[twitter-dev] Out-of-band/PIN Code Authentication not working?
19 views
Skip to first unread message
ramy
May 22, 2010, 6:58:50 PM5/22/10
to Twitter Development Talk
Hi, I have a desktop application using libcurl that has "oob" as the
call back
I am making an Authorization: header and appending all the required
items, but when i send my request, i get nothing back - curl just
waits for a response from the server for ever, here's a snippet, this
is to get a request token btw:
signatureBaseString = getSignatureBaseString();
key = consumerSecret + "&";
signature = format::encrypt(signatureBaseString, key);
basicHeader.push_back("oauth_nonce=\"" + format::encode( noonce,
curl ) + "\", ");
basicHeader.push_back("oauth_callback=\"" + format::encode( callBack,
curl ) + "\", ");
basicHeader.push_back("oauth_signature_method=\"" +
format::encode( signatureMethod, curl ) + "\", ");
basicHeader.push_back("oauth_timestamp=\"" +
format::encode( timeStamp, curl ) + "\", ");
basicHeader.push_back("oauth_consumer_key=\"" +
format::encode( consumerKey, curl ) +"\", ");
basicHeader.push_back("oauth_signature=\"" +
format::encode( signature, curl ) + "\", ");
basicHeader.push_back("oauth_version=\"" +
format::encode( oauthVersion, curl ) + "\"");
postData = format::vectorToString(basicHeader);
postData = "Authorization: OAuth " + postData;
headers = curl_slist_append(headers, postData.c_str() );
std::cout << "postdata: " << postData << std::endl;
post(headers, requestTokenUrl);
postData would look like this (consumer key censored):
Authorization: OAuth oauth_nonce="vmhufwrwnjdkaupa",
oauth_callback="oob", oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1274568595",
oauth_consumer_key="XxXXXxxXXxxXXXxxXXx",
oauth_signature="v8EdkEk3V3XijCwdsoTIk5x9Z3w%3D", oauth_version="1.0"
the post function looks like this
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl, CURLOPT_CAINFO, "./
VeriSignClass3ExtendedValidationSSLCA");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &curlapiPageBuffer);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_COOKIE, curlCookie.c_str() );
curl_easy_setopt(curl, CURLOPT_URL, url.c_str() );
curlResult = curl_easy_perform(curl);
std::cout << curlapiPageBuffer << std::endl;
is anyone seeing any mistakes here?
thanks
call back
I am making an Authorization: header and appending all the required
items, but when i send my request, i get nothing back - curl just
waits for a response from the server for ever, here's a snippet, this
is to get a request token btw:
signatureBaseString = getSignatureBaseString();
key = consumerSecret + "&";
signature = format::encrypt(signatureBaseString, key);
basicHeader.push_back("oauth_nonce=\"" + format::encode( noonce,
curl ) + "\", ");
basicHeader.push_back("oauth_callback=\"" + format::encode( callBack,
curl ) + "\", ");
basicHeader.push_back("oauth_signature_method=\"" +
format::encode( signatureMethod, curl ) + "\", ");
basicHeader.push_back("oauth_timestamp=\"" +
format::encode( timeStamp, curl ) + "\", ");
basicHeader.push_back("oauth_consumer_key=\"" +
format::encode( consumerKey, curl ) +"\", ");
basicHeader.push_back("oauth_signature=\"" +
format::encode( signature, curl ) + "\", ");
basicHeader.push_back("oauth_version=\"" +
format::encode( oauthVersion, curl ) + "\"");
postData = format::vectorToString(basicHeader);
postData = "Authorization: OAuth " + postData;
headers = curl_slist_append(headers, postData.c_str() );
std::cout << "postdata: " << postData << std::endl;
post(headers, requestTokenUrl);
postData would look like this (consumer key censored):
Authorization: OAuth oauth_nonce="vmhufwrwnjdkaupa",
oauth_callback="oob", oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1274568595",
oauth_consumer_key="XxXXXxxXXxxXXXxxXXx",
oauth_signature="v8EdkEk3V3XijCwdsoTIk5x9Z3w%3D", oauth_version="1.0"
the post function looks like this
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl, CURLOPT_CAINFO, "./
VeriSignClass3ExtendedValidationSSLCA");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &curlapiPageBuffer);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(curl, CURLOPT_COOKIE, curlCookie.c_str() );
curl_easy_setopt(curl, CURLOPT_URL, url.c_str() );
curlResult = curl_easy_perform(curl);
std::cout << curlapiPageBuffer << std::endl;
is anyone seeing any mistakes here?
thanks
ramy
May 23, 2010, 5:54:45 PM5/23/10
to Twitter Development Talk
i think i forgot to take out my app credentials from my previous post,
my app keys have been reset though
my app keys have been reset though
ramy
May 23, 2010, 5:48:54 PM5/23/10
to Twitter Development Talk
i have some more data for anyone willing to help, this is the output
of the curl debug, the last part is the most important
== Info: About to connect() to api.twitter.com port 443 (#0)
== Info: Trying 168.143.171.93... == Info: connected
== Info: Connected to api.twitter.com (168.143.171.93) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info: CAfile: ./VeriSignClass3ExtendedValidationSSLCA
CApath: /etc/ssl/certs
== Info: SSLv3, TLS handshake, Client hello (1):
<= Send SSL data, 108 bytes (0x6c)
0000: ...h..K...../s.H.&..A....&...O\.aal..U..&.9.8.5.......3.2./.....
0040: .............................api.twitter.com
== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 74 bytes (0x4a)
0000: ...F..K....@..B*!|=..c7s.B'42u6.W5..7. ..FB...[.x..8...b./.J...
0040: Rs....{.5.
== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 853 bytes (0x355)
0000: ...Q..N..K0..G0.............0...*.H........0Z1.0...U....US1.0...
0040: U....Equifax Secure Inc.1-0+..U...$Equifax Secure Global eBusine
0080: ss CA-10...090526121457Z..100727061016Z0..1.0...U....US1.0...U..
00c0: ..*.twitter.com1.0...U....GT57932074110/..U...(See www.rapidssl.
0100: com/resources/cps (c)091/0-..U...&Domain Control Validated - Rap
0140: idSSL(R)1.0...U....*.twitter.com0..0...*.H............0.......g.
0180: B ..W".@.K/c._........1r_e..v!.C7 ..{%w.\Q...c..?..a.].2.;.....f
01c0: ..Cy~. v!.|.;.G.-...-...@..p.f.-.8./M6.7...*.O+...n.e..._{/_+...
0200: .....0..0...U...........0...U..............`.Qt.....Ov.0;..U...4
0240: 0200...,.*http://crl.geotrust.com/crls/globalca1.crl0...U.#..0..
0280: ....trPkD..#.....Wkhl0...U.%..0...+.........+.......0...U.......
02c0: 0.0...*.H..............ZQ.X....2.CH`..N.>~.AJ..9aF.....p...I.. =
0300: .-.T....x).o..#.B.}...h..K..."H=.........>M.vy..(zN. D./.y7..O..
0340: AndW.?.O.~....@.e./$.
== Info: SSLv3, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
== Info: SSLv3, TLS handshake, Client key exchange (16):
<= Send SSL data, 134 bytes (0x86)
0000: ......U2..{..........E....&G" .y1.b#...J.L:.P%.....RmH.}.?.A).7H
0040: ..T.[_. x.h...W..E>.x...j./...."U..<..DM.[...((...H)U.....I..9..
0080: ..=;.\
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Send SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
<= Send SSL data, 16 bytes (0x10)
0000: .....H....;.....
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: .........P.3.Uv:
== Info: SSL connection using AES256-SHA
== Info: Server certificate:
== Info: subject: C=US, O=*.twitter.com, OU=GT57932074, OU=See
www.rapidssl.com/resources/cps (c)09, OU=Domain Control Validated -
RapidSSL(R), CN=*.twitter.com
== Info: start date: 2009-05-26 12:14:57 GMT
== Info: expire date: 2010-07-27 06:10:16 GMT
== Info: common name: *.twitter.com (matched)
== Info: issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure
Global eBusiness CA-1
== Info: SSL certificate verify ok.
=> Send header, 424 bytes (0x1a8)
0000: POST /oauth/request_token HTTP/1.1
0024: Host: api.twitter.com
003b: Accept: */*
0048: Cookie: ./cookies.txt
005f: Authorization: OAuth oauth_nonce="vevztawimsxgfjpc", oauth_callb
009f: ack="oob", oauth_signature_method="HMAC-SHA1", oauth_timestamp="
00df: 1274651066", oauth_consumer_key="KPheeTlyurIeJfp2zC5bQg", oauth_
011f: signature="0Mbdd6%2B5sARJmMF5ZieBQqYxBQk%3D", oauth_version="1.0
015f: "
0162: Content-Length: 0
0175: Content-Type: application/x-www-form-urlencoded
01a6:
so clearly the Authorization header is getting sent appropriately as
per the documentation here: http://dev.twitter.com/pages/auth#request-token,
but after that point, everything just stops, and waits without end.
i'm hopping someone has an idea of what might be wrong?
r.d.
of the curl debug, the last part is the most important
== Info: About to connect() to api.twitter.com port 443 (#0)
== Info: Trying 168.143.171.93... == Info: connected
== Info: Connected to api.twitter.com (168.143.171.93) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info: CAfile: ./VeriSignClass3ExtendedValidationSSLCA
CApath: /etc/ssl/certs
== Info: SSLv3, TLS handshake, Client hello (1):
<= Send SSL data, 108 bytes (0x6c)
0000: ...h..K...../s.H.&..A....&...O\.aal..U..&.9.8.5.......3.2./.....
0040: .............................api.twitter.com
== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 74 bytes (0x4a)
0000: ...F..K....@..B*!|=..c7s.B'42u6.W5..7. ..FB...[.x..8...b./.J...
0040: Rs....{.5.
== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 853 bytes (0x355)
0000: ...Q..N..K0..G0.............0...*.H........0Z1.0...U....US1.0...
0040: U....Equifax Secure Inc.1-0+..U...$Equifax Secure Global eBusine
0080: ss CA-10...090526121457Z..100727061016Z0..1.0...U....US1.0...U..
00c0: ..*.twitter.com1.0...U....GT57932074110/..U...(See www.rapidssl.
0100: com/resources/cps (c)091/0-..U...&Domain Control Validated - Rap
0140: idSSL(R)1.0...U....*.twitter.com0..0...*.H............0.......g.
0180: B ..W".@.K/c._........1r_e..v!.C7 ..{%w.\Q...c..?..a.].2.;.....f
01c0: ..Cy~. v!.|.;.G.-...-...@..p.f.-.8./M6.7...*.O+...n.e..._{/_+...
0200: .....0..0...U...........0...U..............`.Qt.....Ov.0;..U...4
0240: 0200...,.*http://crl.geotrust.com/crls/globalca1.crl0...U.#..0..
0280: ....trPkD..#.....Wkhl0...U.%..0...+.........+.......0...U.......
02c0: 0.0...*.H..............ZQ.X....2.CH`..N.>~.AJ..9aF.....p...I.. =
0300: .-.T....x).o..#.B.}...h..K..."H=.........>M.vy..(zN. D./.y7..O..
0340: AndW.?.O.~....@.e./$.
== Info: SSLv3, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
== Info: SSLv3, TLS handshake, Client key exchange (16):
<= Send SSL data, 134 bytes (0x86)
0000: ......U2..{..........E....&G" .y1.b#...J.L:.P%.....RmH.}.?.A).7H
0040: ..T.[_. x.h...W..E>.x...j./...."U..<..DM.[...((...H)U.....I..9..
0080: ..=;.\
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Send SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
<= Send SSL data, 16 bytes (0x10)
0000: .....H....;.....
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: .........P.3.Uv:
== Info: SSL connection using AES256-SHA
== Info: Server certificate:
== Info: subject: C=US, O=*.twitter.com, OU=GT57932074, OU=See
www.rapidssl.com/resources/cps (c)09, OU=Domain Control Validated -
RapidSSL(R), CN=*.twitter.com
== Info: start date: 2009-05-26 12:14:57 GMT
== Info: expire date: 2010-07-27 06:10:16 GMT
== Info: common name: *.twitter.com (matched)
== Info: issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure
Global eBusiness CA-1
== Info: SSL certificate verify ok.
=> Send header, 424 bytes (0x1a8)
0000: POST /oauth/request_token HTTP/1.1
0024: Host: api.twitter.com
003b: Accept: */*
0048: Cookie: ./cookies.txt
005f: Authorization: OAuth oauth_nonce="vevztawimsxgfjpc", oauth_callb
009f: ack="oob", oauth_signature_method="HMAC-SHA1", oauth_timestamp="
00df: 1274651066", oauth_consumer_key="KPheeTlyurIeJfp2zC5bQg", oauth_
011f: signature="0Mbdd6%2B5sARJmMF5ZieBQqYxBQk%3D", oauth_version="1.0
015f: "
0162: Content-Length: 0
0175: Content-Type: application/x-www-form-urlencoded
01a6:
so clearly the Authorization header is getting sent appropriately as
per the documentation here: http://dev.twitter.com/pages/auth#request-token,
but after that point, everything just stops, and waits without end.
i'm hopping someone has an idea of what might be wrong?
r.d.
Taylor Singletary
May 24, 2010, 11:20:20 AM5/24/10
to twitter-deve...@googlegroups.com
Hi Ramy,
Glad that you reset your credentials -- no problem there now.
At first glance, everything here seems correct. I'm not sure why you are not getting a response back from our servers. On the computers that you are executing this code, is there some kind of web proxy you are using that may be preventing the response from being received?
Does the request fail if you are not using SSL? Have you tried it from another machine or network?
ramy
May 24, 2010, 11:50:49 AM5/24/10
to Twitter Development Talk
Hi taylor
I'm executing the code on my everyday laptop connected at home, that
is to say, behind a basic connection that's coming through a router,
no fancy proxy business.
I have not tried this on other networks or on other computers, but
will give both those alternatives a try tonight.
I ran the code again without SSL and the result is the same except
without the SSL stuff on top, printed bellow:
== Info: About to connect() to api.twitter.com port 80 (#0)
== Info: Trying 168.143.162.109... == Info: connected
== Info: Connected to api.twitter.com (168.143.162.109) port 80 (#0)
=> Send header, 426 bytes (0x1aa)
009f: ack="oob", oauth_signature_method="HMAC-SHA1", oauth_timestamp="
00df: 1274715540", oauth_consumer_key="XxXXxxxxxXXXxxXXXXXxx", oauth_
011f: signature="0n1MR4hg%2Fv%2FXv5r1XprkUY209F8%3D", oauth_version="1
015f: .0"
0164: Content-Length: 0
0177: Content-Type: application/x-www-form-urlencoded
01a8:
formatting is probably going to chew it up again, here it is for ease
of sight http://codepad.org/0SwNSw4a
by the way, just to clarify, this is the debug output from curl's C
library, libcurl.
On May 24, 11:20 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
I'm executing the code on my everyday laptop connected at home, that
is to say, behind a basic connection that's coming through a router,
no fancy proxy business.
I have not tried this on other networks or on other computers, but
will give both those alternatives a try tonight.
I ran the code again without SSL and the result is the same except
without the SSL stuff on top, printed bellow:
== Info: About to connect() to api.twitter.com port 80 (#0)
== Info: Trying 168.143.162.109... == Info: connected
== Info: Connected to api.twitter.com (168.143.162.109) port 80 (#0)
=> Send header, 426 bytes (0x1aa)
0000: POST /oauth/request_token HTTP/1.1
0024: Host: api.twitter.com
003b: Accept: */*
0048: Cookie: ./cookies.txt
005f: Authorization: OAuth oauth_nonce="edvkkfxiqqwdufit", oauth_callb
0024: Host: api.twitter.com
003b: Accept: */*
0048: Cookie: ./cookies.txt
009f: ack="oob", oauth_signature_method="HMAC-SHA1", oauth_timestamp="
00df: 1274715540", oauth_consumer_key="XxXXxxxxxXXXxxXXXXXxx", oauth_
011f: signature="0n1MR4hg%2Fv%2FXv5r1XprkUY209F8%3D", oauth_version="1
015f: .0"
0164: Content-Length: 0
0177: Content-Type: application/x-www-form-urlencoded
01a8:
formatting is probably going to chew it up again, here it is for ease
of sight http://codepad.org/0SwNSw4a
by the way, just to clarify, this is the debug output from curl's C
library, libcurl.
On May 24, 11:20 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Ramy,
>
> Glad that you reset your credentials -- no problem there now.
>
> At first glance, everything here seems correct. I'm not sure why you are not
> getting a response back from our servers. On the computers that you are
> executing this code, is there some kind of web proxy you are using that may
> be preventing the response from being received?
>
> Does the request fail if you are not using SSL? Have you tried it from
> another machine or network?
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
>
> Glad that you reset your credentials -- no problem there now.
>
> At first glance, everything here seems correct. I'm not sure why you are not
> getting a response back from our servers. On the computers that you are
> executing this code, is there some kind of web proxy you are using that may
> be preventing the response from being received?
>
> Does the request fail if you are not using SSL? Have you tried it from
> another machine or network?
>
> Taylor Singletary
ramy
May 24, 2010, 5:25:32 PM5/24/10
to Twitter Development Talk
according to this post http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c3a43500531dd28f
Mike's document shows that the POST field should be:
POST https://api.twitter.com/oauth/request_token HTTP/1.1
while mine is:
POST /oauth/request_token HTTP/1.1
for some reason curl is omitting the whole url address, and this is
probably causing the problems I have.
will look into a fix with curl
r.d.
> of sighthttp://codepad.org/0SwNSw4a
Mike's document shows that the POST field should be:
POST https://api.twitter.com/oauth/request_token HTTP/1.1
while mine is:
POST /oauth/request_token HTTP/1.1
for some reason curl is omitting the whole url address, and this is
probably causing the problems I have.
will look into a fix with curl
r.d.
Reply all
Reply to author
Forward
0 new messages