pyramid example

[Mazzaroth M.]

Hi all I got the pyramid example working under python 3.5 virtualenv and pyramid 1.7.

I copied the local_settings.py.template to local_settings.py and added a Key and Secret for Twitter.

I open localhost:8000 and click on "Twitter OAuth"

I get back a 401 error from the oauth endpoint:

requests.exceptions.HTTPError: 401 Client Error: Authorization Required for url: https://api.twitter.com/oauth/request_token

I went onto dev.twitter.com clicked "Test OAuth" and used their oauth validator and confirmed via curl that the Key and Secret with this URL are ok.

So I think I'm barking up the wrong tree here? How do I complete the user auth 'pipeline' with the Pyramid example?

Regards, Michael

~~~

curl --get 'https://api.twitter.com/oauth/request_token' --header 'Authorization: OAuth oauth_consumer_key="<key>", oauth_nonce="<nonce>", oauth_signature="1vY7my3ByLT8WTvQZdraz0lEDJ8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1471801565", oauth_version="1.0"' --verbose

*   Trying 199.59.149.199...

* Connected to api.twitter.com (199.59.149.199) port 443 (#0)

* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

* Server certificate: api.twitter.com

* Server certificate: DigiCert SHA2 High Assurance Server CA

* Server certificate: DigiCert High Assurance EV Root CA

> GET /oauth/request_token HTTP/1.1

> Host: api.twitter.com

> User-Agent: curl/7.43.0

> Accept: */*

> Authorization: OAuth oauth_consumer_key="<key>", oauth_nonce="<nonce>", oauth_signature="1vY7my3ByLT8WTvQZdraz0lEDJ8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1471801565", oauth_version="1.0"

> 

< HTTP/1.1 200 OK

< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0

< content-length: 121

< content-security-policy: default-src 'none'; connect-src 'self'; font-src https://abs.twimg.com https://abs-0.twimg.com data:; frame-src 'self' twitter:; img-src https://abs.twimg.com https://*.twimg.com https://pbs.twimg.com data:; media-src 'none'; object-src 'none'; script-src https://abs.twimg.com https://abs-0.twimg.com https://twitter.com https://mobile.twitter.com; style-src https://abs.twimg.com https://abs-0.twimg.com; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVWG6Z3JNY%3D%3D%3D%3D%3D%3D&ro=false;

< content-type: text/html;charset=utf-8

< date: Sun, 21 Aug 2016 17:46:15 GMT

< expires: Tue, 31 Mar 1981 05:00:00 GMT

< last-modified: Sun, 21 Aug 2016 17:46:15 GMT

< ml: S

< pragma: no-cache

< server: tsa_a

< set-cookie: guest_id=v1%3A147180157567112851; Domain=.twitter.com; Path=/; Expires=Tue, 21-Aug-2018 17:46:15 UTC

< status: 200 OK

< strict-transport-security: max-age=631138519

< x-connection-hash: 6599a643472919806b047e9b04cbfa09

< x-content-type-options: nosniff

< x-frame-options: SAMEORIGIN

< x-response-time: 142

< x-transaction: 00430a9d00fd0a74

< x-twitter-response-tags: BouncerCompliant

< x-ua-compatible: IE=edge,chrome=1

< x-xss-protection: 1; mode=block

< 

* Connection #0 to host api.twitter.com left intact

oauth_token=foo&oauth_token_secret=foo&oauth_callback_confirmed=true