10:10 AM6/28/10
to Twitter Development Talk
The thing wasn't including the POST parameters in the signing! I think
I got it!
> > > >> wrote:...
>
> read more »
I got it!
>
> read more »
Taylor Singletary
Jun 28, 2010, 11:16:14 AM6/28/10
to twitter-deve...@googlegroups.com
Great! Let me know if you still need assistance.
Taylor
Wil
Jun 28, 2010, 11:21:08 AM6/28/10
to Twitter Development Talk
Oh wait, it does include them I just missed it.
So much for premature celebration...
> > > > >> > > > > > >> > > to the...
>
> read more »
So much for premature celebration...
>
> read more »
Taylor Singletary
Jun 28, 2010, 11:45:18 AM6/28/10
to twitter-deve...@googlegroups.com
Let's start from a common point. By using the same inputs, we can try and meet in the middle with exactly the same signature, signature base string, and authorization header.
Using the following values:
Consumer Key: TwitterConsumerKey
Consumer Secret: TwitterConsumerSecret
Access Token: TwitterAccessToken
Access Token Secret: TwitterAccessTokenScret
OAuth Nonce: abcdefgh
OAuth Timestamp: 1277739588
URL:
POST Body:
follow=156934710&source=Wildfire%20by%20Implication
Assuming these exact values, the following should be the result:
POST body:
follow=156934710&source=Wildfire%20by%20Implication
Signature Base String:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses%2Ffilter.json&follow%3D156934710%26oauth_consumer_key%3DTwitterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1277739588%26oauth_token%3DTwitterAccessToken%26oauth_version%3D1.0%26source%3DWildfire%2520by%2520Implication
Signing Secret
TwitterConsumerSecret&TwitterAccessTokenSecret
Signature
rYGiA6H2UXog0nYOzTeUKwJSssM=
Authorization Header
OAuth oauth_nonce="abcdefgh", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277739588", oauth_consumer_key="TwitterConsumerKey", oauth_token="TwitterAccessToken", oauth_signature="rYGiA6H2UXog0nYOzTeUKwJSssM%3D", oauth_version="1.0"
Using these values do you get the same signature and other values?
Taylor
Wil
Jun 28, 2010, 12:21:54 PM6/28/10
to Twitter Development Talk
Hi,
I got exactly the same values:
Base string:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DTwitterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1277739588%26oauth_token
%3DTwitterAccessToken%26oauth_version%3D1.0%26source%3DWildfire%2520by
%2520Implication
Signature (escaped):
rYGiA6H2UXog0nYOzTeUKwJSssM%3D
Authorization Header:
oauth_consumer_key="TwitterConsumerKey",oauth_token="TwitterAccessToken",oauth_nonce="abcdefgh",oauth_timestamp="1277739588",oauth_signature_method="HMAC-
SHA1",oauth_signature="rYGiA6H2UXog0nYOzTeUKwJSssM
%3D",oauth_version="1.0"
Post content:
source=Wildfire%20by%20Implication&follow=156934710
On Jun 28, 11:45 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> > > > > > >> > > > > Content-Type:...
>
> read more »
I got exactly the same values:
Base string:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DTwitterConsumerKey%26oauth_nonce%3Dabcdefgh%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1277739588%26oauth_token
%3DTwitterAccessToken%26oauth_version%3D1.0%26source%3DWildfire%2520by
%2520Implication
Signature (escaped):
rYGiA6H2UXog0nYOzTeUKwJSssM%3D
Authorization Header:
oauth_consumer_key="TwitterConsumerKey",oauth_token="TwitterAccessToken",oauth_nonce="abcdefgh",oauth_timestamp="1277739588",oauth_signature_method="HMAC-
SHA1",oauth_signature="rYGiA6H2UXog0nYOzTeUKwJSssM
%3D",oauth_version="1.0"
Post content:
source=Wildfire%20by%20Implication&follow=156934710
On Jun 28, 11:45 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
>
> read more »
Wil
Jun 28, 2010, 12:40:18 PM6/28/10
to Twitter Development Talk
Hi again,
I made a "real" request this time because in the previous one, I
couldn't control the nonce and timestamp generation directly so I copy-
pasted the code it used and modified it a bit. This is the "real"
generated data which has a non-mock nonce and timestamp.
Timestamp: "1277742686"
Nonce: "ufywbndxv0qevuh0"
Base String:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DTwitterConsumerKey%26oauth_nonce
%3Dufywbndxv0qevuh0%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1277742686%26oauth_token%3DTwitterAccessToken
%26oauth_version%3D1.0%26source%3DWildfire%2520by%2520Implication
Signature:
YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D
Packet Capture:
oauth_consumer_key="TwitterConsumerKey",oauth_token="TwitterAccessToken",oauth_nonce="ufywbndxv0qevuh0",oauth_timestamp="1277742686",oauth_signature_method="HMAC-
SHA1",oauth_signature="YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D",oauth_version="1.0",
follow: 156934710
It still looks correct though...
Regards,
Wil
> > > wrote:...
>
> read more »
I made a "real" request this time because in the previous one, I
couldn't control the nonce and timestamp generation directly so I copy-
pasted the code it used and modified it a bit. This is the "real"
generated data which has a non-mock nonce and timestamp.
Timestamp: "1277742686"
Nonce: "ufywbndxv0qevuh0"
Base String:
POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses
%2Ffilter.json&follow%3D156934710%26oauth_consumer_key
%3DTwitterConsumerKey%26oauth_nonce
%3Dufywbndxv0qevuh0%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1277742686%26oauth_token%3DTwitterAccessToken
%26oauth_version%3D1.0%26source%3DWildfire%2520by%2520Implication
Signature:
YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D
Packet Capture:
- Http: Request, POST /1/statuses/filter.json , Using OAuth
Authorization
Command: POST
+ URI: /1/statuses/filter.json
ProtocolVersion: HTTP/1.1
- Authorization: OAuth
+ Authorization: OAuth
Authorization
Command: POST
+ URI: /1/statuses/filter.json
ProtocolVersion: HTTP/1.1
- Authorization: OAuth
oauth_consumer_key="TwitterConsumerKey",oauth_token="TwitterAccessToken",oauth_nonce="ufywbndxv0qevuh0",oauth_timestamp="1277742686",oauth_signature_method="HMAC-
SHA1",oauth_signature="YRXJUMYs0bRzkDZSTXesGfIWhQ8%3D",oauth_version="1.0",
- Http: HTTP Payload, URL: /1/statuses/filter.json
- payload: HttpContentType = application/x-www-form-urlencoded
source: Wildfire%20by%20Implication
- payload: HttpContentType = application/x-www-form-urlencoded
follow: 156934710
It still looks correct though...
Regards,
Wil
>
> read more »
Taylor Singletary
Jun 28, 2010, 12:49:07 PM6/28/10
to twitter-deve...@googlegroups.com
Hi Wil,
Did some more tests. Why are you passing source in this context? I don't recall this being an operator for the Streaming API. If you're passing it as some kind of analogue to a source parameter you'd pass in basic auth on tweet creation, it's unnecessary here unless there's some other use for it that I'm unaware of. Without the source parameter, I'm able to make this call work.
Taylor
Wil
Jun 28, 2010, 1:10:53 PM6/28/10
to Twitter Development Talk
Hi Taylor,
Finally! It now works. TweetSharp includes the source parameter by
default on all requests (I think). Thus, I overrode the
TwitterClientInfo just for that request and cleared out the
"ClientName" field. Now it works!
I guess on your side, the code filters out unknown parameters before
doing the signature verification thing huh?
Thanks a lot for helping! (though TweetSharp has another problem of
dropping off the stream connection prematurely... that's another topic
to discuss after I do more poking)
Regards,
Wil
On Jun 29, 12:49 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> > oauth_consumer_key="TwitterConsumerKey",oauth_token="TwitterAccessToken",oa uth_nonce="ufywbndxv0qevuh0",oauth_timestamp="1277742686",oauth_signature_m ethod="HMAC-
> > > > > > > > > >> Authorization...
>
> read more »
Finally! It now works. TweetSharp includes the source parameter by
default on all requests (I think). Thus, I overrode the
TwitterClientInfo just for that request and cleared out the
"ClientName" field. Now it works!
I guess on your side, the code filters out unknown parameters before
doing the signature verification thing huh?
Thanks a lot for helping! (though TweetSharp has another problem of
dropping off the stream connection prematurely... that's another topic
to discuss after I do more poking)
Regards,
Wil
On Jun 29, 12:49 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
>
> read more »
Matt Harris
Jun 28, 2010, 8:08:24 PM6/28/10
to twitter-deve...@googlegroups.com
Wil,
Fantastic. So glad you got it working, and thanks for sharing the solution which worked for you.
Matt
Mark McBride
Jun 29, 2010, 2:45:39 PM6/29/10
to twitter-deve...@googlegroups.com
This likely wasn't due to adding the source parameter. It was more
likely but due to a bug I had in the streaming OAuth implementation.
Java's URLEncoder converts spaes to '+' instead of '%20'. This got
fixed yesterday.
likely but due to a bug I had in the streaming OAuth implementation.
Java's URLEncoder converts spaes to '+' instead of '%20'. This got
fixed yesterday.
---Mark
Reply all
Reply to author
Forward
0 new messages