[twitter-dev] Re: OAuth Echo problem in python
If you were seeing a 400 Bad Req, you were most likely sending a bad upload to the API. We only return a 400 Bad Req if the image is not found, the multipart form-data is malformed, or if the image is >5MB. If Twitpic is having a service outage you will always get a 50x error (502 or 500). If Twitter is having an OAuth Echo outage, you will get a 401 Unauthorized from the Twitpic API. Steve Corona Twitpic On Jun 4, 3:48 pm, yml wrote: > At that point both services yfrog and twipic work fine. I hate to say > this but I am almost convince that the pain in the development process > comes from some outage in either twitpic or Twitter Oauth Echo > authentication. > > for the sake of completeness of this thread here it is my 2 working > views :http://dpaste.com/203292/ > > Regards, > --yml > > On Jun 4, 9:59 am, Yann Malet wrote: > > > > > I have just uploaded the same image using the web interface > > :http://twitpic.com/1ttrlu > > <http://twitpic.com/1ttrlu>do you have any recommendation ? On how to solve > > this issue. > > <http://twitpic.com/1ttrlu>Regards, > > --yml > > > On Fri, Jun 4, 2010 at 9:56 AM, Yann Malet wrote: > > > Steve, > > > The image is only 33.7kb and it is a jpg. > > > Do you have any python sample code for the ? > > > Regards, > > > --yml > > > > On Fri, Jun 4, 2010 at 9:38 AM, Steve C wrote: > > > >> Twitpic will only 400 Bad Request you if it can't find the image in > > >> your multipart/form- > > >> data or if the image is invalid (not jpg/png/gif or >5MB in size). > > > >> Thanks, > > > >> Steve C > > >> Twitpic > > > >> On Jun 4, 9:20 am, Yann Malet wrote: > > >> > If I send this request to 127.0.0.1:9000 without the file here it is > > >> the > > >> > string I can observe : > > > >> > """ > > >> > (ve)y...@yml-laptop:jess3$ netcat -l -p 9000 > > >> > POST / HTTP/1.1 > > >> > Accept-Encoding: identity > > >> > Content-Length: 377 > > >> > X-Auth-Service-Provider: > > >>https://api.twitter.com/1/account/verify_credentials.json > > >> > Host: 127.0.0.1:9000 > > >> > User-Agent: Python-urllib/2.6 > > >> > Connection: close > > >> > Content-Type: multipart/form-data; > > >> boundary=a45bd25da2844dac81003987b3c19e18 > > >> > X-Verify-Credentials-Authorization: OAuth realm=" > > >>http://api.twitter.com/";, > > >> > oauth_signature_method="HMAC-SHA1", > > >> > oauth_consumer_key="y2hEqGNEmyjU2De3hNcg", > > >> > oauth_token="90476798-5VZeNLpXUCaJ06UaWve2c4JVfdcJj5D4r21JxUFM", > > >> > oauth_signature="NMPlU4cRYl0b6jbQJ1xGXaZ5%2FpM%3D" > > > >> > --a45bd25da2844dac81003987b3c19e18 > > >> > Content-Disposition: form-data; name="key" > > >> > Content-Type: text/plain; charset=utf-8 > > >> > Content-Length: 32 > > > >> > 4bb040d1ec65427f8038cdd60a12cde2 > > >> > --a45bd25da2844dac81003987b3c19e18 > > >> > Content-Disposition: form-data; name="message" > > >> > Content-Type: text/plain; charset=utf-8 > > >> > Content-Length: 13 > > > >> > copine et moi > > >> > --a45bd25da2844dac81003987b3c19e18-- > > >> > ^C > > >> > (ve)y...@yml-laptop:jess3$ > > > >> > """ > > > >> > Does any one can spot the issue ? > > >> > Regards, > > >> > --yml > > > >> > On Fri, Jun 4, 2010 at 9:14 AM, Yann Malet > > >> wrote: > > >> > > Hello Zac, > > > >> > > I rewrote everything in my app based on python-oauth2 : > > >> > >http://dpaste.com/203168/ > > >> > > The file is still hardcoded to ease the comprehension. I hope this > > >> will > > >> > > help you to spot my issue. > > > >> > > The error message I get from twitpic is 400 bad request. > > >> > > Regards, > > >> > > --yml > > > >> > > """ > > >> > > class OAuthEchoRequest(oauth.Request): > > >> > > def to_header(self, realm='http://api.twitter.com/'): > > >> > > headers = super
[twitter-dev] Re: OAuth Echo problem in python
Twitpic will only 400 Bad Request you if it can't find the image in
your multipart/form-
data or if the image is invalid (not jpg/png/gif or >5MB in size).
Thanks,
Steve C
Twitpic
On Jun 4, 9:20 am, Yann Malet wrote:
> If I send this request to 127.0.0.1:9000 without the file here it is the
> string I can observe :
>
> """
> (ve)y...@yml-laptop:jess3$ netcat -l -p 9000
> POST / HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 377
> X-Auth-Service-Provider:https://api.twitter.com/1/account/verify_credentials.json
> Host: 127.0.0.1:9000
> User-Agent: Python-urllib/2.6
> Connection: close
> Content-Type: multipart/form-data; boundary=a45bd25da2844dac81003987b3c19e18
> X-Verify-Credentials-Authorization: OAuth realm="http://api.twitter.com/";,
> oauth_signature_method="HMAC-SHA1",
> oauth_consumer_key="y2hEqGNEmyjU2De3hNcg",
> oauth_token="90476798-5VZeNLpXUCaJ06UaWve2c4JVfdcJj5D4r21JxUFM",
> oauth_signature="NMPlU4cRYl0b6jbQJ1xGXaZ5%2FpM%3D"
>
> --a45bd25da2844dac81003987b3c19e18
> Content-Disposition: form-data; name="key"
> Content-Type: text/plain; charset=utf-8
> Content-Length: 32
>
> 4bb040d1ec65427f8038cdd60a12cde2
> --a45bd25da2844dac81003987b3c19e18
> Content-Disposition: form-data; name="message"
> Content-Type: text/plain; charset=utf-8
> Content-Length: 13
>
> copine et moi
> --a45bd25da2844dac81003987b3c19e18--
> ^C
> (ve)y...@yml-laptop:jess3$
>
> """
>
> Does any one can spot the issue ?
> Regards,
> --yml
>
>
>
> On Fri, Jun 4, 2010 at 9:14 AM, Yann Malet wrote:
> > Hello Zac,
>
> > I rewrote everything in my app based on python-oauth2 :
> >http://dpaste.com/203168/
> > The file is still hardcoded to ease the comprehension. I hope this will
> > help you to spot my issue.
>
> > The error message I get from twitpic is 400 bad request.
> > Regards,
> > --yml
>
> > """
> > class OAuthEchoRequest(oauth.Request):
> > def to_header(self, realm='http://api.twitter.com/'):
> > headers = super(OAuthEchoRequest, self).to_header(realm=realm)
> > return {'X-Verify-Credentials-Authorization':
> > headers['Authorization']}
>
> > @login_required
> > def twitpic_upload_photo(request):
> > if request.method == 'POST':
> > form = PhotoForm(request.POST, request.FILES)
> > if form.is_valid():
> > profile = Profile.objects.get(user=request.user)
> > token = oauth.Token(profile.oauth_token,
> > profile.oauth_secret)
>
> > params = {
> > 'oauth_consumer_key': settings.TWITTER_CONSUMER_KEY,
> > 'oauth_signature_method':"HMAC-SHA1",
> > 'oauth_token':token.key,
> > 'oauth_timestamp':oauth.generate_timestamp(),
> > 'oauth_nonce':oauth.generate_nonce(),
> > 'oauth_version':'1.0'
> > }
>
> > oauth_echo_request = OAuthEchoRequest(method="GET",
>
> > url=settings.TWITTER_VERIFY_CREDENTIALS,
> > #parameters=params
> > )
>
> > signature=oauth_echo_request.sign_request(oauth.SignatureMethod_HMAC_SHA1()
> > ,
> > consumer,
> > token)
>
> > headers = oauth_echo_request.to_header()
> > headers['X-Auth-Service-Provider'] =
> > settings.TWITTER_VERIFY_CREDENTIALS
>
> > #with multipart_encode
> > values = [
> > MultipartParam('key',value=settings.TWITPIC_API_KEY),
>
> > MultipartParam('message',value=form.cleaned_data['message']),
> > MultipartParam('media',
> > filename='copine_moi.jpg',
> > filetype='image/jpeg',
>
> > fileobj=open("/home/yml/Desktop/copine_moi.jpg","rb"))
> > ]
>
> > register_openers()
> > datagen, heads = multipart_encode(values)
> > headers.update(heads)
> > req = urllib2.Request(settings.TWITPIC_API_URL, datagen,
> > headers)
> > # Post to netcat
> > #req = urllib2.Request("http:
[twitter-dev] Re: OAuth Echo problem in python
I just looked at your code briefly, but I believe the problem is this
line:
oauth_request = TwitpicOAuthRequest(http_method="POST",
http_url=settings.TWITPIC_API_URL,
The OAuth Request needs to be signed using the Twitter Endpoint
(https://api.twitter.com/1/account/verify_credentials.json), not the
Twitpic API URL.
Try something like this:
oauth_request = TwitpicOAuthRequest(http_method="GET",
http_url="https://api.twitter.com/1/account/verify_credentials.json";,
On Jun 3, 2:38 pm, yml wrote:
> I would greatly appreciate any help.
> Here it is the latest evolution of this piece of code :
>
> """
> class TwitpicOAuthRequest(OAuthRequest):
> def to_header(self, realm='http://api.twitter.com/'):
> headers = super(TwitpicOAuthRequest,
> self).to_header(realm=realm)
> return {'X-Verify-Credentials-Authorization':
> headers['Authorization']}
>
> def post_photo(request):
> if request.method == 'POST':
> form = PhotoForm(request.POST, request.FILES)
> if not request.session.get('twitter_access_token'):
> return HttpResponse("Not authenticated")
> if form.is_valid():
> access_token = request.session['twitter_access_token']
>
> params = {
> 'oauth_consumer_key': settings.TWITTER_CONSUMER_KEY,
> 'oauth_signature_method':"HMAC-SHA1",
> 'oauth_token':access_token.key,
> 'oauth_timestamp':oauth.generate_timestamp(),
> 'oauth_nonce':oauth.generate_nonce(),
> 'oauth_version':'1.0'
> }
>
> consumer =
> oauth.OAuthConsumer(key=settings.TWITTER_CONSUMER_KEY,
>
> secret=settings.TWITTER_CONSUMER_SECRET)
> token = oauth.OAuthToken(key=access_token.key,
> secret=access_token.secret)
> oauth_request = TwitpicOAuthRequest(http_method="GET",
>
> #http_url=settings.TWITPIC_API_URL,
>
> http_url=settings.TWITTER_VERIFY_CREDENTIALS,
> parameters=params)
>
> signature=oauth_request.sign_request(OAuthSignatureMethod_HMAC_SHA1(),
> consumer,
> access_token)
>
> headers = oauth_request.to_header()
> headers['X-Auth-Service-Provider'] =
> settings.TWITTER_VERIFY_CREDENTIALS
>
> #with multipart_encode
> values = [
> MultipartParam('key',value=settings.TWITPIC_API_KEY),
>
> MultipartParam('message',value=form.cleaned_data['message']),
> MultipartParam('media',
> filename='copine_moi.jpg',
> filetype='image/jpeg',
> fileobj=open("/home/yml/Desktop/
> copine_moi.jpg","rb"))
> ]
>
> register_openers()
> datagen, heads = multipart_encode(values)
> headers.update(heads)
> req = urllib2.Request(settings.TWITPIC_API_URL, datagen,
> headers)
> # Post to netcat -l -p 9000
> #req = urllib2.Request("http://127.0.0.1:9000";, datagen,
> headers)
>
> #with urlencode
> #values = {}
> #values['key'] = MultipartParam(settings.TWITPIC_API_KEY)
> #values['message'] =
> MultipartParam(form.cleaned_data['message'])
> #values['media'] = open("/home/yml/Desktop/
> copine_moi.jpg", "rb").read()
> #data = urllib.urlencode(values)
> #req = urllib2.Request(settings.TWITPIC_API_URL, data,
> headers)
>
> response = urllib2.urlopen(req)
> return HttpResponse("the photo is posted")
> else:
> form = PhotoForm(initial={"created_at":datetime.now()})
>
> return render_to_response("twitter_integration/photo_form.html",
> {"form":form,},
>
> context_instance=RequestContext(request))
> """
>
> On Jun 3, 11:20 am, yml wrote:
>
>
>
> > Hello,
> > I am in the process of writing a python web app that should enable the
> > user to post picture to twitpic using the Oauth Echo authorization
> > mechanism.
>
> > The application is already able to post tweet using the Oauth
> > authentication so the access_token is available to us in the session.
>
> > So my question to you guys is that it would be great if someone could
> > point what is the issue in the code below or paste some sample code
> > that upload a picture in python to twitpic.
>
> >
> > # OauthRequest is from the python-oauth lib
> > # I overide the to_header method to return a dict with the right key.
>
> > class TwitpicOAuthRequest(OAuthRequest):
> > def to_header(self, realm='http://api.twitter.com/'):
> > headers = super(TwitpicOAuthRequest,
> > self).to_header(realm=realm)
> > return {'X-Verify-Credentials-Authorization':
> > headers['Authorization']}
>
> > def post_photo(request):
> > if request.method == 'POST':
> > form = PhotoForm(r
[twitter-dev] Re: Serious @Anywhere Uncommanded redirect
Thanks for posting this, I'm glad someone else is seeing the same issue as us. Similarly, I was disappointed with the response from Twitter- maybe I didn't explain the problem well enough. Unfortunately, we had to pull @anywhere from Twitpic until they get the issue resolved. Steve Corona On Jun 1, 11:11 pm, BevHoward wrote: > My users (none of them twitter users) are experiencing uncommanded > redirects to (undefined) twitter pages when they go to sites such as > washington post which, based on the limited information I have been > able to glean, is running @anywhere > > I found one post at > > http://www.devcomments.com/Anywhere-auto-redirecting-users-to-twitter... > > where a twitter response indicates that the problem is "due to the > users' browser" > > This seems to be a totally unethical response to a twitter process > that hijacks non twitter users browsers and prevents them from > accessing content they are attempting to access. > > Anyone at twitter care to comment on how _not twitter_ users are > supposed to deal with these problems? > > Beverly Howard
[twitter-dev] Re: @Anywhere auto-redirecting users to twitter.com/undefined
Right, I understand that it's not supported on older browsers but I think that it's unacceptable behavior for @anywhere to redirect a user from our site to a broken page on twitter.com. It seems like a defect, even if the browser is not supported (it should just do nothing- not cause issues). Is there anyway that @anywhere can do some browser sniffing and cleanly exit out if the features you need are not supported? Thanks, Steve Corona Twitpic On Jun 1, 9:57 am, Taylor Singletary wrote: > Hi Steve, > > Sorry about the issues. @Anywhere supports the following browsers > (fromhttp://dev.twitter.com/anywhere/begin): > > Version 1 of @Anywhere supports the following browsers: > > - Firefox 3.x > - Chrome 4 > - Safari 4 > - Opera 10 > - Internet Explorer 6, 7, and 8 > > Taylor Singletary > Developer Advocate, Twitterhttp://twitter.com/episod > > > > On Tue, Jun 1, 2010 at 6:50 AM, Steve C wrote: > > We had some reports over the weekend of users using older browsers > > (Firefox 2.0 was mentioned) being auto-redirected to "twitter.com/ > > undefined" due to @anywhere. Anyone else having the same issue?
[twitter-dev] @Anywhere auto-redirecting users to twitter.com/undefined
We had some reports over the weekend of users using older browsers (Firefox 2.0 was mentioned) being auto-redirected to "twitter.com/ undefined" due to @anywhere. Anyone else having the same issue?
[twitter-dev] Re: oAuth Echo Enabled Providers
Hi Rich- Nice catch! During one of our deployments today, we mistakingly switched the OAuth Echo API to use Twitter's Non-SSL Endpoint. I just pushed a fix for it- can you let me know if everything works correctly for you again? (Coincidently, the deployment that turned off SSL for the API was turning SSL on for another part of the website. :P) Thanks! Steve Corona Twitpic On May 20, 6:44 pm, Rich wrote: > A bit more debugging and oAuth Echo only seems to be broken over SSL, > change the realm, provider and signing request > tohttp://api.twitter.com/1/account/verify_credentials.jsoninstead > ofhttps://api.twitter.com/1/account/verify_credentials.jsonand it'll go > through > > On May 20, 11:23 pm, Rich wrote: > > > > > Scrap that, looks like oAuth echo is almost totally broken right now, > > only Twitgoo seems to be working, both MobyPicture and TwitPic > > constantly return a 401, and on the very odd occasion one does make it > > through Twitter itself returns a 500 status error (even though it > > actually posts the message) > > > On May 20, 11:00 pm, Rich wrote: > > > > Look's like TwitPic's oAuth Echo has broken again, can anyone else > > > confirm? > > > > On May 20, 9:49 pm, Justin Hart wrote: > > > > > This is now active on Twitgoo. You can see the documentation > > > > here:http://twitgoo.com/docs/Content/Developer/upload.htm > > > > > On May 19, 9:05 am, Justin Hart wrote: > > > > > > I am the lead dev on Twitgoo and I just built full echo support for > > > > > 'upload' there. Its on the beta site right now, so if you want to > > > > > test, please contact me for the info, otherwise it should be out by > > > > > the end of the week. It will have full support of header, query > > > > > string and multipart body parameters. > > > > > > On May 17, 2:47 pm, Rich wrote: > > > > > > > With the impending switch off of Basic Auth, should we keep a list > > > > > > of > > > > > > media providers and external services that have already made the > > > > > > switch to oAuth Echo. > > > > > > > So far I've found and tested > > > > > > > TwitPic - full oAuth Echo support > > > > > > TwitVid - oAuth Echo by sending as a URL parameter > > > > > > > I know MobyPicture intend to have oAuth Echo enabled this month. > > > > > > > Any others any one knows of?
[twitter-dev] Re: alert() in anywhere.js
I am assuming they will create a dummy function that will be used console.log is undefined- otherwise, you are very right. On May 19, 3:03 pm, nischalshetty wrote: > One of us is crazy here. If I'm not wrong console.log belongs to > firebug. Which means you will get a javascript error on ALL browsers > which do not have firebug installed and running. > > -Nischal > > On May 19, 11:41 pm, Dan Webb wrote: > > > > > On Wed, May 19, 2010 at 11:27 AM, Steve C wrote: > > > We just rolled out @anywhere yesterday and some of our users are > > > experiencing similar issues. > > > >http://twitpic.com/1p00d6 > > > We rolled out a fix at the weekend that we fixed all the browsers that > > we test under but there are obviously still some browsers getting the > > issue. I think we'll use console.info to display these message > > instead of an alert. We wanted to let developers know that they > > needed a clientID in the most noticable way but to avoid unintended > > annoyance of users we'll move to console.log. > > > Thanks, > > > -- > > Dan Webb > > Front-end Engineer, Platform > > d...@twitter.com / @danwrong > > +1 415 425 5631
[twitter-dev] Re: alert() in anywhere.js
Thanks Dan- We appreciate you & your teams hard work. On May 19, 2:53 pm, Dan Webb wrote: > On Wed, May 19, 2010 at 11:48 AM, Damon Clinkscales wrote: > > On Wed, May 19, 2010 at 1:41 PM, Dan Webb wrote: > >> On Wed, May 19, 2010 at 11:27 AM, Steve C wrote: > > Just wondering...does TwitPic have a bug or misconfiguration or is > > this an @anywhere bug? > > Javascript errors at startup time (in these cases by browser bugs in > certain browsers that we don't support) are causing the initialization > to terminate early leaving the client ID unset. We're going to ensure > that unsupport browsers fail silently rather than triggering this > alert. > > ETA for fix is within the hour. > > -- > Dan Webb > Front-end Engineer, Platform > d...@twitter.com / @danwrong > +1 415 425 5631
[twitter-dev] Re: alert() in anywhere.js
What is your ETA on rolling out the change? We are deciding on whether we should disable @anywhere until alert() is removed. On May 19, 2:41 pm, Dan Webb wrote: > On Wed, May 19, 2010 at 11:27 AM, Steve C wrote: > > We just rolled out @anywhere yesterday and some of our users are > > experiencing similar issues. > > >http://twitpic.com/1p00d6 > > We rolled out a fix at the weekend that we fixed all the browsers that > we test under but there are obviously still some browsers getting the > issue. I think we'll use console.info to display these message > instead of an alert. We wanted to let developers know that they > needed a clientID in the most noticable way but to avoid unintended > annoyance of users we'll move to console.log. > > Thanks, > > -- > Dan Webb > Front-end Engineer, Platform > d...@twitter.com / @danwrong > +1 415 425 5631
[twitter-dev] Re: alert() in anywhere.js
We just rolled out @anywhere yesterday and some of our users are
experiencing similar issues.
http://twitpic.com/1p00d6
Steve
On May 14, 6:57 pm, Larry wrote:
> I just came across a coworker's browser that triggered analert() call
> fromanywhere.js. While okay for development, the use ofalert() is
> not friendly for production websites. Could these be converted
> console.log() or some other benign mechanism?
>
> Grepping throughanywhere.js I found two instances ofalert():
>
> alert("To set up @anywhere, please provide a client ID");
>
> alert("No version matching "+Z);
>
> Cheers
> Larry
