[twitter-dev] Re: C# + OAuth + account/update_profile_image = 500 Internal Server Error
Got this sorted out and working, and thought I should share the two pitfalls which were causing me problems. First of all, unbelievably, the 500 Internal Server Error was being caused by an extra carriage return between my last HTTP header and the first multipart boundary. Seriously. I had two blank lines in there instead of one. Removed the extra carriage return, and my 500 vanished, being replaced by a more reasonable "(401) Unauthorized - Incorrect signature" error. Secondly, the OAuth documentation seems a bit shaky when it comes to multipart/form-data POSTs. But basically, you do NOT use any of the POST parameters when creating your signature. And this includes all of the OAuth-specific parameters like oauth_consumer_key, oauth_signature_method, etc. Bit of a security hole imho, OAuth implements all this complexity to avoid man-in-the-middle or replay attacks, and as soon as you do a multipart POST it's all negated. So, my signature base was literally: POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml& Just the HTTP method and the URL. No parameters. Once I made that change to the signature generation, my request went through fine and my avatar changed. Hope this helps someone! Cheers, David...
[twitter-dev] Re: API profile image update
Hi Josh, I spent yesterday trying to implement profile image updating for the first time, with no result other than 500 errors - see http://groups.google.com/group/twitter-development-talk/browse_thread/thread/4fe78c5c7fb5cbdf for my post on the subject. Cheers, David...
[twitter-dev] C# + OAuth + account/update_profile_image = 500 Internal Server Error
Hi, I'm trying to implement a simple little app which can (a) send status updates and (b) modify the user's profile image. I started off using Shannon Whitley's code from http://www.voiceoftech.com/swhitley/?p=681 which got me up and running just fine for the statuses/update method. However I needed to add multipart/form-data POST handling to it in order to the account/update_profile_image call. Every example I could find of this involved basic authentication, not OAuth, so I'm not sure if I'm doing it right. Anyway, all I can get from it is "500 Internal Server Error" - does anyone have any ideas? Below it my HTTP request dumped out using Fiddler (I replaced the binary data of the file with "(there's a few K of binary data here, the contents of the file)" and the OAuth keys with X's) POST /account/update_profile_image.xml HTTP/1.1 Content-Type: multipart/form-data; boundary=8cbed79c91b24f3 Host: twitter.com Content-Length: 3863 --8cbed79c91b24f3 Content-Disposition: form-data; name="oauth_consumer_key"; X --8cbed79c91b24f3 Content-Disposition: form-data; name="oauth_nonce"; 8684173 --8cbed79c91b24f3 Content-Disposition: form-data; name="oauth_signature_method"; HMAC-SHA1 --8cbed79c91b24f3 Content-Disposition: form-data; name="oauth_timestamp"; 1250495190 --8cbed79c91b24f3 Content-Disposition: form-data; name="oauth_token"; XX --8cbed79c91b24f3 Content-Disposition: form-data; name="oauth_version"; 1.0 --8cbed79c91b24f3 Content-Disposition: form-data; name="oauth_signature"; --8cbed79c91b24f3 Content-Disposition: form-data; name="image"; filename="test.jpg" Content-Type: image/jpeg (there's a few K of binary data here, the contents of the file) --8cbed79c91b24f3
