Received: by 10.150.250.4 with SMTP id x4mr3528228ybh.16.1276717175248;
        Wed, 16 Jun 2010 12:39:35 -0700 (PDT)
X-BeenThere: twitter-development-talk@googlegroups.com
Received: by 10.150.242.38 with SMTP id p38ls383234ybh.6.p; Wed, 16 Jun 2010 
	12:39:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.150.250.5 with SMTP id x5mr652157ybh.53.1276717161310; Wed, 16 
	Jun 2010 12:39:21 -0700 (PDT)
Received: by k39g2000yqb.googlegroups.com with HTTP; Wed, 16 Jun 2010 12:39:21 
	-0700 (PDT)
Date: Wed, 16 Jun 2010 12:39:21 -0700 (PDT)
In-Reply-To: <ae8613a5-1cae-4731-b5db-0770e86f591d@y4g2000yqy.googlegroups.com>
X-IP: 38.104.186.254
References: <d3e6c422-29ce-4d54-862f-9407671d4c87@c10g2000yqi.googlegroups.com> 
	<-5348290580678020998@unknownmsgid> <202d09e1-93bc-4ffe-b0a1-3b5bdee101b0@y4g2000yqy.googlegroups.com> 
	<24b8f9b1-54ef-4280-ac71-269a2d446c54@k39g2000yqb.googlegroups.com> 
	<97827ba6-2fe7-478a-84d7-cbbf7b60c955@z8g2000yqz.googlegroups.com> 
	<14071413-547a-42de-a1a1-7312f3b6667f@q12g2000yqj.googlegroups.com> 
	<AANLkTimO2R_xFzWhPcRL8dDK9P7JppRy-5Yysi5ABL80@mail.gmail.com> 
	<ae8613a5-1cae-4731-b5db-0770e86f591d@y4g2000yqy.googlegroups.com>
User-Agent: G2/1.0
X-HTTP-UserAgent: Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 
	Version/10.10,gzip(gfe)
Message-ID: <ccb51ce1-1edf-423b-9611-dcd7355da56e@k39g2000yqb.googlegroups.com>
Subject: Re: oauth status update returning error 401 invalid / used nonce
From: Craig <chanson9...@gmail.com>
To: Twitter Development Talk <twitter-development-talk@googlegroups.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

By the way, even when I try to tweet with just one word like: "tweet",
it doesn't work.  Just simple ascii characters.  Is there any way you
can just intercept one of my test tweets and look at what, if anything
might be going wrong on the server side?

-Craig


On Jun 16, 3:05=A0pm, Craig <chanson9...@gmail.com> wrote:
> My signature base string status pair looks like:
> status%3Dmy%2520tweet
>
> When I tried xAuth authentication with a * character in the password,
> it didn't work at first. =A0But once I double url encoded it, I was able
> to authenticate no problem. =A0So that definitely helps. =A0I am now
> double url encoding the username and password values.
>
> However, the tweet still didn't work. =A0I am double url encoding the
> status message in the signature base string and single url encoding it
> in the post body.
>
> Thanks,
> Craig
>
> On Jun 16, 11:30=A0am, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>
>
>
> > Hi Craig,
>
> > Do you know if the status update, status=3Dmy%20tweet is being encoded
> > correctly in your signature base string (which is the string used to cr=
eate
> > your signature).
>
> > For the signature base string, the key/value pair would look like:
>
> > status%3Dmy%2520tweet
>
> > Have you tried your xAuth authentication with spaces and other possible=
 odd
> > characters yet in fields like the password?
>
> > Taylor
>
> > On Wed, Jun 16, 2010 at 8:21 AM, Craig <chanson9...@gmail.com> wrote:
> > > Hi Matt,
>
> > > Thanks for responding. =A0My authorization header is still the same a=
s
> > > it was in my first message above. =A0Here it is for another request I
> > > just tried:
>
> > > OAuth oauth_nonce=3D"TEeSMm8q3m5abhmppain", oauth_signature_method=3D=
"HMAC-
> > > SHA1", oauth_timestamp=3D"1276701304",
> > > oauth_consumer_key=3D"xxxxxxxxxxxxxxxxx", oauth_token=3D"xxxxxxxx-
> > > xxxxxxxxxxxxxxxxxxxxxxxxx", oauth_signature=3D"xxxxxxxxxxxxxxxxxxxxxx=
x
> > > %3D", oauth_version=3D"1.0"
>
> > > The post body is simply:
> > > status=3Dmy%20tweet
>
> > > When I create the request in objective c, it looks like this: (where
> > > authHeader is the authorization header noted above and postBody is th=
e
> > > post body noted above):
>
> > > NSString* requestString=3D [NSString
> > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL];
> > > NSMutableURLRequest* request =3D [[NSMutableURLRequest alloc]
> > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0initWi=
thURL:[NSURL
> > > URLWithString:requestString]
>
> > > cachePolicy:NSURLRequestReloadIgnoringCacheData
> > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0timeoutInterval:30.0];
> > > [request setHTTPMethod:@"POST"];
> > > [request addValue:authHeader forHTTPHeaderField:@"Authorization"];
> > > [request setValue:@"application/x-www-form-urlencoded"
> > > forHTTPHeaderField:@"Content-Type"];
> > > [request setValue:postBodyLength forHTTPHeaderField:@"Content-
> > > Length"];
> > > [request setHTTPBody:[postBody
> > > dataUsingEncoding:NSUTF8StringEncoding]];
>
> > > This type of formatting works just fine for my xAuth authentication.
>
> > > On Jun 15, 4:44 pm, themattharris <thematthar...@twitter.com> wrote:
> > > > Hey Craig,
>
> > > > Could you let us see what the authorization header you are sending
> > > > looks like (obfuscating your oauth keys and secrets)?
>
> > > > What you're aiming for is a header similar to this:
>
> > > > POST /1/statuses/update.xml HTTP/1.1
> > > > Accept: */*
> > > > Connection: close
> > > > User-Agent: OAuth gem v0.4.0
> > > > Content-Type: application/x-www-form-urlencoded
> > > > Authorization: OAuth
> > > > =A0 oauth_consumer_key=3D\"xxxxxxxxxxxxxxxxxxxxxxxx\",
> > > > =A0 oauth_nonce=3D\"xxxxxxxxxxxxxxxxxxxxxxxxxxxx\",
> > > > =A0 oauth_signature=3D\"xxxxxxxxxxxxxxxxxxxxxxxx\",
> > > > =A0 oauth_signature_method=3D\"HMAC-SHA1\",
> > > > =A0 oauth_timestamp=3D\"1276634179\",
> > > > =A0 oauth_token=3D\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",
> > > > =A0 oauth_version=3D\"1.0\"
> > > > Content-Length: 27
> > > > Host: api.twitter.com
>
> > > > With your post body being the status you are sending. Similar to:
>
> > > > status=3Dsomething%20to%20say
>
> > > > Matt
>
> > > > On Jun 13, 8:32 pm, Craig <chanson9...@gmail.com> wrote:
>
> > > > > Ok, so I believe my signature is correct because if I take out th=
e
> > > > > oauth_token parameter from the signature base I get an incorrect
> > > > > signature error instead of the invalid/used nonce error. =A0I am
> > > > > definitely posting to the correct url: "https://api.twitter.com/1=
/
> > > > > statuses/update.xml" because if I change it I get an invalid url
> > > > > response. =A0The nonce I'm generating is unique for every request=
 I'm
> > > > > sending. =A0The timestamp is accurate to the number of seconds th=
at have
> > > > > passed since unix epoch. =A0Obviously the invalid/used nonce erro=
r is
> > > > > garbage.
>
> > > > > Here's the formatting of my URL request in obj c:
>
> > > > > // Create the request
> > > > > NSString* requestString=3D [NSString
> > > > > stringWithFormat:@"%@",TWITTER_STATUS_UPDATE_URL];
> > > > > NSMutableURLRequest* request =3D [[NSMutableURLRequest alloc]
> > > > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 i=
nitWithURL:[NSURL
> > > URLWithString:requestString]
>
> > > cachePolicy:NSURLRequestReloadIgnoringCacheData
> > > > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 timeoutInterval:30.0];
> > > > > [request setHTTPMethod:@"POST"];
> > > > > [request addValue:authHeader forHTTPHeaderField:@"Authorization"]=
;
> > > > > [request setValue:@"application/x-www-form-urlencoded"
> > > > > forHTTPHeaderField:@"Content-Type"];
> > > > > [request setValue:postBodyLength forHTTPHeaderField:@"Content-
> > > > > Length"];
> > > > > [request setHTTPBody:[postBody
> > > > > dataUsingEncoding:NSUTF8StringEncoding]];
>
> > > > > Any other ideas? =A0I'm at a total loss as to why this might be
> > > > > happening.
>
> > > > > Thanks,
> > > > > Craig
>
> > > > > On Jun 13, 3:42 pm, Craig <chanson9...@gmail.com> wrote:
>
> > > > > > No dice. =A0I just tried creating a new app and using the new
> > > keys/token
> > > > > > to tweet. =A0I'll go over my steps once more and see if I can t=
rack
> > > down
> > > > > > an issue somewhere...
>
> > > > > > On Jun 11, 8:53 pm, Taylor Singletary <taylorsinglet...@twitter=
.com>
> > > > > > wrote:
>
> > > > > > > xAuth in this case, I think, is unrelated to the issue. If yo=
u can
> > > use
> > > > > > > a different key and use the "my token" feature to get your ac=
cess
> > > > > > > token, then try to tweet using that token, it will sufficient=
ly
> > > > > > > express the problem I think.
>
> > > > > > > Taylor
>
> > > > > > > On Jun 11, 2010, at 2:48 PM, Craig <chanson9...@gmail.com> wr=
ote:
>
> > > > > > > > Hello,
>
> > > > > > > > I have an iphone app that is using xauth. =A0I am able to o=
btain
> > > the
> > > > > > > > access token with no problem at all. =A0When I go to post a=
 status
> > > > > > > > update, I receive an invalid / used nonce error. =A0It can'=
t
> > > actually be
> > > > > > > > a used nonce since I have checked this multiple times. =A0H=
ere are
> > > the
> > > > > > > > details of the post:
>
> > > > > > > > url:
> > > > > > > >http://api.twitter.com/1/statuses/update.xml
>
> > > > > > > > signature base string:
> > > > > > > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> > > > > > > > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_no=
nce
> > > > > > > > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
> > > > > > > > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
> > > > > > > > %26oauth_version%3D1.0%26status%3Dmy%2520tweet
>
> > > > > > > > Authorization header:
> > > > > > > > OAuth oauth_nonce=3D"397vi5Ug1YHC3UAVUAoB",
> > > oauth_signature_method=3D"HMAC-
> > > > > > > > SHA1", oauth_timestamp=3D"1276292596",
> > > > > > > > oauth_consumer_key=3D"myconsumerkey", oauth_token=3D"mytoke=
n",
> > > > > > > > oauth_signature=3D"yOh2zQPGDBlVEP5cDWhjddQWTLc%3D",
> > > oauth_version=3D"1.0"
>
> > > > > > > > Content-Type:
> > > > > > > > [request setValue:@"application/x-www-form-urlencoded"
> > > > > > > > forHTTPHeaderField:@"Content-Type"];
>
> > > > > > > > I can see no reason why this shouldn't work. =A0Any help wo=
uld be
> > > > > > > > greatly appreciated!
>
> > > > > > > > Thanks,