Re: [twitter-dev] 401 Unauthorized in Python/Twisted app

[Eryn Wells]

Hi Taylor,

Thank you for your response.

Originally, I did forget to add an oauth_timestamp field. I've since included 
one, but still have the same problem. I modified my app to dump out the base 
string. Here's what I got:

GET&https%3A%2F%2Fuserstream.twitter.com%2F2%2Fuser.json&delimited%3Dlength%26oauth_nonce%3D05963995484855701581311629784779%26oauth_timestamp%3D1309276024%26oauth_version%3D1.0

Does that look right?

Eryn


On 2011-06-27, at 08:10, Taylor Singletary wrote:

> Hi Eryn,
> 
> I'm not too familiar with the Twisted framework or its implementation
> of OAuth, so take what I recommend with a grain of salt.
> 
> * Access tokens generated through the OAuth flow on Twitter,
> regardless of the technique used (PIN code, xAuth, vanilla OAuth) are
> long-lived and do not expire until the end-user makes an explicit
> effort to revoke the access. You store the access token and access
> token secret.
> 
> * While OAuth in theory should "just work" when it works in one spot,
> there's a great amount of variation in the amount of "wrongness" that
> given services will tolerate when evaluating the credentials. Long-
> term, we're working to normalize the entire validation procedure
> across all of our services, but in reality the streaming API and the
> REST API use different OAuth engines to evaluate the validity of the
> request -- the streaming API's OAuth verification is considerably
> stricter than the REST API's more forgiving implementation.
> 
> * I notice that your authorization header is missing a oauth_timestamp
> parameter -- is that a copy and paste error? Do you know how to locate
> the OAuth signature base string in the Python library you are using --
> it can often be buried under private or protected methods but the
> string is invaluable in debugging issues like this.
> 
> Thanks,
> Taylor
> 
> On Jun 24, 7:54 pm, Eryn Wells  wrote:
>> Hello all,
>> 
>> I'm quite new to OAuth and the Twitter API, and this is my first post to 
>> this list.
>> 
>> I'm working on an app in Python using the Twisted framework. It uses 
>> brosner's fork of python-oauth2[1] to do the initial authentication and 
>> subsequent request signing. I'm using the PIN code flow for authentication. 
>> Do access tokens need to be generated every time you start the app, or can 
>> they be stored between runs and reused? If so, how long are the valid? Right 
>> now, my code writes the access token and secret out to a file and recovers 
>> it the next time it starts. The procedure seems to go just fine – I don't 
>> get any errors – but I can't really verify that everything is Correct 
>> because I don't really know what I'm looking for…
>> 
>> Second thing, I'm at the point where I'm trying to do the initial connection 
>> tohttps://userstream.twitter.com/2/user.json. I'm using SSLConnect and 
>> web.HTTPClient, if that helps… I write out the command (GET ), and the 
>> headers (a Host and an Authorization header). The OAuth library generates 
>> the following Authorization header content. I get back a 401 Unauthorized 
>> error with a WWW-Authenticate: Basic header. I've heard from @twitterapi 
>> that User Streams require OAuth, so why am I getting a Basic auth response?
>> 
>> OAuth realm="Firehose", oauth_nonce="25622603816219309853125867384777", 
>> oauth_consumer_key="", oauth_signature_method="HMAC-SHA1", 
>> oauth_version="1.0", oauth_token="", 
>> oauth_signature="1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D"
>> 
>> Anything obvious there that I'm doing wrong?
>> 
>> Thanks,
>> Eryn
> 
> -- 
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> https://groups.google.com/forum/#!forum/twitter-development-talk

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Re: [twitter-dev] 401 Unauthorized in Python/Twisted app

[Eryn Wells]

An interesting note, perhaps. I was writing unit tests last night to check my 
OAuth implementation. I was able to connect and retrieve data via the regular 
API (api.twitter.com), but I still have the 401 issue when trying to connect to 
the user stream API.

On 2011-06-24, at 19:54, Eryn Wells wrote:

> Hello all,
> 
> I'm quite new to OAuth and the Twitter API, and this is my first post to this 
> list.
> 
> I'm working on an app in Python using the Twisted framework. It uses 
> brosner's fork of python-oauth2[1] to do the initial authentication and 
> subsequent request signing. I'm using the PIN code flow for authentication. 
> Do access tokens need to be generated every time you start the app, or can 
> they be stored between runs and reused? If so, how long are the valid? Right 
> now, my code writes the access token and secret out to a file and recovers it 
> the next time it starts. The procedure seems to go just fine – I don't get 
> any errors – but I can't really verify that everything is Correct because I 
> don't really know what I'm looking for…
> 
> Second thing, I'm at the point where I'm trying to do the initial connection 
> to https://userstream.twitter.com/2/user.json. I'm using SSLConnect and 
> web.HTTPClient, if that helps… I write out the command (GET ), and the 
> headers (a Host and an Authorization header). The OAuth library generates the 
> following Authorization header content. I get back a 401 Unauthorized error 
> with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User 
> Streams require OAuth, so why am I getting a Basic auth response?
> 
> OAuth realm="Firehose", oauth_nonce="25622603816219309853125867384777", 
> oauth_consumer_key="", oauth_signature_method="HMAC-SHA1", 
> oauth_version="1.0", oauth_token="", 
> oauth_signature="1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D"
> 
> Anything obvious there that I'm doing wrong?
> 
> Thanks,
> Eryn
> 
> -- 
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> https://groups.google.com/forum/#!forum/twitter-development-talk

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

[twitter-dev] 401 Unauthorized in Python/Twisted app

[Eryn Wells]

Hello all,

I'm quite new to OAuth and the Twitter API, and this is my first post to this 
list.

I'm working on an app in Python using the Twisted framework. It uses brosner's 
fork of python-oauth2[1] to do the initial authentication and subsequent 
request signing. I'm using the PIN code flow for authentication. Do access 
tokens need to be generated every time you start the app, or can they be stored 
between runs and reused? If so, how long are the valid? Right now, my code 
writes the access token and secret out to a file and recovers it the next time 
it starts. The procedure seems to go just fine – I don't get any errors – but I 
can't really verify that everything is Correct because I don't really know what 
I'm looking for…

Second thing, I'm at the point where I'm trying to do the initial connection to 
https://userstream.twitter.com/2/user.json. I'm using SSLConnect and 
web.HTTPClient, if that helps… I write out the command (GET ), and the 
headers (a Host and an Authorization header). The OAuth library generates the 
following Authorization header content. I get back a 401 Unauthorized error 
with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User 
Streams require OAuth, so why am I getting a Basic auth response?

OAuth realm="Firehose", oauth_nonce="25622603816219309853125867384777", 
oauth_consumer_key="", oauth_signature_method="HMAC-SHA1", 
oauth_version="1.0", oauth_token="", 
oauth_signature="1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D"

Anything obvious there that I'm doing wrong?

Thanks,
Eryn

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Re: [twitter-dev] 401 Unauthorized Responses to requests signed with whitelisted account

[Matt Harris]

Hi Christopher,

Could you attempt to get the response body for the request either by
repeating the request or enhancing your logs. The reason for the 401 is
communicated in the response body and knowing that will help explain what is
going on.

Best,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Mon, Apr 18, 2011 at 11:23 AM, Christopher Stolte wrote:

> Hello,
>
> I am a Java developer working on a web application that makes use of
> the Twitter API.  We use the Signpost library (version 1.2.1.1) to
> perform OAuth and issue API requests, and have been doing so
> successfully for months.  We have been signing our requests with a
> whitelisted key and secret that has a 20,000 request/hour rate limit.
>
> In the last few days, we started getting only 401 Not Authorized
> responses when using these credentials.  Upon looking back at our
> server logs, I notice other requests failures dating back to at least
> Feb 17, but they are sporadic.  Error messages look like this:
>
> WARN org.apache.http.impl.client.DefaultHttpClient Authentication
> error: Unable to respond to any of these challenges: {oauth=WWW-
> Authenticate: OAuth realm="http://api.twitter.com"}
>
> The response header shows 401 but no other enlightening information.
>
> I have paid attention to and read lots of other postings related to
> OAuth, and want to emphasize that our system has been working for
> quite a while - we make calls using the proper end points and so
> forth:
>
> http://api.twitter.com/1/users/show.json?user_id=[id]
>
> Something appears to have changed on Twitter's end but we don't know
> what.
>
> Can anyone shed some light on what might be happening?  We have
> already verified with Twitter API support that our credentials should
> still be viable - perhaps there has been an inadvertent shutdown of
> that account?
>
> Thank you in advance for any help or guidance!
>
> Sincerely,
> Chris Stolte
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] 401 Unauthorized Responses to requests signed with whitelisted account

[Christopher Stolte]

Hello,

I am a Java developer working on a web application that makes use of
the Twitter API.  We use the Signpost library (version 1.2.1.1) to
perform OAuth and issue API requests, and have been doing so
successfully for months.  We have been signing our requests with a
whitelisted key and secret that has a 20,000 request/hour rate limit.

In the last few days, we started getting only 401 Not Authorized
responses when using these credentials.  Upon looking back at our
server logs, I notice other requests failures dating back to at least
Feb 17, but they are sporadic.  Error messages look like this:

WARN org.apache.http.impl.client.DefaultHttpClient Authentication
error: Unable to respond to any of these challenges: {oauth=WWW-
Authenticate: OAuth realm="http://api.twitter.com"}

The response header shows 401 but no other enlightening information.

I have paid attention to and read lots of other postings related to
OAuth, and want to emphasize that our system has been working for
quite a while - we make calls using the proper end points and so
forth:

http://api.twitter.com/1/users/show.json?user_id=[id]

Something appears to have changed on Twitter's end but we don't know
what.

Can anyone shed some light on what might be happening?  We have
already verified with Twitter API support that our credentials should
still be viable - perhaps there has been an inadvertent shutdown of
that account?

Thank you in advance for any help or guidance!

Sincerely,
Chris Stolte

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] 401 unauthorized on blackberry after appending ";interface=wifi"

[Mickey]

Hi

On blackberry with httpConnection, I need to add network transport
string such as ";interface=wifi" to the url.

The problem is, once I added the network transport string, I get 401
unauthorized for status update and GET statuses/user_timeline.

If I remove the transport string, then I can POST updates and GET
statuses everything runs fine.
So it seems the request I'm sending to twitter api is correct.

Is there anything special with the transport string that might cause
problems?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] (401) Unauthorized

[Trevor Dean]

There is an active thread for this issue
http://code.google.com/p/twitter-api/issues/detail?id=2118 you're not alone
on this one, there are many people suffering from this issue.

On Tue, Mar 29, 2011 at 6:26 AM, naresh  wrote:

> Hi
> We  have integrated our web application to use twitter oAuth for
> publishing the tweet etc.
> We have integrated the twitter oAuth some months back.It used to work
> fine, but now all of sudden we have start getting this 401 error.This
> works fine sometime and sometime it does not work.We are correctly
> setting the callback url etc, we are dynamically passing the callback
> url.
>
> When we have debugged and uses the callback url as localhost:port then
> it works fine but on our production servers it does not seems to be
> working fine?
>
>
> Thanks
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] (401) Unauthorized

[naresh]

Hi
We  have integrated our web application to use twitter oAuth for
publishing the tweet etc.
We have integrated the twitter oAuth some months back.It used to work
fine, but now all of sudden we have start getting this 401 error.This
works fine sometime and sometime it does not work.We are correctly
setting the callback url etc, we are dynamically passing the callback
url.

When we have debugged and uses the callback url as localhost:port then
it works fine but on our production servers it does not seems to be
working fine?


Thanks

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] 401 unauthorized

[Matt Harris]

Hi Trevor,

Could you share the request and response you are sending so we can
investigate. Remember to obscure user and consumer secrets.

Thanks,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean  wrote:

>
> Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> some testing this morning and was logging in fine using twitter and then 10
> min later I started getting 401 unauthorized errors.
>
>
> Thanks,
>
>
> Trevor
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] 401 unauthorized

[Trevor Dean]

Is anyone else experiencing any 401 errors all of a sudden?  I was doing
some testing this morning and was logging in fine using twitter and then 10
min later I started getting 401 unauthorized errors.


Thanks,


Trevor

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] 401 Unauthorized responses on OAUTH

[Scott Wilcox]

Ryan's just told me they're currently aware of the issue and looking into it.

On 18 Mar 2011, at 19:13, Ninjamonk wrote:

> I am also getting these problems. They have been on and off all day.
> 
> The same code works fine and 5 mins later it throws 401's and its been
> working for 6 months no problem.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] 401 Unauthorized responses on OAUTH

[@IDisposable]

We're getting a ton of 401 errors when people are trying to OAuth
against some of our sites.  These sites have been in production for
years (and one new one went up yesterday).  When we get the error, we
get no message in the Response.  From the client perspective, it
happens when you click the "Allow" button and Twitter redirects back
to us. I've checked all the usual things

1) Server clock is synced correctly to nist time (and the server runs
in UTC, so no timezone/DST issues)
2) The servers haven't had any recent patches.
3) Same applications were working fine and haven't been changed
(except the new site)
4) We get the same issues no matter what user we're logged into
Twitter as.
5) We get the same issues even when running from the Amazon EC2
instance (IP whitelisted) or our QA servers (also IP whitelisted) or
from development machines (not whitelisted).
6) Occasionally (1 in 20 or worse) we get a success.
7) Nonce values are NOT being reused and we're (still) using
DotNetOAuth for the library to handle that part (no change)
8) Happens on all of these:
http://stlindex.com  (application under @STLIndex)
http://stltweets.com (application under @STLTweets)
http://loufesttweets.com (application under @LouFestTweets)
http://taste.stltweets.com (application under @STLTweets)

Typical failure:

REQUEST Headers: (https://twitter.com:443/)
Authorization: OAuth
oauth_verifier="fRSn84gupR7TFAW5G5ySm4c2LmuvD9x8ZckCHIEA",
oauth_token="MfgvKyS4Vgxy8c1kNgw7h3owkpAlzdqG223DTIs8vc",
oauth_consumer_key="MliXkE6e4kCJY2U10OH8sQ",
oauth_nonce="gkJy165f",
oauth_signature_method="HMAC-SHA1",
oauth_signature="9tRuLd55El37hJ2fqJs2cJVREaM%3D",
oauth_version="1.0",
oauth_timestamp="1300464048"
User-Agent: DotNetOpenAuth/3.4.5.10201
Host: twitter.com

RESPONSE:
Status: 401 Unauthorized
X-Transaction: 1300464048-3423-38581
X-Runtime: 0.00544
Pragma: no-cache
X-Revision: DEV
Content-Length: 1
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Mar 2011 16:00:48 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Fri, 18 Mar 2011 16:00:48 GMT
Set-Cookie: k=208.82.145.5.1300464048881173; path=/; expires=Fri, 25-
Mar-11 16:00:48 GMT;
domain=.twitter.com,guest_id=13004640478451; path=/; expires=Sun,
17 Apr 2011 16:00:48 GMT,
_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPmasskuAToHaWQiJWFkNDcxMzE2Yjg1YmIy
%250ANDkzMGFkMWI3YmM5NTZlNDA5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--1c8558a834ffe3d40ae9be1bed2360f83555f5ae;
domain=.twitter.com; path=/; HttpOnly
Server: hi
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] 401: Unauthorized (Python)

[Matt Harris]

Hi John,

What is the does the body of the error response say? The message will tell you 
which part of the oauth request failed.

Also be aware that oauth timestamps are in UTC seconds.  

Best,
@themattharris

On Feb 4, 2011, at 12:45, john  wrote:

> I have an application that contains a simple setup using the
> oauthtwitter library found here.
> 
> http://code.google.com/p/oauth-python-twitter/
> 
> 
> #Example code
> twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
> CONSUMER_SECRET)
> request_token = twitter.getRequestToken()
> oauth_verifier = request.GET.get('oauth_verifier')
> access_token = twitter.getAccessToken(request_token, oauth_verifier)
> 
> 
> I'm failing at getting the access token. I have a verifier and am
> passing that along, like the example in the oauth lib, however am
> continuing to get (all day now) 401s. My system time is set correctly,
> as this is in a Django project, and I'm setting it via TIME_ZONE =
> 'America/Kentucky/Louisville' in my settings.py. Can anyone help?
> 
> Thanks,
> John
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] 401: Unauthorized (Python)

[john]

I have an application that contains a simple setup using the
oauthtwitter library found here.

http://code.google.com/p/oauth-python-twitter/


#Example code
twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
CONSUMER_SECRET)
request_token = twitter.getRequestToken()
oauth_verifier = request.GET.get('oauth_verifier')
access_token = twitter.getAccessToken(request_token, oauth_verifier)


I'm failing at getting the access token. I have a verifier and am
passing that along, like the example in the oauth lib, however am
continuing to get (all day now) 401s. My system time is set correctly,
as this is in a Django project, and I'm setting it via TIME_ZONE =
'America/Kentucky/Louisville' in my settings.py. Can anyone help?

Thanks,
John

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Martin Hannah]

Hi Taylor,
Now I have the Access Token and I use the explanations in
http://dev.twitter.com/pages/auth to make a request on users behalf, I
get a response from twitter:

Twitter Response= {"errors":[{"code":53,"message":"Basic
authentication is not supported"}]}
Status= 401
StatusTxt= Unauthorized

I am using the same procedure just changing the paramaters to follow
the example in http://dev.twitter.com/pages/auth and signing the
request with oauth_consumer_secret + "&" +  oauth_token_secret tied to
my access token...

Posting to: http://api.twitter.com/1/statuses/update.json

Authorization header parameters:
OAuth oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ",
oauth_nonce="M2XTcq44gwlMHw9VbP98FQkB7TRSc1iIX0IOiAA500B",
oauth_signature="f6Xz1tSwO8FCvkIJu4mgXYfNvUM%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1288703533",
oauth_token="46989789-6NoccKZ1NVN3wdtlRGyhQrUG3b9RcU9Tkn372uIg3",
oauth_version="1.0", status="PostingthroughMicrosoftXMLHTTP"


Any suggestions ?


Martin Hannah wrote:
> Hi Taylor,
>
> Success, the missing peice of the puzzle was that we needed to send
> the post Body, which although it was explained in documentation, we
> thought it was there for explanation of how the values are accumulated
> for the base string.. seems obvious now, but when your trying to do
> this for 1st time, it wasnt obvious then.
>
> So the find part of the send is:
> objHTTP:send("x_auth_username=oauth_test_exec&x_auth_password=twitter-
> xauth&x_auth_mode=client_auth").
>
> So my last question is, should this be url encoded, because when we
> URL encoded (as the doco suggests) it did NOT work.
>
> Martin Hannah wrote:
> > Hi Taylor,
> > In order to test your 1st suggestion "do you know if your HTTP
> > transport method munges any HTTP headers or adds its own HTTP headers
> > in any way?" we created a simple test procedure on our public web
> > server, to simulate the google end point 
> > https://api.twitter.com/oauth/access_token.
> > So with our test program pointing to another end point we could
> > capture the values that googles end point might receive.
> > The values received by our web service end point (simulator) (along
> > with other CGI values) are:
> >
> > HTTP_AUTHORIZATION= OAuth oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ",
> > oauth_nonce="jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF",
> > oauth_signature="%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D",
> > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288666484",
> > oauth_version="1.0"
> > REQUEST_METHOD=POST
> >
> > So I presume this is indicating the post request is not munged/altered
> > in any way by the Microsoft XMLHTTP OCX when it sends the request
> > using:
> > > > Create "Microsoft.XMLHTTP" objHTTP .
> > > > objHTTP:open("POST",api-atokin, false, p-username, p-password).
> > > > objHTTP:setRequestHeader('Authorization', v-params).
> > > > objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
> > > > urlencoded").
> > > > objHTTP:send().
> >
> > Note: The syntax of the Progress code (above) that uses objHTTP is
> > very similiar to Visual basic. In fact we used the syntax for
> > objHTTP:open and setRequestHeader("Authorization" that you see above,
> > in the same way as it is used in the googe examples in
> > http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
> > (open this Google example page and view HTML source from lines 32 to
> > 53..)
> >
> > We are checking the 2nd and 3rd suggestions now... and hope to have
> > further test results posted in next few hours..
> >
> > Taylor Singletary wrote:
> > > Hi Martin,
> > >
> > > Thanks for your patience in working through xAuth with the issues you're
> > > facing. Given the information you've provided, it's difficult to determine
> > > exactly what might be amiss here.
> > >
> > > I'm unfamiliar with the programming environment you are using -- do you 
> > > know
> > > if your HTTP transport method munges any HTTP headers or adds its own HTTP
> > > headers in any way? If you utilize an access token obtained through other
> > > means (such as by the procedure outlined in http://bit.ly/1token ) are you
> > > able to get any other kind of OAuth-based requests functional with your
> > > OAuth library?
> > >
> > > You mentioned that you successfully recreated the examples at
> > > http://dev.twitter.com/pages/xauth -- acknowledging that those values 
> > > would
> > > also return a 401 from our API but provide a "safe" login & password you 
> > > can
> > > share on a public forum, is there any way you can perform an HTTP capture 
> > > of
> > > the entire request cycle using those static values? This would allow us to
> > > see the entire HTTP request, including headers sent/received, the raw POST
> > > body, etc -- which may yield an obvious answer as to why your 
> > > implementation
> > > is not working.
> > >
> > > Hang in there!
> > > Taylor
> > >
> > >
> > > On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah 
> > > wrote:
> > >
> > > > We had an application s

Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Martin Hannah]

Hi Taylor,

Success, the missing peice of the puzzle was that we needed to send
the post Body, which although it was explained in documentation, we
thought it was there for explanation of how the values are accumulated
for the base string.. seems obvious now, but when your trying to do
this for 1st time, it wasnt obvious then.

So the find part of the send is:
objHTTP:send("x_auth_username=oauth_test_exec&x_auth_password=twitter-
xauth&x_auth_mode=client_auth").

So my last question is, should this be url encoded, because when we
URL encoded (as the doco suggests) it did NOT work.

Martin Hannah wrote:
> Hi Taylor,
> In order to test your 1st suggestion "do you know if your HTTP
> transport method munges any HTTP headers or adds its own HTTP headers
> in any way?" we created a simple test procedure on our public web
> server, to simulate the google end point 
> https://api.twitter.com/oauth/access_token.
> So with our test program pointing to another end point we could
> capture the values that googles end point might receive.
> The values received by our web service end point (simulator) (along
> with other CGI values) are:
>
> HTTP_AUTHORIZATION= OAuth oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ",
> oauth_nonce="jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF",
> oauth_signature="%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288666484",
> oauth_version="1.0"
> REQUEST_METHOD=POST
>
> So I presume this is indicating the post request is not munged/altered
> in any way by the Microsoft XMLHTTP OCX when it sends the request
> using:
> > > Create "Microsoft.XMLHTTP" objHTTP .
> > > objHTTP:open("POST",api-atokin, false, p-username, p-password).
> > > objHTTP:setRequestHeader('Authorization', v-params).
> > > objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
> > > urlencoded").
> > > objHTTP:send().
>
> Note: The syntax of the Progress code (above) that uses objHTTP is
> very similiar to Visual basic. In fact we used the syntax for
> objHTTP:open and setRequestHeader("Authorization" that you see above,
> in the same way as it is used in the googe examples in
> http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
> (open this Google example page and view HTML source from lines 32 to
> 53..)
>
> We are checking the 2nd and 3rd suggestions now... and hope to have
> further test results posted in next few hours..
>
> Taylor Singletary wrote:
> > Hi Martin,
> >
> > Thanks for your patience in working through xAuth with the issues you're
> > facing. Given the information you've provided, it's difficult to determine
> > exactly what might be amiss here.
> >
> > I'm unfamiliar with the programming environment you are using -- do you know
> > if your HTTP transport method munges any HTTP headers or adds its own HTTP
> > headers in any way? If you utilize an access token obtained through other
> > means (such as by the procedure outlined in http://bit.ly/1token ) are you
> > able to get any other kind of OAuth-based requests functional with your
> > OAuth library?
> >
> > You mentioned that you successfully recreated the examples at
> > http://dev.twitter.com/pages/xauth -- acknowledging that those values would
> > also return a 401 from our API but provide a "safe" login & password you can
> > share on a public forum, is there any way you can perform an HTTP capture of
> > the entire request cycle using those static values? This would allow us to
> > see the entire HTTP request, including headers sent/received, the raw POST
> > body, etc -- which may yield an obvious answer as to why your implementation
> > is not working.
> >
> > Hang in there!
> > Taylor
> >
> >
> > On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah 
> > wrote:
> >
> > > We had an application successfully talking to twitter for a few years
> > > prior to oAuth, and now converting this application to xAuth and cant
> > > get past the first step.
> > >
> > > The application gets a 401 "Unauthorized" response when attempting to
> > > get the access token.
> > >
> > > Have confirmed our program when provided with the same consumer_key
> > > and Secret key as on twitter documentation page
> > > http://dev.twitter.com/pages/xauth
> > > produces exactly the same Singature, parameters, base string as on
> > > http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
> > > string comparisons of output at each step to the twitter documentation
> > > http://dev.twitter.com/pages/xauth by placing the twitter values in a
> > > string variable and comparing to the values produced by our program,
> > > so confident these are the same) .
> > >
> > > Using our consumer and secret keys in the test site
> > >
> > > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
> > > and compared the base string and signature results to our program and
> > > again they are exactly the same.
> > >
> > > Have checked the time stamp is producing correct time (based on enoch
> > 

Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Martin Hannah]

Hi Taylor,
In releatio to the 2nd test, I have used the values from
http://dev.twitter.com/pages/xauth and inserted these into my program
to step through the process.

Base string:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA
%26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec

Secret key used in generation of signature:
9z6157pUbOBqtbm0A0q4r29Y2EYzIHlUwbF4Cl9c&

oauth_signature generated:
1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D

Authorization string sent in Authorization Header
v-params = OAuth
oauth_nonce="6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1284565601",
oauth_consumer_key="JvyS7DO2qd6NNTsXJ4E7zA",
oauth_signature="1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D",
oauth_version="1.0"


This is then sent to Twitter via:
Create "Microsoft.XMLHTTP" objHTTP.
objHTTP:open("POST",'https://api.twitter.com/oauth/access_token',
false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
urlencoded").
objHTTP:send().

Questions:
In relation to the Authorization string sent in Authorization Header
which is as follows:
v-params = OAuth
oauth_nonce="6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1284565601",
oauth_consumer_key="JvyS7DO2qd6NNTsXJ4E7zA",
oauth_signature="1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D",
oauth_version="1.0"

1. Does the name/value pairs in the string need to be in any
particular order
a) i.e. the name/value pairs must be in decending order for encoding
as a signature, but in the documentation in http://dev.twitter.com/pages/xauth
the name/value pairs sent in Authorization header are in a different
order. I understand they are in decending order for signature, does
the order matter for the Authorization header?

b) Should the authorization header name/value pairs be URL encoded ..?

2. All the documentation sugests that the nonce is a random number and
we borrowed  and adapted some code to generate this number each time..
Please confirm that this is correct.

We are now performing another test based on your suggestions and
results of todays investigations/tests and will post results as soon
as complete.

Taylor Singletary wrote:
> Hi Martin,
>
> Thanks for your patience in working through xAuth with the issues you're
> facing. Given the information you've provided, it's difficult to determine
> exactly what might be amiss here.
>
> I'm unfamiliar with the programming environment you are using -- do you know
> if your HTTP transport method munges any HTTP headers or adds its own HTTP
> headers in any way? If you utilize an access token obtained through other
> means (such as by the procedure outlined in http://bit.ly/1token ) are you
> able to get any other kind of OAuth-based requests functional with your
> OAuth library?
>
> You mentioned that you successfully recreated the examples at
> http://dev.twitter.com/pages/xauth -- acknowledging that those values would
> also return a 401 from our API but provide a "safe" login & password you can
> share on a public forum, is there any way you can perform an HTTP capture of
> the entire request cycle using those static values? This would allow us to
> see the entire HTTP request, including headers sent/received, the raw POST
> body, etc -- which may yield an obvious answer as to why your implementation
> is not working.
>
> Hang in there!
> Taylor
>
>
> On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah wrote:
>
> > We had an application successfully talking to twitter for a few years
> > prior to oAuth, and now converting this application to xAuth and cant
> > get past the first step.
> >
> > The application gets a 401 "Unauthorized" response when attempting to
> > get the access token.
> >
> > Have confirmed our program when provided with the same consumer_key
> > and Secret key as on twitter documentation page
> > http://dev.twitter.com/pages/xauth
> > produces exactly the same Singature, parameters, base string as on
> > http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
> > string comparisons of output at each step to the twitter documentation
> > http://dev.twitter.com/pages/xauth by placing the twitter values in a
> > string variable and comparing to the values produced by our program,
> > so confident these are the same) .
> >
> > Using our consumer and secret keys in the test site
> >
> > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
> > and compared the base string and signature results to our program and
> > again they are exactly the same.
> >
> > Have checked the time stamp is producing correct time (based on enoch
> > time) by comparing against against http://unixti

Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Martin Hannah]

Hi Taylor,
In order to test your 1st suggestion "do you know if your HTTP
transport method munges any HTTP headers or adds its own HTTP headers
in any way?" we created a simple test procedure on our public web
server, to simulate the google end point 
https://api.twitter.com/oauth/access_token.
So with our test program pointing to another end point we could
capture the values that googles end point might receive.
The values received by our web service end point (simulator) (along
with other CGI values) are:

HTTP_AUTHORIZATION= OAuth oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ",
oauth_nonce="jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF",
oauth_signature="%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288666484",
oauth_version="1.0"
REQUEST_METHOD=POST

So I presume this is indicating the post request is not munged/altered
in any way by the Microsoft XMLHTTP OCX when it sends the request
using:
> > Create "Microsoft.XMLHTTP" objHTTP .
> > objHTTP:open("POST",api-atokin, false, p-username, p-password).
> > objHTTP:setRequestHeader('Authorization', v-params).
> > objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
> > urlencoded").
> > objHTTP:send().

Note: The syntax of the Progress code (above) that uses objHTTP is
very similiar to Visual basic. In fact we used the syntax for
objHTTP:open and setRequestHeader("Authorization" that you see above,
in the same way as it is used in the googe examples in
http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
(open this Google example page and view HTML source from lines 32 to
53..)

We are checking the 2nd and 3rd suggestions now... and hope to have
further test results posted in next few hours..

Taylor Singletary wrote:
> Hi Martin,
>
> Thanks for your patience in working through xAuth with the issues you're
> facing. Given the information you've provided, it's difficult to determine
> exactly what might be amiss here.
>
> I'm unfamiliar with the programming environment you are using -- do you know
> if your HTTP transport method munges any HTTP headers or adds its own HTTP
> headers in any way? If you utilize an access token obtained through other
> means (such as by the procedure outlined in http://bit.ly/1token ) are you
> able to get any other kind of OAuth-based requests functional with your
> OAuth library?
>
> You mentioned that you successfully recreated the examples at
> http://dev.twitter.com/pages/xauth -- acknowledging that those values would
> also return a 401 from our API but provide a "safe" login & password you can
> share on a public forum, is there any way you can perform an HTTP capture of
> the entire request cycle using those static values? This would allow us to
> see the entire HTTP request, including headers sent/received, the raw POST
> body, etc -- which may yield an obvious answer as to why your implementation
> is not working.
>
> Hang in there!
> Taylor
>
>
> On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah wrote:
>
> > We had an application successfully talking to twitter for a few years
> > prior to oAuth, and now converting this application to xAuth and cant
> > get past the first step.
> >
> > The application gets a 401 "Unauthorized" response when attempting to
> > get the access token.
> >
> > Have confirmed our program when provided with the same consumer_key
> > and Secret key as on twitter documentation page
> > http://dev.twitter.com/pages/xauth
> > produces exactly the same Singature, parameters, base string as on
> > http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
> > string comparisons of output at each step to the twitter documentation
> > http://dev.twitter.com/pages/xauth by placing the twitter values in a
> > string variable and comparing to the values produced by our program,
> > so confident these are the same) .
> >
> > Using our consumer and secret keys in the test site
> >
> > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
> > and compared the base string and signature results to our program and
> > again they are exactly the same.
> >
> > Have checked the time stamp is producing correct time (based on enoch
> > time) by comparing against against http://unixtimestamp.com/index.php
> >
> > Passing my consumer_secret with & at end into signature generator
> > (which as I said above seems to be producing correct results because
> > we used values in http://dev.twitter.com/pages/xauth and it generated
> > the same oauth_signature value)
> >
> > Base string:
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Faccess_token&oauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
> > %26oauth_nonce
> > %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
> > %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
> > %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
> > %26x_auth_username%3D
> >
> > Authorization header parameters:
> > OAuth oauth_nonce="uv3AtzLBjaw

Re: [twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Taylor Singletary]

Hi Martin,

Thanks for your patience in working through xAuth with the issues you're
facing. Given the information you've provided, it's difficult to determine
exactly what might be amiss here.

I'm unfamiliar with the programming environment you are using -- do you know
if your HTTP transport method munges any HTTP headers or adds its own HTTP
headers in any way? If you utilize an access token obtained through other
means (such as by the procedure outlined in http://bit.ly/1token ) are you
able to get any other kind of OAuth-based requests functional with your
OAuth library?

You mentioned that you successfully recreated the examples at
http://dev.twitter.com/pages/xauth -- acknowledging that those values would
also return a 401 from our API but provide a "safe" login & password you can
share on a public forum, is there any way you can perform an HTTP capture of
the entire request cycle using those static values? This would allow us to
see the entire HTTP request, including headers sent/received, the raw POST
body, etc -- which may yield an obvious answer as to why your implementation
is not working.

Hang in there!
Taylor


On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah wrote:

> We had an application successfully talking to twitter for a few years
> prior to oAuth, and now converting this application to xAuth and cant
> get past the first step.
>
> The application gets a 401 "Unauthorized" response when attempting to
> get the access token.
>
> Have confirmed our program when provided with the same consumer_key
> and Secret key as on twitter documentation page
> http://dev.twitter.com/pages/xauth
> produces exactly the same Singature, parameters, base string as on
> http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
> string comparisons of output at each step to the twitter documentation
> http://dev.twitter.com/pages/xauth by placing the twitter values in a
> string variable and comparing to the values produced by our program,
> so confident these are the same) .
>
> Using our consumer and secret keys in the test site
>
> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
> and compared the base string and signature results to our program and
> again they are exactly the same.
>
> Have checked the time stamp is producing correct time (based on enoch
> time) by comparing against against http://unixtimestamp.com/index.php
>
> Passing my consumer_secret with & at end into signature generator
> (which as I said above seems to be producing correct results because
> we used values in http://dev.twitter.com/pages/xauth and it generated
> the same oauth_signature value)
>
> Base string:
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
> %26oauth_nonce
> %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
> %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
> %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
> %26x_auth_username%3D
>
> Authorization header parameters:
> OAuth oauth_nonce="uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288131701",
> oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ",
> oauth_signature="VQYSXdvrEtlvugqUpTXbCjYTNa0%3D", oauth_version="1.0"
>
> Twitter response:
> Status= 401
> StatusTxt= Unauthorized
> Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
> Server: hi
> Status: 401 Unauthorized
> X-Transaction: 1288128121-92836-33309
> Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
> X-Runtime: 0.00473
> Content-Type: text/html; charset=utf-8
> Pragma: no-cache
> X-Revision: DEV
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> check=0
> Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
> %252BorASIKZmxhc2hJQzonQWN0aW9uQ29u
> %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl
> %250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw--
> f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
> Connection: close
>
> The actual Send procedure is: (tried procedure using both both blank
> and valid p-username and p-password)
> define var objHTTP  as com-handle.
> Create "Microsoft.XMLHTTP" objHTTP .
> objHTTP:open("POST",api-atokin, false, p-username, p-password).
> objHTTP:setRequestHeader('Authorization', v-params).
> objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
> urlencoded").
> objHTTP:send().
>
> v-response = 'Response= '  + objHTTP:responseText + chr(10)
> + 'Status= '+ objHTTP:status + chr(10)
> + 'StatusTxt= ' + objHTTP:statusText + chr(10)
> + 'Headers= '   + objHTTP:getAllResponseHeaders() +
> chr(10) .
>
> I have emailed api.twitter.com and asked for them to check that I have
> xAuth enabled and they responded:
> "I can confirm that your application, client ID xxx, has xAuth
> access and I just refreshed its permissions 

[twitter-dev] 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Martin Hannah]

We had an application successfully talking to twitter for a few years
prior to oAuth, and now converting this application to xAuth and cant
get past the first step.

The application gets a 401 "Unauthorized" response when attempting to
get the access token.

Have confirmed our program when provided with the same consumer_key
and Secret key as on twitter documentation page 
http://dev.twitter.com/pages/xauth
produces exactly the same Singature, parameters, base string as on
http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
string comparisons of output at each step to the twitter documentation
http://dev.twitter.com/pages/xauth by placing the twitter values in a
string variable and comparing to the values produced by our program,
so confident these are the same) .

Using our consumer and secret keys in the test site
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
and compared the base string and signature results to our program and
again they are exactly the same.

Have checked the time stamp is producing correct time (based on enoch
time) by comparing against against http://unixtimestamp.com/index.php

Passing my consumer_secret with & at end into signature generator
(which as I said above seems to be producing correct results because
we used values in http://dev.twitter.com/pages/xauth and it generated
the same oauth_signature value)

Base string:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
%26oauth_nonce
%3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
%26x_auth_username%3D

Authorization header parameters:
OAuth oauth_nonce="uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288131701",
oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ",
oauth_signature="VQYSXdvrEtlvugqUpTXbCjYTNa0%3D", oauth_version="1.0"

Twitter response:
Status= 401
StatusTxt= Unauthorized
Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1288128121-92836-33309
Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
X-Runtime: 0.00473
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
%252BorASIKZmxhc2hJQzonQWN0aW9uQ29u
%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl
%250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw--
f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
Connection: close

The actual Send procedure is: (tried procedure using both both blank
and valid p-username and p-password)
define var objHTTP  as com-handle.
Create "Microsoft.XMLHTTP" objHTTP .
objHTTP:open("POST",api-atokin, false, p-username, p-password).
objHTTP:setRequestHeader('Authorization', v-params).
objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
urlencoded").
objHTTP:send().

v-response = 'Response= '  + objHTTP:responseText + chr(10)
 + 'Status= '+ objHTTP:status + chr(10)
 + 'StatusTxt= ' + objHTTP:statusText + chr(10)
 + 'Headers= '   + objHTTP:getAllResponseHeaders() +
chr(10) .

I have emailed api.twitter.com and asked for them to check that I have
xAuth enabled and they responded:
"I can confirm that your application, client ID xxx, has xAuth
access and I just refreshed its permissions and consumer keys for good
measure. If you still get 401 errors when trying to use xAuth with
these new keys, please post about it in our Developer Talk Group:
http://groups.google.com/group/twitter-development-talk . Our
developer advocates have been tracking some issues like these and will
be happy to help you out there, as well as use any information you
provide to debug any possible related issues on our side. I apologize
for the inconvenience."

I am stumped, and my team has been on this for 3 weeks

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] (401) Unauthorized

[Trevor Dean]

This code hasn't changed and was working yesterday and has been working for
many months.   This error is happening right after the user has allowed the
application permission and is returning back to my application with tokens.
There is no chance for these tokens to expire so I don't think that this is
the issue

On Tue, Oct 5, 2010 at 7:24 AM, Tom van der Woerdt  wrote:

> Like the error says: your token is invalid or has expired. Make sure
> that you are using the correct ones.
>
> Tom
>
>
>
> On 10/5/10 1:20 PM, Trevor Dean wrote:
> > I am getting an error executing the same code that has been working fine
> > until today.  I am getting an error when attempting to get access token,
> > the error is "Invalid / expired Token".  I'm not sure what changed from
> > yesterday to today, any idea?  I am running this code locally so the
> > callback is http://127.0.0.1/.../.. ., not sure if
> that is causing the
> > issue.
> >
> > --
> > Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > API updates via Twitter: http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> > http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> > http://groups.google.com/group/twitter-development-talk
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] (401) Unauthorized

[Tom van der Woerdt]

Like the error says: your token is invalid or has expired. Make sure
that you are using the correct ones.

Tom



On 10/5/10 1:20 PM, Trevor Dean wrote:
> I am getting an error executing the same code that has been working fine
> until today.  I am getting an error when attempting to get access token,
> the error is "Invalid / expired Token".  I'm not sure what changed from
> yesterday to today, any idea?  I am running this code locally so the
> callback is http://127.0.0.1/.../..., not sure if that is causing the
> issue.
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] (401) Unauthorized

[Trevor Dean]

I am getting an error executing the same code that has been working fine
until today.  I am getting an error when attempting to get access token, the
error is "Invalid / expired Token".  I'm not sure what changed from
yesterday to today, any idea?  I am running this code locally so the
callback is http://127.0.0.1/.../..., not sure if that is causing the issue.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] 401 Unauthorized on status update

[Tom van der Woerdt]

Please show your Base String. A lot of issues are related to the Base
String.

Also, to answer your question: yes, you need to combine both secrets.
consumersecret&usersecret = your signing key.

Tom


On 9/12/10 12:09 AM, DK wrote:
> I keep getting this when I try to update status. I am using xAuth and
> am able to successfully get access token. MY request:
> 
> POST /1/statuses/update.xml HTTP/1.1
> 
> Accept: */*
> 
> Referer: 
> file:///Applications/Install/8B95EF94-D747-4976-B877-9C0D6F69C000/Install/
> 
> Content-Length: 140
> 
> Accept-Encoding: identity
> 
> Content-Type: application/x-www-form-urlencoded
> 
> Authorization: OAuth oauth_nonce="7fa7df55-dff0-498d-
> a412-31f311a58aa2", oauth_signature_method="HMAC-SHA1",
> oauth_timestamp="1284241920",
> oauth_consumer_key="xx",
> oauth_token="185630219-3cz8iKUYxazA9RQyXMSl0WIZK76lJTYlrJ7LZUeR",
> oauth_signature="5F19ANULI0fYZVVCicdbcSTiF2g%3D", oauth_version="1.0"
> 
> User-Agent: @sebagomez shelltwit
> 
> Host: api.twitter.com
> 
> Connection: Keep-Alive
> 
> Cache-Control: no-cache
> 
> 
> status=Nothing%20is%20to%20come%2C%20and%20nothing%20past%3A%20But%20an
> %20eternal%20now%2C%20does%20always%20last.%20%0A-%20Abraham%20Cowley
> 
> the response i get is:
> 
> HTTP/1.1 401 Unauthorized
> 
> Date: Sat, 11 Sep 2010 21:52:54 GMT
> 
> Server: hi
> 
> Status: 401 Unauthorized
> 
> WWW-Authenticate: Basic realm="Twitter API"
> 
> Content-Type: application/xml; charset=utf-8
> 
> Content-Length: 135
> 
> Cache-Control: no-cache, max-age=1800
> 
> Set-Cookie: k=173.79.181.196.1284241973942054; path=/; expires=Sat, 18-
> Sep-10 21:52:53 GMT; domain=.twitter.com
> 
> Set-Cookie: guest_id=128424197394768797; path=/; expires=Mon, 11 Oct
> 2010 21:52:53 GMT
> 
> Set-Cookie:
> original_referer=fBxhJyK4Ko2le28vCjFdUuU0TPqFAtRdqYyfC0jPsNARZDQUgPOC8mBAw3pSUcn9KGWZLCcqP3zbWjCZVfqsrV8qgcG0M3IvAN
> %2FeDqwRZDs%3D; path=/
> 
> Set-Cookie:
> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMhiyQIrAToHaWQiJTA0NTkyNDA5YWI5ZWRm
> %250ANmEyYTIzZmVlMmI2MGQyODhlIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--048b4c682393f66d9e63abd364abb048db4022cf;
> domain=.twitter.com; path=/
> 
> Expires: Sat, 11 Sep 2010 22:22:53 GMT
> 
> Vary: Accept-Encoding
> 
> Connection: close
> 
> 
> 
> 
> 
>   /1/statuses/update.xml
>   Incorrect signature
> 
> 
> 
> I am urlencoding the params. Do I need to also include the consumer
> secret in the signature?
> 
> Any help is really appreciated as I have spend 2 full days with this :-
> (
> 

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] 401 Unauthorized on status update

[DK]

I keep getting this when I try to update status. I am using xAuth and
am able to successfully get access token. MY request:

POST /1/statuses/update.xml HTTP/1.1

Accept: */*

Referer: 
file:///Applications/Install/8B95EF94-D747-4976-B877-9C0D6F69C000/Install/

Content-Length: 140

Accept-Encoding: identity

Content-Type: application/x-www-form-urlencoded

Authorization: OAuth oauth_nonce="7fa7df55-dff0-498d-
a412-31f311a58aa2", oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1284241920",
oauth_consumer_key="xx",
oauth_token="185630219-3cz8iKUYxazA9RQyXMSl0WIZK76lJTYlrJ7LZUeR",
oauth_signature="5F19ANULI0fYZVVCicdbcSTiF2g%3D", oauth_version="1.0"

User-Agent: @sebagomez shelltwit

Host: api.twitter.com

Connection: Keep-Alive

Cache-Control: no-cache


status=Nothing%20is%20to%20come%2C%20and%20nothing%20past%3A%20But%20an
%20eternal%20now%2C%20does%20always%20last.%20%0A-%20Abraham%20Cowley

the response i get is:

HTTP/1.1 401 Unauthorized

Date: Sat, 11 Sep 2010 21:52:54 GMT

Server: hi

Status: 401 Unauthorized

WWW-Authenticate: Basic realm="Twitter API"

Content-Type: application/xml; charset=utf-8

Content-Length: 135

Cache-Control: no-cache, max-age=1800

Set-Cookie: k=173.79.181.196.1284241973942054; path=/; expires=Sat, 18-
Sep-10 21:52:53 GMT; domain=.twitter.com

Set-Cookie: guest_id=128424197394768797; path=/; expires=Mon, 11 Oct
2010 21:52:53 GMT

Set-Cookie:
original_referer=fBxhJyK4Ko2le28vCjFdUuU0TPqFAtRdqYyfC0jPsNARZDQUgPOC8mBAw3pSUcn9KGWZLCcqP3zbWjCZVfqsrV8qgcG0M3IvAN
%2FeDqwRZDs%3D; path=/

Set-Cookie:
_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMhiyQIrAToHaWQiJTA0NTkyNDA5YWI5ZWRm
%250ANmEyYTIzZmVlMmI2MGQyODhlIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--048b4c682393f66d9e63abd364abb048db4022cf;
domain=.twitter.com; path=/

Expires: Sat, 11 Sep 2010 22:22:53 GMT

Vary: Accept-Encoding

Connection: close





  /1/statuses/update.xml
  Incorrect signature



I am urlencoding the params. Do I need to also include the consumer
secret in the signature?

Any help is really appreciated as I have spend 2 full days with this :-
(

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] 401 Unauthorized. Frustrating!!!

[Mukha Mudra]

Hi,
I am doing a GET request with query parameters as follows
http://api.twitter.com/oauth/request_token?oauth_callback="oob"&oauth_consumer_key="N3jplhm1n1ypCzg2eWEg2w"&oauth_signature_method="HMAC-SHA1"&oauth_signature="Tcwwe1C5Rp5kt4TthmjzHB53R7Y%3D"&oauth_timestamp="1282398388"&oauth_nonce="9dgADgZQgJwK"&oauth_token=""&oauth_version="1.0";

I checked the signature formation on
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
and it is accurate.

But i get '401 Unauthorized' in response. I also tried Authorization
header and POST. But same response.
I am trying this from Symbian Application.
In my application settings i have chose 'Desktop client' and 'Read and
Write' access.
I have been trying this since past couple of days. What could be the
issue? How can i get this right and running.

Regards
Biju

[twitter-dev] 401 unauthorized error

[TwitDev]

Hi~ I'm developing the twitter application with Android.

For posting twitpic data, I use Oauth echo, but I'v got 401 error.

Could not authentication you. (header rejected by twitter)


Oauth header

POST /2/upload.xml HTTP 1.1
x-auth-service-provider: 
https://api.twitter.com/1/account/verify_credentials.xml
x-verify-credentials-authorization: Oauth realm="http://
api.twitter.com", oauth_consumer_key="a",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1212",
oauth_nonce="123123", oauth_version="1.0",
oauth_token="user_oauth_token"
.

What is the problem? I have spent for a week. --;

[twitter-dev] 401 Unauthorized with oauth gem

[Spiceee]

Did anything change in the API (couldn't find anything in the API changelog)
that would make all new users who are associating their Twitter acounts to
my app get a 401 on status update? All accounts up to a few days ago are
still working, newer ones get 401 using absolutely the same codebase and the
oauth gem (Ruby) version 0.3.6. Kinda hard to debug.

Cheers,

-Fabio.


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

[twitter-dev] 401 Unauthorized

[Uladzimir Pashkevich]

Hi everyone,

I am developing an application using Twitter API and I have
encountered into a strange behavior connected with 401 error. I am
using basic auth. When I run my application locally, it works just
fine and I never get any 401 errors. However, when I run my
application on another environment, I get 401 error in approximately
80% cases. I am completely sure that the credentials are correct.

What makes this situation even more weird is that I am working with
several accounts, and most of them work fine in both environments. I
am experiencing problems only with one account. All accounts I work
with are whitelisted, so rate limit should not be an issue here.

I have no idea what may cause this behavior. Could you please explain
me the possible reasons I am getting 401?

Thanks,
Uladzimir

Re: [twitter-dev] 401 - Unauthorized error when diacritics in status

[Ryan Alford]

I think it is the way that .Net handles encoding of the diacritics.  I don't
think it's a Twitter api issue.  I was hoping that another .Net developer
had run into this issue and had fixed it.

Ryan

On Tue, Feb 23, 2010 at 2:07 PM, Raffi Krikorian  wrote:

> this would be news to me - if you have a way to replicate this, and you are
> confident its not your oauth libraries, then please let me know.
>
>
> On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford wrote:
>
>> I believe it has been fixed in some libraries in other programming
>> languages, but I can't figure out how to do it in .Net.
>>
>> Ryan
>>
>>
>> On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan wrote:
>>
>>> Ooh, if this is the case then it will definitely stop me from using oAuth
>>> for Feathers (http://feathersapp.com) since diacritics are an essential
>>> part of Unicode art.
>>>
>>> Very interested in hearing what you find out.
>>>
>>> All the best,
>>> Aral
>>>
>>>
>>> On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo 
>>> wrote:
>>>
 I am getting an error message when posting accent marks and other
 diacritics in a status update.

 I saw that there was an issue [1] posted in April of last year about
 this problem.  It seems to be with the signature generation for OAuth
 with the encoding of accent marks.

 I am using .Net(C#), and I can't figure out how to fix this.  Do I use
 a different encoding?  Anybody have any ideas on how to fix this
 in .Net?

 [1] - http://code.google.com/p/twitter-api/issues/detail?id=433

 Ryan

>>>
>>>
>>
>
>
> --
> Raffi Krikorian
> Twitter Platform Team
> http://twitter.com/raffi
>

Re: [twitter-dev] 401 - Unauthorized error when diacritics in status

[Raffi Krikorian]

this would be news to me - if you have a way to replicate this, and you are
confident its not your oauth libraries, then please let me know.

On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford wrote:

> I believe it has been fixed in some libraries in other programming
> languages, but I can't figure out how to do it in .Net.
>
> Ryan
>
>
> On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan wrote:
>
>> Ooh, if this is the case then it will definitely stop me from using oAuth
>> for Feathers (http://feathersapp.com) since diacritics are an essential
>> part of Unicode art.
>>
>> Very interested in hearing what you find out.
>>
>> All the best,
>> Aral
>>
>>
>> On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo 
>> wrote:
>>
>>> I am getting an error message when posting accent marks and other
>>> diacritics in a status update.
>>>
>>> I saw that there was an issue [1] posted in April of last year about
>>> this problem.  It seems to be with the signature generation for OAuth
>>> with the encoding of accent marks.
>>>
>>> I am using .Net(C#), and I can't figure out how to fix this.  Do I use
>>> a different encoding?  Anybody have any ideas on how to fix this
>>> in .Net?
>>>
>>> [1] - http://code.google.com/p/twitter-api/issues/detail?id=433
>>>
>>> Ryan
>>>
>>
>>
>


-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] 401 - Unauthorized error when diacritics in status

[Ryan Alford]

I believe it has been fixed in some libraries in other programming
languages, but I can't figure out how to do it in .Net.

Ryan

On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan  wrote:

> Ooh, if this is the case then it will definitely stop me from using oAuth
> for Feathers (http://feathersapp.com) since diacritics are an essential
> part of Unicode art.
>
> Very interested in hearing what you find out.
>
> All the best,
> Aral
>
>
> On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo wrote:
>
>> I am getting an error message when posting accent marks and other
>> diacritics in a status update.
>>
>> I saw that there was an issue [1] posted in April of last year about
>> this problem.  It seems to be with the signature generation for OAuth
>> with the encoding of accent marks.
>>
>> I am using .Net(C#), and I can't figure out how to fix this.  Do I use
>> a different encoding?  Anybody have any ideas on how to fix this
>> in .Net?
>>
>> [1] - http://code.google.com/p/twitter-api/issues/detail?id=433
>>
>> Ryan
>>
>
>

Re: [twitter-dev] 401 - Unauthorized error when diacritics in status

[Aral Balkan]

Ooh, if this is the case then it will definitely stop me from using oAuth
for Feathers (http://feathersapp.com) since diacritics are an essential part
of Unicode art.

Very interested in hearing what you find out.

All the best,
Aral

On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo wrote:

> I am getting an error message when posting accent marks and other
> diacritics in a status update.
>
> I saw that there was an issue [1] posted in April of last year about
> this problem.  It seems to be with the signature generation for OAuth
> with the encoding of accent marks.
>
> I am using .Net(C#), and I can't figure out how to fix this.  Do I use
> a different encoding?  Anybody have any ideas on how to fix this
> in .Net?
>
> [1] - http://code.google.com/p/twitter-api/issues/detail?id=433
>
> Ryan
>

[twitter-dev] 401 - Unauthorized error when diacritics in status

[eclipsed4utoo]

I am getting an error message when posting accent marks and other
diacritics in a status update.

I saw that there was an issue [1] posted in April of last year about
this problem.  It seems to be with the signature generation for OAuth
with the encoding of accent marks.

I am using .Net(C#), and I can't figure out how to fix this.  Do I use
a different encoding?  Anybody have any ideas on how to fix this
in .Net?

[1] - http://code.google.com/p/twitter-api/issues/detail?id=433

Ryan

[twitter-dev] 401 unauthorized

[Vignesh]

My website uses twitter for authentication,
For the past 24 hours the OAuth sign in is continuously returning
401 , i am not able to figure out what to do?
Has some one faced similar problems?
My site has been down for 24 hours now because of this.
please help me out here.

[twitter-dev] 401 Unauthorized

[Bladimir Arroyo]

I having this error for a while and is happening only on my machine, I
deploy the same project in another similar VM and it worked, so I am
starting to think that there might be something related to my
environment that is causing the 401 Unauthorized issue. I have a Mac
with OS 10.5.6 and a VM running on Paralles, the VM is Fedora Core
running ruby 1.8.6 (2007-06-07 patchlevel 36) [i386-linux], i am using
twitter (0.7.5) and oauth (0.3.6) and when I run this code:

oauth = Twitter::OAuth.new('consumer_key', 'consumer_secret')
atokens = oauth.request_token(:oauth_callback => callback)

I always get a 401 Unauthorized, apparently a couples of weeks ago
there was a general issue with twitter API and was getting the same
error
from a completely different environment (PC) but now the general issue
seems to be solved my PC is able to run the code but my VM still
giving me the 401, any clue on how could I do further tests?

BTW: I have already ask on the Twitter gem Google Group, waiting for
answer. Just wanted to see if you could give me a clue

Thanks,

[twitter-dev] 401 Unauthorized -- user_timeline -- using Numeric ID

[Ryan Rosario]

I have been running into a recurring problem that I have been facing
for the past couple of days, on numerous machines.

I am extracting 200 tweets for a large number of users, using the
numeric user ID (user_id). After a small number of requests (between
10 and 50) I receive nothing but "This method requires
authentication". Authenticating with my username and password does not
make the message go away. I have verified that the users I am trying
to pull are not protected users. I have also verified that I am not
hitting the rate limit.

On my latest attempt, I used an IP I have not used in the past. I was
able to extract the first 200 tweets for *12* users, then I started
receiving 401s ("This method requires authentication") on every single
request of this type.

After about 10 minutes, I tried again and it worked for about another
15 users, then I started getting the same message as well as other
messages including 502.

Is this behavior expected? Does this 401 message possibly mean
something else?

[twitter-dev] 401 Unauthorized with good access token (or seemingly good)

[DanInDC]

I am using python-auth, and oauth twitter to do backend authentication
via twitter sign in. It works as designed. I am able to get an
access_token and then use that to get the user info. I am having
trouble when it comes to trying to post a status update using the
oauth. I have pasted an example to illustrate my problem at
http://pastebin.com/m50ed2c7e . You can see where I fail. Also at the
bottom of that is pasted the encoded post data that I am sending to do
the status update. Also, pasted below.


encoded_post_data='status=Test&oauth_nonce=43777168&oauth_timestamp=1255665189&oauth_consumer_key=MY_CONSUMER_KEY&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_token=SAME_AS_TOKEN.KEY&oauth_signature=SIGNATURE_REMOVED'

I don't expect anyone to be familiar with the libraries I am using but
it is odd I can sign in properly but can't do much beyond that. I'd
ideally like to chat with someone at twitter so I can send my Consumer
info and the access_key in question to see if they can check things on
their end and tell me what I am doing wrong. Thanks.

Dan

[twitter-dev] 401 Unauthorized error while posting status with Unicode characters (non english characters)

[Satheesh Natesan]

I am getting "401 Unauthorized" exception when updating status with
non english characters using my app.

This exception is happening for any Japanese or Korean characters.

Another interesting thing is that it is possible to post some other
non english characters like Malayalam. The exception will not happen
for single word in these cases, but occurs for multiple words.
For example consider the following example

ØáÇÞµæù çµdw - does not work

ØáÇÞµæùçµdw - with space removed works.

Base signature for "ØáÇÞµæù çµdw" which throws exception is

POST&http%3A%2F%2Ftwitter.com%2Fstatuses
%2Fupdate.json&oauth_consumer_key%
3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
%3D4504682%26oauth_signature_method%
3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396-
0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
%3D1.0%26status%
3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw

and for "ØáÇÞµæùçµdw" which works is

POST&http%3A%2F%2Ftwitter.com%2Fstatuses
%2Fupdate.json&oauth_consumer_key%
3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
%3D9388868%26oauth_signature_method%
3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396-
0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
%3D1.0%26status%
3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw


OAuth client library I am using is in .Net

Could you please help to solve this issue? Also I would like to know
you support all unicode characters.
Your help is greatly appreciated.

Thanks,
Satheesh Natesan

[twitter-dev] 401 Unauthorized...

[AccountingSoftwareGuy]

Is Twitter still blocking posts to the API from non-white listed
apps?  Since the DDOS attack we can't seem to send any posts through
the API using oAuth.  Nothing in our code has changed but all was
working prior to the attack. Is anyone out there havine any success
sending messages with oauth (non-whitelisted app)???

Can someone/anyone please comment, I need to get our app working but
considering our code has not changed I don't want to spend a lot of
time chasing something down that is not my fault and out of my
control.

PLEASE HELP

[twitter-dev] 401 Unauthorized

[Goldbird]

Are anyone experiencing "401 Unauthorized " errors? Everything worked
fine before yesterday. Now we are getting 401 Unauthorized  on both
basic authorization and OAuth on 80% of the calls. Other 20% works
fine.

What's happening?

[twitter-dev] 401 Unauthorized When Getting an Access Token

[mattarnold1977]

I am using ASP .NET (VB) to try and authenticate using oAuth.  I have
been able to get a request token and direct a user to Twitter's
authentication page.  Twitter then redirects back to my app.  At that
point I attempt to get an access token, but I continue to receive 401
"unauthorized" errors.  I have made sure that I am getting a new
signature, using both the token and token secret when generating the
signature, and that my url parameters are in alphabetical order, but I
continue to get 401 errors.  Has anyone experienced this, and if so,
could you point me in the right direction toward diagnosing this
issue?

-Matt

[twitter-dev] 401: Unauthorized application or token on friendship/exists

[tayknight]

I'm fairly sure I'm getting a proper token. Using the page
http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html I
get the same signature as in my failing url.

GET looks like:
http://twitter.com/friendship/exists.json?
oauth_consumer_key=Rg4VBVUvAoThpl78duF3Rg
&oauth_nonce=375494971125145587
&oauth_signature=xWCdscsa6I4GJphDIQAnsDmjyhM%3D
&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=1240933535
&oauth_token=765803-e2mAy2wkQy4wRI9LQC73cZwbiwmmJ7mZJh04MZiWk
&oauth_version=1.0
&user_a=tayknight
&user_b=wxtweet

I must be missing something obvious. Other GETs work. I can provide
secrets to TwitterAPI folks if they want to help debug.

Thanks.

[twitter-dev] 401 unauthorized

[Ken W]

My previous post is waiting to be moderated since I'm a newbie I
think, but I was wrong. I thought it was a get vs. post issue, but it
seems to be that my code works very intermittently. The error is
always a 401 unauthorized in getting the access token from the request
token. but once in a while it works fine. I'm using the Ruby tutorial
from the wiki pretty much verbatim for now. To get it to work
initially I had to add the authorize url to the oauth::consumer new
call (rather than use the defaults) but that may have just been the
intermittent nature.
I'd like to debug this myself but I can't see where the authorize
would ever return a 401 since I just got the request token (I can see
where the previous step would return unauthorized if the user denied
or some error occurred there). Anywhere I can look for hints? Could it
be something about the fact I have rtied and failed a few times? I
don't think I could have hit any reasonable limit.
Ken

[twitter-dev] 401 Unauthorized on OAuth calls?

[Dominik Schwind]

Hi everyone,

since about half an hour ago I seem to be getting 401 Unauthorized
responses to my OAuth-ed API calls.

Is that a known problem?

Regards,

Dominik