[twitter-dev] Re: Authorizing for partial control
Of course, Twitter is not a secure means of communication. You know that, I know that. How about the majority of Twitter users? I think you could imagine the personal harm you could get from insulting tweets, spamming on your behalf or even setting pornographic images as your avatar. People are getting sued/prosecuted/fired/apprehended even here in the Netherlands for the tweets they post. Rediculous. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Authorizing for partial control
To all them TWITTER devs: I have some issues with asking Twitter users for FULL control of their account. Currently I only want to reply and (re)tweet on their behalf. But with an accepted authorization I can do everything with their account. There's also no way of making clear my intentions on the twitter authorization page. Of course, I could do this up front, but I expect the user to start reading only when twitter asks him/her to accept or decline authorization. So I'd like to propose 2 additions to either OAuth or a Twitter OAuth extension: - The possibility to ask for (by the app) and grant (by the user) a more fine grained level of authorization (more than just read/write only) - The possibility to insert a (short) description of the intended usage, perhaps taken from the app registration from within twitter. What do you think? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Retweet results in 401: Unauthorized
I now (successfully) perform a request for a request token (oauth_token and oauth_token_secret) and use the information to do a retweet request, but I still get the '401, unauthorized' message. Base signature string: POSThttp%3A%2F2Fapi.twitter.com%2F1%2Fstatuses%2Fretweet %2F22684354355.xmloauth_consumer_key%3DI1yQDPyI7WUn2fN9JfFWww %26oauth_nonce%3DYpI%252BXuJWeZ%252BNGfx3QKd %252F1lrULHSIIf3C3ozOS0gjPP0%253D%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1283766763%26oauth_token %3DkbTgqKDyvXJzdCnxAHnzkMgwzNFmDqQCAlGAEkPVgEs%26oauth_version%3D1.0 Sniffed nfo: POST /1/statuses/retweet/22684354355.xml HTTP/1.1 Content-Type: application/x-www-form-urlencoded (or the utf-8 variant) User-Agent: RTL Netherlands OAuth Consumer Authorization: OAuth oauth_consumer_key=I1yQDPyI7WUn2fN9JfFWww, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283766763, oauth_nonce=YpI%2BXuJWeZ%2BNGfx3QKd%2F1lrULHSIIf3C3ozOS0gjPP0%3D, oauth_version=1.0, oauth_token=kbTgqKDyvXJzdCnxAHnzkMgwzNFmDqQCAlGAEkPVgEs, oauth_signature=oCixDUOAd9Y0boxNUkzILBqLe0Y%3D Host: api.twitter.com HTTP/1.1 401 Unauthorized Date: Mon, 06 Sep 2010 09:52:45 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm=Twitter API X-Runtime: 0.00397 Content-Type: application/xml; charset=utf-8 Content-Length: 163 Cache-Control: no-cache, max-age=1800 Set-Cookie: k=217.118.160.30.1283766765938752; path=/; expires=Mon, 13- Sep-10 09:52:45 GMT; domain=.twitter.com Set-Cookie: guest_id=128376676594167272; path=/; expires=Wed, 06 Oct 2010 09:52:45 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCHhJduYqAToHaWQiJTdhNjZkMWY4MjdmZjRi %250AYzNmNDNkZjM5MDhjMzg2YjU4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--082acbfa5c013b238dddedeb5869bb1707083b65; domain=.twitter.com; path=/ Expires: Mon, 06 Sep 2010 10:22:45 GMT Vary: Accept-Encoding Connection: close ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/retweet/22684354355.xml/request errorCould not authenticate with OAuth./error /hash On Sep 3, 5:00 pm, Tom van der Woerdt i...@tvdw.eu wrote: I just noticed that you are not sending an oauth_token. You really need it for this request ;-) Tom On 9/3/10 4:52 PM, Papa.Coen wrote: Says here:http://dev.twitter.com/doc/post/statuses/retweet/:id It's on the internets, so it's true :) I was toying around with oauth_... header parameters. I get the same message when leaving the callback out. I thought maybe that was the problem (not having a callback at first) Base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fretweet %2F2404341.xmloauth_callback%3Dhttp%253A%252F%252Fwww.rtl.nl %252Fexperience%252Frtlnl%252F%26oauth_consumer_key %3DI1yQDPyI7WUn2fN9JfFWww%26oauth_nonce %3DYmzNuZ4t6L1uYhzxFzvLjKWTyFoEVE9pyAz569zsX4g%253D %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1283524907%26oauth_version%3D1.0 Again, you can leave out the callback part. On Sep 3, 4:46 pm, Tom van der Woerdt i...@tvdw.eu wrote: I'm pretty sure that /1/statuses/retweetrequires authorization ;-) There's one thing I see: * You are sending a oauth_callback where it's not needed. There's something I like to see: * Your Base String to verify that you are sending the right stuff. Tom On 9/3/10 4:39 PM, Papa.Coen wrote: Whilst the docs state no authorization is required. I think I'm doing something wrong with the OAuth fields I send. But I have yet to find out exactly what and how to fix it. I've tried the 'text/xml; charset=utf-8' content-type, but this results in the same message. Sniffed: POST /1/statuses/retweet/22684354355.xml HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: RTL Netherlands OAuth Consumer Authorization: OAuth oauth_callback=http%3A%2F%2Fwww.rtl.nl %2Fexperience%2Frtlnl%2F, oauth_consumer_key=I1yQDPyI7WUn2fN9JfFWww, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283523528, oauth_nonce=uupiA1mAr22CmX3D3Lou73hDV7yIYP9G9YjsyuhGN%2FQ%3D, oauth_version=1.0, oauth_signature=9HWVDDiftaW%2BZaOxNB692zBop1k %3D Host: api.twitter.com HTTP/1.1 401 Unauthorized Date: Fri, 03 Sep 2010 14:18:49 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm=Twitter API X-Runtime: 0.00591 Content-Type: application/xml; charset=utf-8 Content-Length: 163 Cache-Control: no-cache, max-age=1800 Set-Cookie: k=217.118.160.30.1283523529311927; path=/; expires=Fri, 10- Sep-10 14:18:49 GMT; domain=.twitter.com Set-Cookie: guest_id=128352352931668878; path=/; expires=Sun, 03 Oct 2010 14:18:49 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCGjK9tcqAToHaWQiJTFiYTNiMDlmMzZmNzdi %250AODJjMWRiMmY2OTMyODQ4ZTU0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--53471a68a90cd817bfe9063a156fd56d031dbd4f; domain=.twitter.com; path=/ Expires: Fri, 03 Sep 2010 14:48:49 GMT Vary: Accept-Encoding Connection: close
[twitter-dev] Re: Retweet results in 401: Unauthorized
But according to this page, authorization IS required: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses-retweet -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Retweet results in 401: Unauthorized
Retweeting works when a user has granted my app Authorization first. So I guess it's required. Seems logical too. Thanks for the help! Coen -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Retweet results in 401: Unauthorized
Whilst the docs state no authorization is required. I think I'm doing something wrong with the OAuth fields I send. But I have yet to find out exactly what and how to fix it. I've tried the 'text/xml; charset=utf-8' content-type, but this results in the same message. Sniffed: POST /1/statuses/retweet/22684354355.xml HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: RTL Netherlands OAuth Consumer Authorization: OAuth oauth_callback=http%3A%2F%2Fwww.rtl.nl %2Fexperience%2Frtlnl%2F, oauth_consumer_key=I1yQDPyI7WUn2fN9JfFWww, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283523528, oauth_nonce=uupiA1mAr22CmX3D3Lou73hDV7yIYP9G9YjsyuhGN%2FQ%3D, oauth_version=1.0, oauth_signature=9HWVDDiftaW%2BZaOxNB692zBop1k %3D Host: api.twitter.com HTTP/1.1 401 Unauthorized Date: Fri, 03 Sep 2010 14:18:49 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm=Twitter API X-Runtime: 0.00591 Content-Type: application/xml; charset=utf-8 Content-Length: 163 Cache-Control: no-cache, max-age=1800 Set-Cookie: k=217.118.160.30.1283523529311927; path=/; expires=Fri, 10- Sep-10 14:18:49 GMT; domain=.twitter.com Set-Cookie: guest_id=128352352931668878; path=/; expires=Sun, 03 Oct 2010 14:18:49 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCGjK9tcqAToHaWQiJTFiYTNiMDlmMzZmNzdi %250AODJjMWRiMmY2OTMyODQ4ZTU0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--53471a68a90cd817bfe9063a156fd56d031dbd4f; domain=.twitter.com; path=/ Expires: Fri, 03 Sep 2010 14:48:49 GMT Vary: Accept-Encoding Connection: close ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/retweet/22684354355.xml/request errorCould not authenticate with OAuth./error /hash -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Retweet results in 401: Unauthorized
Says here: http://dev.twitter.com/doc/post/statuses/retweet/:id It's on the internets, so it's true :) I was toying around with oauth_... header parameters. I get the same message when leaving the callback out. I thought maybe that was the problem (not having a callback at first) Base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fretweet %2F2404341.xmloauth_callback%3Dhttp%253A%252F%252Fwww.rtl.nl %252Fexperience%252Frtlnl%252F%26oauth_consumer_key %3DI1yQDPyI7WUn2fN9JfFWww%26oauth_nonce %3DYmzNuZ4t6L1uYhzxFzvLjKWTyFoEVE9pyAz569zsX4g%253D %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1283524907%26oauth_version%3D1.0 Again, you can leave out the callback part. On Sep 3, 4:46 pm, Tom van der Woerdt i...@tvdw.eu wrote: I'm pretty sure that /1/statuses/retweet requires authorization ;-) There's one thing I see: * You are sending a oauth_callback where it's not needed. There's something I like to see: * Your Base String to verify that you are sending the right stuff. Tom On 9/3/10 4:39 PM, Papa.Coen wrote: Whilst the docs state no authorization is required. I think I'm doing something wrong with the OAuth fields I send. But I have yet to find out exactly what and how to fix it. I've tried the 'text/xml; charset=utf-8' content-type, but this results in the same message. Sniffed: POST /1/statuses/retweet/22684354355.xml HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: RTL Netherlands OAuth Consumer Authorization: OAuth oauth_callback=http%3A%2F%2Fwww.rtl.nl %2Fexperience%2Frtlnl%2F, oauth_consumer_key=I1yQDPyI7WUn2fN9JfFWww, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283523528, oauth_nonce=uupiA1mAr22CmX3D3Lou73hDV7yIYP9G9YjsyuhGN%2FQ%3D, oauth_version=1.0, oauth_signature=9HWVDDiftaW%2BZaOxNB692zBop1k %3D Host: api.twitter.com HTTP/1.1 401 Unauthorized Date: Fri, 03 Sep 2010 14:18:49 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm=Twitter API X-Runtime: 0.00591 Content-Type: application/xml; charset=utf-8 Content-Length: 163 Cache-Control: no-cache, max-age=1800 Set-Cookie: k=217.118.160.30.1283523529311927; path=/; expires=Fri, 10- Sep-10 14:18:49 GMT; domain=.twitter.com Set-Cookie: guest_id=128352352931668878; path=/; expires=Sun, 03 Oct 2010 14:18:49 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCGjK9tcqAToHaWQiJTFiYTNiMDlmMzZmNzdi %250AODJjMWRiMmY2OTMyODQ4ZTU0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--53471a68a90cd817bfe9063a156fd56d031dbd4f; domain=.twitter.com; path=/ Expires: Fri, 03 Sep 2010 14:48:49 GMT Vary: Accept-Encoding Connection: close ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/retweet/22684354355.xml/request errorCould not authenticate with OAuth./error /hash -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Status update results in Internal server error 500
Thank you for your support. I saw you message a little too late, but was indeed the problem! Again: thanks a bunch. Coen On Sep 1, 5:00 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Looking at some of your example debug output above, you're sending a Content-Type header of text/xml when you aren't sending us XML, you're sending us x-www-form-urlencoded data. Taylor On Wed, Sep 1, 2010 at 7:38 AM, Papa.Coen papa.c...@gmail.com wrote: And now for something strange: I get the same 500 response _regardless_ of what I put in the body. Also when the data in the Signature base string is different from what is used in the body. So not even a '401 unauthorized' message... At first I suspected the(/my) signature, but now I have doubts. Lots of them. And still no solution... -- Twitter developer documentation and resources:http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Status update results in Internal server error 500
At first I was like: Oh Noos! But then I was like: I changed my code to URL encode the body data, but still get the 500. I get this for _every_ update request I make. Signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.jsonoauth_consumer_key%3DI1yQDPyI7WUn2fN9JfFWww %26oauth_nonce%3DzUiSrxqbsHQDdLL808dHSGwK1SJT78RKA7q266lQtms%253D %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1283329212%26oauth_token%3D172686984- rnCFtLBbV00YlZVXN0Um1weBPk1dZ3sQXh22rTkG%26oauth_version%3D1.0%26status %3Dsetting%2520up%2520my%2520twitter%2520hoot Sniffed: POST /1/statuses/update.json HTTP/1.1 Content-Type: text/xml; charset=utf-8 User-Agent: RTL Netherlands OAuth 0.1 Authorization: OAuth oauth_consumer_key=I1yQDPyI7WUn2fN9JfFWww, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283329212, oauth_nonce=zUiSrxqbsHQDdLL808dHSGwK1SJT78RKA7q266lQtms%3D, oauth_version=1.0, oauth_token=172686984- rnCFtLBbV00YlZVXN0Um1weBPk1dZ3sQXh22rTkG, oauth_signature=GjVUXM%2Fw %2FhlIoC5BuFQSSqnkRSU%3D Host: api.twitter.com Content-Length: 41 status=setting%20up%20my%20twitter%20hootHTTP/1.1 500 Internal Server Error Date: Wed, 01 Sep 2010 08:20:44 GMT Server: hi Status: 500 Internal Server Error Content-Type: text/html; charset=UTF-8 Set-Cookie: k=217.118.160.30.1283329243822931; path=/; expires=Wed, 08- Sep-10 08:20:43 GMT; domain=.twitter.com Cache-Control: max-age=300 Expires: Wed, 01 Sep 2010 08:25:43 GMT Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked f4 Status: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/htmlStatus: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/html 0 -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Status update results in Internal server error 500
FYI: - I'm hailing to Twitter via C# - If I send the data in my request chunked, I get a different error message: HTTP/1.1 500 Internal Server Error Date: Wed, 01 Sep 2010 13:02:53 GMT Server: Apache Set-Cookie: k=217.118.160.30.1283346173979846; path=/; expires=Wed, 08- Sep-10 13:02:53 GMT; domain=.twitter.com Last-Modified: Wed, 01 Sep 2010 07:14:45 GMT Accept-Ranges: bytes Content-Length: 4659 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 ... h2Something is technically wrong./h2 pThanks for noticing...we're going to fix it up and have things back to normal soon./p ... -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Status update results in Internal server error 500
And now for something strange: I get the same 500 response _regardless_ of what I put in the body. Also when the data in the Signature base string is different from what is used in the body. So not even a '401 unauthorized' message... At first I suspected the(/my) signature, but now I have doubts. Lots of them. And still no solution... -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Status update results in Internal server error 500
Fixed! CONTENT TYPE must be: application/x-www-form-urlencoded ! 1337. Thanks to this post: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/2c84b962327f7161/7d5e1fd98644913e?lnk=gstq=internal+server+error#7d5e1fd98644913e -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Status update results in Internal server error 500
Title says it all. Sniffed with wireshark: POST /1/statuses/update.json HTTP/1.1 Content-Type: text/xml; charset=utf-8 User-Agent: RTL Netherlands OAuth 0.1 Authorization: OAuth oauth_consumer_key=I1yQDPyI7WUn2fN9JfFWww, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283260843, oauth_nonce=7akvCS4Xsm2ZSL0vX04qWP%2FMat4RIODKhywFf5Zq0wg%3D, oauth_version=1.0, oauth_token=172686984- rnCFtLBbV00YlZVXN0Um1weBPk1dZ3sQXh22rTkG, oauth_signature=cGJklfT6Z5L3VjC8AlvpA%2BZ9kOE%3D Host: api.twitter.com Content-Length: 36 ...status=setting up my twitter hoot HTTP/1.1 500 Internal Server Error Date: Tue, 31 Aug 2010 13:21:14 GMT Server: hi Status: 500 Internal Server Error Content-Type: text/html; charset=UTF-8 Set-Cookie: k=217.118.160.30.1283260874490608; path=/; expires=Tue, 07- Sep-10 13:21:14 GMT; domain=.twitter.com Cache-Control: max-age=300 Expires: Tue, 31 Aug 2010 13:26:14 GMT Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked f4 Status: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/htmlStatus: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/html 0 -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
