[twitter-dev] Re: oauth_sign - simple C code to generate an OAuth signature

[Ross Burton]

On Jul 5, 5:48 pm, Jef Poskanzer  wrote:
> Part 0: Deciding to do it.  My apps are command-line based and call
> Twitter using my equivalents of curl, called http_get and http_post.
> These are simple command-line programs that make an HTTP call.  What
> I needed was a simple command-line program to make an OAuth-signed HTTP
> call.  Did that already exist?  Sort of - there was Marcel Molina's
> twurl:http://github.com/marcel/twurl Only problem is that it's written
> in Ruby, which I do not have installed and am not really intrerested in
> installing.  For those of us who want to stick with plain old C or
> possibly C++, the only available OAuth code is 
> liboauth:http://liboauth.sourceforge.net/ This includes code to link with
> libcurl and make signed HTTP calls.  It's pretty huge - 1.6 megabytes
> of source.  I tried it anyway.  Unfortunately I couldn't get to work
> on my system.  So I was kind of stuck, and decided to roll my own.

Another option is librest -- http://meego.gitorious.org/meego-middleware/librest

It uses GObject and libsoup which is either a big plus or a huge
negative, depending on your point of view.

Ross

[twitter-dev] Re: Invalid signature when calling request_token

[Ross Burton]

Okay, I discovered that Twitter only allows OAuth data to be in an
Authorized header and not as query arguments.  Now I have changed to
using the Authorized header I can get an access token but attempting
to call /users/show fails with "Unauthorized application or token".

Any ideas?

Ross

[twitter-dev] Invalid signature when calling request_token

[Ross Burton]

Hi,

I'm porting my HTTP authentication based twitter client to OAuth, and
am having problems constructing a signed call to request_token that
twitter.com will accept.  The OAuth implementation has successfully
worked with two different sample servers and MySpace, so I don't think
I'm hitting any underlying bugs in my code.  That said, the OAuth
specification skims over encoding so it's possible that there is an
incompatibility.

This is what happens:

> GET 
> /oauth/request_token?oauth%5Fconsumer%5Fkey=sPHnVfjaW22jHcGYyHCFA&oauth%5Fsignature=zRmErZcLje9Nns2VEtsyRwzztQE%3D&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&oauth%5Fnonce=1276674971&oauth%5Ftimestamp=1242721670&oauth%5Fversion=1%2E0
>  HTTP/1.1
> Soup-Debug-Timestamp: 1242721670
> Soup-Debug: SoupSessionAsync 1 (0x8f315b8), SoupMessage 1 (0x901d868), 
> SoupSocket 1 (0x902f820)
> Host: twitter.com

< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1242721670
< Soup-Debug: SoupMessage 1 (0x901d868)
< Date: Tue, 19 May 2009 08:27:51 GMT
< Server: hi
< Last-Modified: Tue, 19 May 2009 08:27:51 GMT
< Status: 401 Unauthorized
< Pragma: no-cache
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
post-check=0
< Content-Type: text/html; charset=utf-8
< Content-Length: 44
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< X-Revision: 0056844fe50774f758d59f4d2931e6b31ccbf68f
< X-Transaction: 1242721671-71519-1029
< Set-Cookie:
_twitter_sess=BAh7BzoHaWQiJTkxZTYyNWM2OWMxZWIwMGE3MDczYTI1MTUzMjIwNDE2Igpm
%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG
%250AOgpAdXNlZHsA--32fb8d8fe9b5a3845060194eb2160f14fe9114c8;
domain=.twitter.com; path=/
< Vary: Accept-Encoding
< Connection: close
<
< Failed to validate oauth signature and token

Anyone got any good ideas?  I'm hoping that this isn't an encoding
problem...

Cheers,
Ross