[twitter-dev] Pin-based authorization via .NET
I'm working on version 2 of Twitterizer, a .NET library for using the Twitter API, but I've run into a weird issue with pin-based OAuth. I have a sample web application and a sample desktop application. From the web application I am able to perform pin-based authentication without any issues, but through the desktop application every call for access tokens are refused with Invalid oauth_verifier parameter. I've stepped through the code (non-stop for an hour) and I'm sure that the exact code is executing for each call. I've tried changing the calls to GET, instead of POST, and the results are the same. From the web app it works great, from the desktop app, not so much. Using fiddler, I've captured the HTTP request/response from each, and they look exactly the same (to me). Here is the call from the web application (works): POST http://twitter.com/oauth/access_token?oauth_verifier=2068385 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm=Twitter API,oauth_consumer_key=Ds8w95QVNTITV16pqMwtHA,oauth_nonce=6E723378,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1267995036,oauth_token=Vy5cCHkomrAKocY9c8J18hAEf1PJ2ONwBtQxmdGGaI,oauth_version=1.0,oauth_signature=OU3Qfi2tq %2Fwyaij0NezCARqLVCA%3D User-Agent: Twitterizer/2.0.0.0 Host: twitter.com And here is the call from the desktop application (does not work): POST http://twitter.com/oauth/access_token?oauth_verifier=541907 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm=Twitter API,oauth_consumer_key=Ds8w95QVNTITV16pqMwtHA,oauth_nonce=7F8D82E3,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1267995086,oauth_token=uTcERUybyJF0WKi77w5dPCTZbwO7DZJX1hQuJK0fg,oauth_version=1.0,oauth_signature=iUUcdVtM %2B4nxfDKrqPqElE9IPgY%3D User-Agent: Twitterizer/2.0.0.0 Host: twitter.com The response body is: ?xml version=1.0 encoding=UTF-8? hash request/oauth/access_token?oauth_verifier=541907/request errorInvalid oauth_verifier parameter/error /hash This may be more of a .NET question, as there may be some kind of nuance when making requests through a windows application, but I thought it might be worth my time to ask everyone, in case I'm doing something dumb (it happens). Thanks for your time, Ricky www.twitterizer.net
Re: [twitter-dev] Pin-based authorization via .NET
Why are you using PIN based authorization for web applications? Web applications don't use PINs. Ryan Sent from my DROID On Mar 7, 2010 4:59 PM, Ricky ri...@digitally-born.com wrote: I'm working on version 2 of Twitterizer, a .NET library for using the Twitter API, but I've run into a weird issue with pin-based OAuth. I have a sample web application and a sample desktop application. From the web application I am able to perform pin-based authentication without any issues, but through the desktop application every call for access tokens are refused with Invalid oauth_verifier parameter. I've stepped through the code (non-stop for an hour) and I'm sure that the exact code is executing for each call. I've tried changing the calls to GET, instead of POST, and the results are the same. From the web app it works great, from the desktop app, not so much. Using fiddler, I've captured the HTTP request/response from each, and they look exactly the same (to me). Here is the call from the web application (works): POST http://twitter.com/oauth/access_token?oauth_verifier=2068385 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm=Twitter API,oauth_consumer_key=Ds8w95QVNTITV16pqMwtHA,oauth_nonce=6E723378,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1267995036,oauth_token=Vy5cCHkomrAKocY9c8J18hAEf1PJ2ONwBtQxmdGGaI,oauth_version=1.0,oauth_signature=OU3Qfi2tq %2Fwyaij0NezCARqLVCA%3D User-Agent: Twitterizer/2.0.0.0 Host: twitter.com And here is the call from the desktop application (does not work): POST http://twitter.com/oauth/access_token?oauth_verifier=541907 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm=Twitter API,oauth_consumer_key=Ds8w95QVNTITV16pqMwtHA,oauth_nonce=7F8D82E3,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1267995086,oauth_token=uTcERUybyJF0WKi77w5dPCTZbwO7DZJX1hQuJK0fg,oauth_version=1.0,oauth_signature=iUUcdVtM %2B4nxfDKrqPqElE9IPgY%3D User-Agent: Twitterizer/2.0.0.0 Host: twitter.com The response body is: ?xml version=1.0 encoding=UTF-8? hash request/oauth/access_token?oauth_verifier=541907/request errorInvalid oauth_verifier parameter/error /hash This may be more of a .NET question, as there may be some kind of nuance when making requests through a windows application, but I thought it might be worth my time to ask everyone, in case I'm doing something dumb (it happens). Thanks for your time, Ricky www.twitterizer.net
Re: [twitter-dev] Pin-based authorization via .NET
You are missing a digit from the desktop PIN. It should always be 7 digits. Abraham On Sun, Mar 7, 2010 at 12:57, Ricky ri...@digitally-born.com wrote: I'm working on version 2 of Twitterizer, a .NET library for using the Twitter API, but I've run into a weird issue with pin-based OAuth. I have a sample web application and a sample desktop application. From the web application I am able to perform pin-based authentication without any issues, but through the desktop application every call for access tokens are refused with Invalid oauth_verifier parameter. I've stepped through the code (non-stop for an hour) and I'm sure that the exact code is executing for each call. I've tried changing the calls to GET, instead of POST, and the results are the same. From the web app it works great, from the desktop app, not so much. Using fiddler, I've captured the HTTP request/response from each, and they look exactly the same (to me). Here is the call from the web application (works): POST http://twitter.com/oauth/access_token?oauth_verifier=2068385 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm=Twitter API,oauth_consumer_key=Ds8w95QVNTITV16pqMwtHA,oauth_nonce=6E723378,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1267995036,oauth_token=Vy5cCHkomrAKocY9c8J18hAEf1PJ2ONwBtQxmdGGaI,oauth_version=1.0,oauth_signature=OU3Qfi2tq %2Fwyaij0NezCARqLVCA%3D User-Agent: Twitterizer/2.0.0.0 Host: twitter.com And here is the call from the desktop application (does not work): POST http://twitter.com/oauth/access_token?oauth_verifier=541907 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm=Twitter API,oauth_consumer_key=Ds8w95QVNTITV16pqMwtHA,oauth_nonce=7F8D82E3,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1267995086,oauth_token=uTcERUybyJF0WKi77w5dPCTZbwO7DZJX1hQuJK0fg,oauth_version=1.0,oauth_signature=iUUcdVtM %2B4nxfDKrqPqElE9IPgY%3D User-Agent: Twitterizer/2.0.0.0 Host: twitter.com The response body is: ?xml version=1.0 encoding=UTF-8? hash request/oauth/access_token?oauth_verifier=541907/request errorInvalid oauth_verifier parameter/error /hash This may be more of a .NET question, as there may be some kind of nuance when making requests through a windows application, but I thought it might be worth my time to ask everyone, in case I'm doing something dumb (it happens). Thanks for your time, Ricky www.twitterizer.net -- Abraham Williams | Community Advocate | http://abrah.am TwitterOAuth | http://github.com/abraham/twitteroauth This email is: [ ] shareable [x] ask first [ ] private.
