[twitter-dev] Re: /oauth/request_token - Can't get one
I need to know, is this corner dead cause i got a response in less then a few hours in the bug department and i can't get any help with this at all. Am i missing some information? then please tell me, i'll feed you with whatever you want, i'm a developer and i'm developing core functions and API's so i can bring up whatever output data you need... urm yea, i'm desperate! On Jun 28, 10:30 pm, DoXiD anton.do...@gmail.com wrote: And this is what my sign_key_base looks like: POSThttp%3A%2F%2Fapi.twitter.com%2Foauth %2Frequest_tokenoauth_consumer_key%3Dp...8pw%26oauth_nonce %3D1309289330%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1309289330%26oauth_version%3D1.0 On Jun 28, 8:40 pm, DoXiD anton.do...@gmail.com wrote: After talking with a nice guy at the IRC channel he mentioned that i needed to sort my headers and my POST data. Sad and done, i sorted my things but still didn't help, any other suggestions? Here's a output (readable version) of my HEAD+POST:http://pastebin.com/H8uSuEd0 On Jun 28, 5:31 pm, DoXiD anton.do...@gmail.com wrote: First off, i'm uncertain which keys i can and can not post, so i'll obscure them. My main problem is that i don't know which keys to send to the request_token. Here is that i'm trying to send: (Note: time matches the servers, i've made sure of that) (Note: I have checked so that _all_ my keys are correct) (Note: I've also made sure that the signature matches up to my content of POST) POST /oauth/request_token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=1309272106, oauth_callback=, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106, oauth_consumer_key=pk...8pw, oauth_token=, oauth_signature=T5...5pQ%3D, oauth_version=1.0 User-Agent: InetCheck Host: api.twitter.com Keep-Alive: 115 Content-Length: 171 oauth_callback=oauth_consumer_key=pk... 8pwoauth_nonce=1309272106oauth_signature_method=HMAC- SHA1oauth_timestamp=1309272106oauth_token=oauth_version=1.0 After tat i recive either Failed to validate oauth signature and token or just a 401 return code. I'm trying to get my hands dirty here by developing my own API for Python. I know there are some out there but i don't like em + i don't trust other people. So i'm running Python2.6.5 And i'm using the modules: from socket import * from time import time, gmtime from random import randint import base64 import hashlib import hmac import urllib (i know, you're not supposed to do from m import * but i'm just making some basic code for a skeleton atm). The code to generate the header + POST data: (again, just a skeleton, ugly code, will be fixed when i got a working copy) dstr = '' if data: dstr += '' for k in ('oauth_callback', 'oauth_consumer_key', 'oauth_nonce', 'oauth_signature_method', 'oauth_timestamp', 'oauth_token', 'oauth_version'): if not k in data: raise KeyError(Missing + k + , please specify it at the login) dstr += k + '=' + data[k] + '' dstr = dstr[:-1] secr = self.keySet[1] sign_key_base = 'POST' + '' + urllib.quote_plus('http:// api.twitter.com/oauth/request_token') + '' sign_key_base += urllib.quote_plus(dstr) print 'Using sign base:' print '\t' + sign_key_base + '\n' print '\t Key:' print '\t\t', [data['consumer_secret'] + ''] print '\t\t', [hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest()] print '\t\t', [base64.encodestring(hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest())] secr = urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest()).replace('\n', '')) print '\t\t', [secr], '\n' ret = 'POST ' + URL + ' HTTP/1.1\r\n' ret += 'Content-Type: application/x-www-form-urlencoded\r\n' ret += 'Authorization: OAuth oauth_nonce=' + data['oauth_nonce'] + ', ' ret += 'oauth_callback=' + data['oauth_callback'] + ', ' ret += 'oauth_signature_method=HMAC-SHA1, ' ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', ' ret += 'oauth_consumer_key=' + data['oauth_consumer_key'] + ', ' ret += 'oauth_token=' + data['oauth_token'] + ', ' ret += 'oauth_signature=' + secr + ', ' ret += 'oauth_version=1.0\r\n' ret += 'User-Agent: InetCheck\r\n
[twitter-dev] /oauth/request_token - Can't get one
First off, i'm uncertain which keys i can and can not post, so i'll obscure them. My main problem is that i don't know which keys to send to the request_token. Here is that i'm trying to send: (Note: time matches the servers, i've made sure of that) (Note: I have checked so that _all_ my keys are correct) (Note: I've also made sure that the signature matches up to my content of POST) POST /oauth/request_token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=1309272106, oauth_callback=, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106, oauth_consumer_key=pk...8pw, oauth_token=, oauth_signature=T5...5pQ%3D, oauth_version=1.0 User-Agent: InetCheck Host: api.twitter.com Keep-Alive: 115 Content-Length: 171 oauth_callback=oauth_consumer_key=pk... 8pwoauth_nonce=1309272106oauth_signature_method=HMAC- SHA1oauth_timestamp=1309272106oauth_token=oauth_version=1.0 After tat i recive either Failed to validate oauth signature and token or just a 401 return code. I'm trying to get my hands dirty here by developing my own API for Python. I know there are some out there but i don't like em + i don't trust other people. So i'm running Python2.6.5 And i'm using the modules: from socket import * from time import time, gmtime from random import randint import base64 import hashlib import hmac import urllib (i know, you're not supposed to do from m import * but i'm just making some basic code for a skeleton atm). The code to generate the header + POST data: (again, just a skeleton, ugly code, will be fixed when i got a working copy) dstr = '' if data: dstr += '' for k in ('oauth_callback', 'oauth_consumer_key', 'oauth_nonce', 'oauth_signature_method', 'oauth_timestamp', 'oauth_token', 'oauth_version'): if not k in data: raise KeyError(Missing + k + , please specify it at the login) dstr += k + '=' + data[k] + '' dstr = dstr[:-1] secr = self.keySet[1] sign_key_base = 'POST' + '' + urllib.quote_plus('http:// api.twitter.com/oauth/request_token') + '' sign_key_base += urllib.quote_plus(dstr) print 'Using sign base:' print '\t' + sign_key_base + '\n' print '\t Key:' print '\t\t', [data['consumer_secret'] + ''] print '\t\t', [hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest()] print '\t\t', [base64.encodestring(hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest())] secr = urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest()).replace('\n', '')) print '\t\t', [secr], '\n' ret = 'POST ' + URL + ' HTTP/1.1\r\n' ret += 'Content-Type: application/x-www-form-urlencoded\r\n' ret += 'Authorization: OAuth oauth_nonce=' + data['oauth_nonce'] + ', ' ret += 'oauth_callback=' + data['oauth_callback'] + ', ' ret += 'oauth_signature_method=HMAC-SHA1, ' ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', ' ret += 'oauth_consumer_key=' + data['oauth_consumer_key'] + ', ' ret += 'oauth_token=' + data['oauth_token'] + ', ' ret += 'oauth_signature=' + secr + ', ' ret += 'oauth_version=1.0\r\n' ret += 'User-Agent: InetCheck\r\n' ret += 'Host: ' + host + '\r\n' ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr)) + '\r\n \r\n' + dstr Please help me, it's getting on my nerves this oAuth stuff, really never ever came in contact with it until Twitter, sure it looks like a good security implementation but atm i don't like it :/ Any help is apritiated. Also, validated my oauth_signature and content via: http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ Everyting matches up against what i'm sending to the server. So if Twitter follows that standard it should all be good. I don't know tho if i should skip oauth_callback since it's an empty string anyways, or if i should skip oauth_token because i don't have one (also a empty string). -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: /oauth/request_token - Can't get one
After talking with a nice guy at the IRC channel he mentioned that i needed to sort my headers and my POST data. Sad and done, i sorted my things but still didn't help, any other suggestions? Here's a output (readable version) of my HEAD+POST: http://pastebin.com/H8uSuEd0 On Jun 28, 5:31 pm, DoXiD anton.do...@gmail.com wrote: First off, i'm uncertain which keys i can and can not post, so i'll obscure them. My main problem is that i don't know which keys to send to the request_token. Here is that i'm trying to send: (Note: time matches the servers, i've made sure of that) (Note: I have checked so that _all_ my keys are correct) (Note: I've also made sure that the signature matches up to my content of POST) POST /oauth/request_token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=1309272106, oauth_callback=, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106, oauth_consumer_key=pk...8pw, oauth_token=, oauth_signature=T5...5pQ%3D, oauth_version=1.0 User-Agent: InetCheck Host: api.twitter.com Keep-Alive: 115 Content-Length: 171 oauth_callback=oauth_consumer_key=pk... 8pwoauth_nonce=1309272106oauth_signature_method=HMAC- SHA1oauth_timestamp=1309272106oauth_token=oauth_version=1.0 After tat i recive either Failed to validate oauth signature and token or just a 401 return code. I'm trying to get my hands dirty here by developing my own API for Python. I know there are some out there but i don't like em + i don't trust other people. So i'm running Python2.6.5 And i'm using the modules: from socket import * from time import time, gmtime from random import randint import base64 import hashlib import hmac import urllib (i know, you're not supposed to do from m import * but i'm just making some basic code for a skeleton atm). The code to generate the header + POST data: (again, just a skeleton, ugly code, will be fixed when i got a working copy) dstr = '' if data: dstr += '' for k in ('oauth_callback', 'oauth_consumer_key', 'oauth_nonce', 'oauth_signature_method', 'oauth_timestamp', 'oauth_token', 'oauth_version'): if not k in data: raise KeyError(Missing + k + , please specify it at the login) dstr += k + '=' + data[k] + '' dstr = dstr[:-1] secr = self.keySet[1] sign_key_base = 'POST' + '' + urllib.quote_plus('http:// api.twitter.com/oauth/request_token') + '' sign_key_base += urllib.quote_plus(dstr) print 'Using sign base:' print '\t' + sign_key_base + '\n' print '\t Key:' print '\t\t', [data['consumer_secret'] + ''] print '\t\t', [hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest()] print '\t\t', [base64.encodestring(hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest())] secr = urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] + '', sign_key_base, hashlib.sha1).digest()).replace('\n', '')) print '\t\t', [secr], '\n' ret = 'POST ' + URL + ' HTTP/1.1\r\n' ret += 'Content-Type: application/x-www-form-urlencoded\r\n' ret += 'Authorization: OAuth oauth_nonce=' + data['oauth_nonce'] + ', ' ret += 'oauth_callback=' + data['oauth_callback'] + ', ' ret += 'oauth_signature_method=HMAC-SHA1, ' ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', ' ret += 'oauth_consumer_key=' + data['oauth_consumer_key'] + ', ' ret += 'oauth_token=' + data['oauth_token'] + ', ' ret += 'oauth_signature=' + secr + ', ' ret += 'oauth_version=1.0\r\n' ret += 'User-Agent: InetCheck\r\n' ret += 'Host: ' + host + '\r\n' ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr)) + '\r\n \r\n' + dstr Please help me, it's getting on my nerves this oAuth stuff, really never ever came in contact with it until Twitter, sure it looks like a good security implementation but atm i don't like it :/ Any help is apritiated. Also, validated my oauth_signature and content via:http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... Everyting matches up against what i'm sending to the server. So if Twitter follows that standard it should all be good. I don't know tho if i should skip oauth_callback since it's an empty string anyways, or if i should skip oauth_token because i don't have one (also a empty string). -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues