Re: [twitter-dev] twaud.io api: anyone manage to get it working?

2011-02-25 Thread Seth Delackner
Some more debug output for completeness:
Since this is multipart form data, the oauth signature base string
would be just

httpMethod + "&" +
  url_encode(  base_uri ) + "&" +
  sorted_query_params.each  { | k, v |
  url_encode ( k ) + "%3D" +
  url_encode ( v )
  }.join("%26")

where the params is just oauth_* stuff (not the POST params, since we
aren't url-encoded)

so something like:

POST&http%3A%2F%2Ftwaud.io%2Fapi%2Fv2%2Fupload.json&oauth_consumer_key%3DofEzSNkKNMzu4ANhII5g%26oauth_nonce%3D0F9ABB3E-1CC9-4124-8BDF-DEDA50AE5A6B%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1298635432%26oauth_token%3D257264155-voUkUaayPjhrtW4a1Aid2lS2LshC5JDIM9p2LMXO%26oauth_version%3D1.0

(I've tried both https and http, yes being careful to make all the
various urls use the same one)

Here for instance is the WireShark output for my multipart fields:

MIME Multipart Media Encapsulation, Type: multipart/form-data,
Boundary: "0xKhTmLbOuNdArY"
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name="x_auth_service_provider"

http://api.twitter.com/1/account/verify_credentials.json
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name="x_verify_credentials_authorization"

OAuth realm="", oauth_consumer_key="ofEzSNkKNMzu4ANhII5g",
oauth_token="257264155-voUkUaayPjhrtW4a1Aid2lS2LshC5JDIM9p2LMXO",
oauth_signature_method="HMAC-SHA1",
oauth_signature="vKxokk1Yqi4OCE%2B5GBIjw/Q2/G0%3D",
oauth_timestamp="1298635367",
oauth_nonce="F8FF0143-97B2-4693-9EA0-4D96297F1194",
oauth_version="1.0"
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name="sound[message]"

Testing ECHO
--0xKhTmLbOuNdArY
Content-Disposition: form-data; name="sound[file]";
filename="StrumStage_Song.m4a"
Content-Type: application/octet-stream

ftypM4A M4A mp42[elided for brevity.  lots of text]
--0xKhTmLbOuNdArY--

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


Re: [twitter-dev] twaud.io api: anyone manage to get it working?

2011-02-25 Thread Seth Delackner
I have done some more digging around (WireShark is amazing!) and I
have gotten past a big initial hurdle: I was building the signature
base string wrong (building it, then setting more parameters, which
should have been part of the base string in the first place).
As a sanity check, at this point my code can, using xAuth, post
twitter status updates.
But I'm incredibly confused as to what I need to send to twaud.io's
server.  It says x_verify_credentials_authorization should contain the
Authorization header.

That authorization header is built with a base string of

POST&http[All those oauth_* params and the encoded twaud.io params]

but if the base string is supposed to include all the post form
parameters, x_auth_service_provider and
x_verify_credentials_authorization are form parameters, but I can't
include authorization, since that is defined as something that
contains the output of this whole thing.

So what SHOULD be in the base string's params?  I tried just putting
in everything except the x_verify_credentials_authorization and
x_auth_service_provider and get the very opaque 403 Forbidden / Not
Authorized.

I mean, the account is Authorized by twaud.io and twitter, and we have
an xAuth token from twitter, so that doesn't seem very informative.

Here's a sample base string:

POST&http%3A%2F%2Ftwaud.io%2Fapi%2Fv2%2Fupload.json&oauth_consumer_key%3DofEzSNkKNMzu4ANhII5g%26oauth_nonce%3D8BE06737-9C9C-4EB1-A3B7-CDFCDAD7DF13%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1298633580%26oauth_token%3D257264155-voUkUaayPjhrtW4a1Aid2lS2LshC5JDIM9p2LMXO%26oauth_version%3D1.0%26sound%255Bmessage%255D%3DTESTING123

containing POST, then http:// (tried https as well, but http is
helpful while debugging), the all the oauth_* params, then
sound[message].

One thing that jumps out at me is that I'm not sure what to do about
the sound[file] part, as that parameter is a multipart encoded thing,
not just another normal post parameter.  Maybe that has to be part of
the base string?

On Thu, Feb 24, 2011 at 6:43 AM, Matt Harris  wrote:
>
> Hi Seth,
> Twaud.io isn't part of the Twitter API but i'll try and help you anyway.
> The first thing to note is the Headers should be of the 
> format X-Verify-Credentials-Authorization. The 
> x_verify_credentials_authorization is mentioned because Twaud.io supports the 
> OAuth Echo parameters in the header or POST body.
> Looking at your sample X-Verify-Credentials-Authorization I notice you are 
> sending the realm as http://api.twitter.com . What i'm wondering is whether 
> you are sending the X-Auth-Service-Provider 
> as https://api.twitter.com/1/account/verify_credentials.json . According to 
> the twaud.io API documentation the X-Auth-Service-Provider must be:
>     https://api.twitter.com/1/account/verify_credentials.json
> If you change the protocol to http, or use .xml instead of .json, the request 
> will not succeed. Double check that the verify_credentials request fits that 
> pattern. The other thing to ensure is the request to verify_credentials isn't 
> being sent to the Twitter API servers by your application. If the request is 
> being sent, the OAuth Echo provider cannot use it.
> Check those things out and let us know how it goes,
> Best,
> @themattharris
> Developer Advocate, Twitter
> http://twitter.com/themattharris
>
>
> On Mon, Feb 21, 2011 at 2:57 AM, Seth  wrote:
>>
>> I've tried discussing with the author of twaud.io, but he says he
>> doesn't really have time to look.  I've tried sending even a minimal
>> test iPhone app Xcode project to twitter api support, but a week later
>> no response.
>>
>> Our app is xAuth authorized, the app sends the username and password
>> and gets a token, we produce all the intended headers and post up to
>> twaud.io's api as described at twaud.io/api and yet just get the below
>> totally opaque response:
>>
>> response: HTTP/1.1 403 Forbidden / Not Authorized
>>
>> Made sure that the twitter account I used for testing has given both
>> our app and twaud.io read/write authorization.
>>
>> Here's a sample of what I am putting in "X-Verify-Credentials-
>> Authorization" (which we've tried naming that way and also, per the
>> twaud.io api page, "x_verify_credentials_authorization").  We've also
>> tried sending the value as either post values or as a request header:
>>
>>
>> OAuth realm="http%3A%2F%2Fapi.twitter.com",
>> oauth_consumer_key="ofEzSNkKNMzu4ANhII5g",
>> oauth_token="123520286-U3RXmbgPPF0i4lDkVBdSCx9MEJhHMu8KvzAyosXI",
>> oauth_signature_method="HMAC-SHA1",
>> oauth_signature="9Z5VMPeL4QoGHCtpiMcUxF%2FPiXI%3D",
>> oauth_timestamp="1297141216",
>> oauth_nonce="A20C6AB4-AAF9-46A5-B1F0-574A5BD3B538",
>> oauth_version="1.0"
>>
>> I would be more than happy to send a minimal Xcode project to anyone
>> who is willing to try running it in the iOS simulator.
>>
>> --
>> Twitter developer documentation and resources: http://dev.twitter.com/doc
>> API updates via Twitter: http://twitter.com/twitterapi
>> Issues/Enhan