xAuth request returns 401, need help
8 views
Skip to first unread message
Chrys Bader
Oct 27, 2010, 7:50:48 PM10/27/10
to Twitter Development Talk
Hey all,
This is my first post in this group, hi!
I am having trouble making a request on https://api.twitter.com/oauth/access_token.
I've been at this for 2 days and I can't make any progress. I feel
like everything matches up with all examples, documentation, and other
forum posts perfectly.
Here is my post body:
x_auth_username=oauth_test_exec&x_auth_password=twitter-
xauth&x_auth_mode=client_auth
Here is my base string (using the example's test credentials):
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA
%26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec
Here is my Authorization header:
OAuth oauth_timestamp="1288223176", oauth_nonce="E0E37C06-
F12A-407B-8D80-20C78FF6183A", oauth_version="1.0",
oauth_consumer_key="JvyS7DO2qd6NNTsXJ4E7zA",
oauth_signature_method="HMAC-SHA1", oauth_signature="IwPFrvb0PExyS
%2F2QQvtbelsWk48%3D"
This is my first post in this group, hi!
I am having trouble making a request on https://api.twitter.com/oauth/access_token.
I've been at this for 2 days and I can't make any progress. I feel
like everything matches up with all examples, documentation, and other
forum posts perfectly.
Here is my post body:
x_auth_username=oauth_test_exec&x_auth_password=twitter-
xauth&x_auth_mode=client_auth
Here is my base string (using the example's test credentials):
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA
%26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec
Here is my Authorization header:
OAuth oauth_timestamp="1288223176", oauth_nonce="E0E37C06-
F12A-407B-8D80-20C78FF6183A", oauth_version="1.0",
oauth_consumer_key="JvyS7DO2qd6NNTsXJ4E7zA",
oauth_signature_method="HMAC-SHA1", oauth_signature="IwPFrvb0PExyS
%2F2QQvtbelsWk48%3D"
Chrys Bader
Nov 18, 2010, 8:31:23 PM11/18/10
to Twitter Development Talk
*bump*
I've run my base string through an oAuth verifier (http://quonos.nl/
oauthTester/), and it all checks out!
Any ideas?
On Oct 27, 4:50 pm, Chrys Bader <chr...@gmail.com> wrote:
> Hey all,
>
> This is my first post in this group, hi!
>
> I am having trouble making a request onhttps://api.twitter.com/oauth/access_token.
I've run my base string through an oAuth verifier (http://quonos.nl/
oauthTester/), and it all checks out!
Any ideas?
On Oct 27, 4:50 pm, Chrys Bader <chr...@gmail.com> wrote:
> Hey all,
>
> This is my first post in this group, hi!
>
themattharris
Nov 18, 2010, 8:53:44 PM11/18/10
to Twitter Development Talk
Hey Chrys,
A couple of things to check first:
1. Have you been granted xAuth access?
2. Double check the timestamp of your request is within 10 or so
minutes of the time returned by Twitter's servers. Our server time is
in UTC.
3. Verify your encoding is correct. For example: a password like ab$
%&123 should be in your basestring as ab%2524%2525%2526123 and in your
post body as ab%24%25%26123.
Best,
Matt
A couple of things to check first:
1. Have you been granted xAuth access?
2. Double check the timestamp of your request is within 10 or so
minutes of the time returned by Twitter's servers. Our server time is
in UTC.
3. Verify your encoding is correct. For example: a password like ab$
%&123 should be in your basestring as ab%2524%2525%2526123 and in your
post body as ab%24%25%26123.
Best,
Matt
Chrys Bader
Nov 18, 2010, 8:59:05 PM11/18/10
to Twitter Development Talk
1. Yes
2. Interesting point. I'm probably not sending a UTC timestamp!
3. We take care of this
Thanks! I'm going to play with the timstamp.
2. Interesting point. I'm probably not sending a UTC timestamp!
3. We take care of this
Thanks! I'm going to play with the timstamp.
Chrys Bader
Nov 18, 2010, 9:03:20 PM11/18/10
to Twitter Development Talk
Ok, I looked into it. According to the iPhone SDK documentation, I am
indeed sending the UTC (GMT) timestamp.
Still not sure what else could be wrong?
Is this the right Content-Type?
"Content-Type" = "application/x-www-form-urlencoded; charset=utf-8";
indeed sending the UTC (GMT) timestamp.
Still not sure what else could be wrong?
Is this the right Content-Type?
"Content-Type" = "application/x-www-form-urlencoded; charset=utf-8";
Matt Harris
Nov 18, 2010, 9:41:19 PM11/18/10
to twitter-deve...@googlegroups.com
OK, but is the UTC timestamp actually accurate? we've heard of a number of phones whose date/time are wildly wrong. It maybe find but it's quite common.
Your content-type is fine.
Matt
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Chrys Bader
Nov 18, 2010, 9:47:02 PM11/18/10
to Twitter Development Talk
Yes I compared the UTC timestamp that my phone is generating with the
actual UTC timestamp, and they were the same.
Is there anything else I can show you for more information?
No matter what, I just keep getting a 401 response from Twitter.
actual UTC timestamp, and they were the same.
Is there anything else I can show you for more information?
No matter what, I just keep getting a 401 response from Twitter.
Chrys Bader
Nov 18, 2010, 9:55:03 PM11/18/10
to Twitter Development Talk
Does the order of the params in either the Authorization or Base
string matter?
Here are my Request Headers:
Authorization = "OAuth oauth_timestamp=\"1290134876\", oauth_nonce=
\"D3EC42D2-A37F-4298-987D-0F9603B0C9C7\", oauth_version=\"1.0\",
oauth_consumer_key=\"xxx\", oauth_signature_method=\"HMAC-SHA1\",
oauth_signature=\"MOWT%2BaSs35RhzvRRMVxRG0Y5p0E%3D\"";
"Content-Length" = 71;
"Content-Type" = "application/x-www-form-urlencoded;
charset=utf-8";
Here is my actual base string:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3Dxxx%26oauth_nonce%3DD3EC42D2-
A37F-4298-987D-0F9603B0C9C7%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1290134876%26oauth_version%3D1.0%26x_auth_mode
%3Dclient_auth%26x_auth_password%3Dxxx%26x_auth_username%3Dchrysb
string matter?
Here are my Request Headers:
Authorization = "OAuth oauth_timestamp=\"1290134876\", oauth_nonce=
\"D3EC42D2-A37F-4298-987D-0F9603B0C9C7\", oauth_version=\"1.0\",
oauth_consumer_key=\"xxx\", oauth_signature_method=\"HMAC-SHA1\",
oauth_signature=\"MOWT%2BaSs35RhzvRRMVxRG0Y5p0E%3D\"";
"Content-Length" = 71;
"Content-Type" = "application/x-www-form-urlencoded;
charset=utf-8";
Here is my actual base string:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3Dxxx%26oauth_nonce%3DD3EC42D2-
A37F-4298-987D-0F9603B0C9C7%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1290134876%26oauth_version%3D1.0%26x_auth_mode
%3Dclient_auth%26x_auth_password%3Dxxx%26x_auth_username%3Dchrysb
Matt Harris
Nov 19, 2010, 2:04:15 PM11/19/10
to twitter-deve...@googlegroups.com
Hey Chrys,
The order of the parameters in the base string matter and they should be in lexicollexicographical order. For ease of debugging and to remove any ambiguity it would be better to have the authorization header use the same order too.
Can you tell me what the body content of the 401 error is?
Bess
Nov 19, 2010, 2:41:28 PM11/19/10
to Twitter Development Talk
Twitter 401 error is related to Authentication
401 Unauthorized: Authentication credentials were missing or
incorrect.
Another debugging is to print out error type error message from iPhone
console
On Nov 19, 11:04 am, Matt Harris <thematthar...@twitter.com> wrote:
> Hey Chrys,
>
> The order of the parameters in the base string matter and they should be in
> lexicollexicographical order. For ease of debugging and to remove any
> ambiguity it would be better to have the authorization header use the same
> order too.
>
> Can you tell me what the body content of the 401 error is?
>
> Best,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
401 Unauthorized: Authentication credentials were missing or
incorrect.
Another debugging is to print out error type error message from iPhone
console
On Nov 19, 11:04 am, Matt Harris <thematthar...@twitter.com> wrote:
> Hey Chrys,
>
> The order of the parameters in the base string matter and they should be in
> lexicollexicographical order. For ease of debugging and to remove any
> ambiguity it would be better to have the authorization header use the same
> order too.
>
> Can you tell me what the body content of the 401 error is?
>
> Best,
> @themattharris
Chrys Bader
Nov 19, 2010, 3:18:09 PM11/19/10
to Twitter Development Talk
Hey Matt,
I am using Loren Brichter's OAuthCore library to create the
Authorization header... so I imagine he did it correctly.
The body content of the 401 is empty. Content-Length: 0
I am using Loren Brichter's OAuthCore library to create the
Authorization header... so I imagine he did it correctly.
The body content of the 401 is empty. Content-Length: 0
> Hey Chrys,
>
> The order of the parameters in the base string matter and they should be in
> lexicollexicographical order. For ease of debugging and to remove any
> ambiguity it would be better to have the authorization header use the same
> order too.
>
> Can you tell me what the body content of the 401 error is?
>
> Best,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> The order of the parameters in the base string matter and they should be in
> lexicollexicographical order. For ease of debugging and to remove any
> ambiguity it would be better to have the authorization header use the same
> order too.
>
> Can you tell me what the body content of the 401 error is?
>
> Best,
> @themattharris
Chrys Bader
Nov 19, 2010, 3:18:41 PM11/19/10
to Twitter Development Talk
Yeah, I've done that. Authentication credentials meaning my oAuth
credentials, or xAuth credentials?
credentials, or xAuth credentials?
Chrys Bader
Nov 19, 2010, 3:20:45 PM11/19/10
to Twitter Development Talk
Also, the example here shows that the Auth header and the base string
aren't in the same order:
http://dev.twitter.com/pages/xauth
aren't in the same order:
http://dev.twitter.com/pages/xauth
> Hey Chrys,
>
> The order of the parameters in the base string matter and they should be in
> lexicollexicographical order. For ease of debugging and to remove any
> ambiguity it would be better to have the authorization header use the same
> order too.
>
> Can you tell me what the body content of the 401 error is?
>
> Best,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> The order of the parameters in the base string matter and they should be in
> lexicollexicographical order. For ease of debugging and to remove any
> ambiguity it would be better to have the authorization header use the same
> order too.
>
> Can you tell me what the body content of the 401 error is?
>
> Best,
> @themattharris
Matt Harris
Nov 19, 2010, 6:44:05 PM11/19/10
to twitter-deve...@googlegroups.com
Hey Chrys,
Agreed. The authentication header doesn't have to be in order but as said previously, it helps with debugging.
It is really strange that the response body is empty. It maybe easier if you email me the full request headers, with response headers and content so I can debug further. For security it'll be easier if you email me that directly.
Eric Will
Jan 12, 2011, 2:55:36 PM1/12/11
to Twitter Development Talk
Was the cause of the empty response body ever discovered? I'm having
a similar issue, except my 401 response body has "Content-Length: 1"
containing an empty space " ".
On Nov 19 2010, 3:44 pm, Matt Harris <thematthar...@twitter.com>
wrote:
a similar issue, except my 401 response body has "Content-Length: 1"
containing an empty space " ".
On Nov 19 2010, 3:44 pm, Matt Harris <thematthar...@twitter.com>
wrote:
> Hey Chrys,
>
> Agreed. The authentication header doesn't have to be in order but as said
> previously, it helps with debugging.
>
> It is really strange that the response body is empty. It maybe easier if you
> email me the full request headers, with response headers and content so I
> can debug further. For security it'll be easier if you email me that
> directly.
>
> Best,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> Agreed. The authentication header doesn't have to be in order but as said
> previously, it helps with debugging.
>
> It is really strange that the response body is empty. It maybe easier if you
> email me the full request headers, with response headers and content so I
> can debug further. For security it'll be easier if you email me that
> directly.
>
> Best,
> @themattharris
Reply all
Reply to author
Forward
0 new messages