[twitter-dev] Re: /oauth/request_token - Can't get one

2011-07-01 Thread DoXiD
I need to know, is this corner dead cause i got a response in less
then a few hours in the bug department and i can't get any help with
this at all.
Am i missing some information? then please tell me, i'll feed you with
whatever you want, i'm a developer and i'm developing core functions
and API's so i can bring up whatever output data you need... urm yea,
i'm desperate!

On Jun 28, 10:30 pm, DoXiD anton.do...@gmail.com wrote:
 And this is what my sign_key_base looks like:


 On Jun 28, 8:40 pm, DoXiD anton.do...@gmail.com wrote:

  After talking with a nice guy at the IRC channel he mentioned that i
  needed to sort my headers and my POST data.
  Sad and done, i sorted my things but still didn't help, any other

  Here's a output (readable version) of my 

  On Jun 28, 5:31 pm, DoXiD anton.do...@gmail.com wrote:

   First off, i'm uncertain which keys i can and can not post, so i'll
   obscure them.

   My main problem is that i don't know which keys to send to the

   Here is that i'm trying to send:
   (Note: time matches the servers, i've made sure of that)
   (Note: I have checked so that _all_ my keys are correct)
   (Note: I've also made sure that the signature matches up to my content
   of POST)

   POST /oauth/request_token HTTP/1.1
   Content-Type: application/x-www-form-urlencoded
   Authorization: OAuth oauth_nonce=1309272106, oauth_callback=,
   oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106,
   oauth_consumer_key=pk...8pw, oauth_token=,
   oauth_signature=T5...5pQ%3D, oauth_version=1.0
   User-Agent: InetCheck
   Host: api.twitter.com
   Keep-Alive: 115
   Content-Length: 171


   After tat i recive either Failed to validate oauth signature and
   token or just a 401 return code.

   I'm trying to get my hands dirty here by developing my own API for
   I know there are some out there but i don't like em + i don't trust
   other people.

   So i'm running Python2.6.5
   And i'm using the modules:
   from socket import *
   from time import time, gmtime
   from random import randint
   import base64
   import hashlib
   import hmac
   import urllib

   (i know, you're not supposed to do from m import * but i'm just
   making some basic code for a skeleton atm).

   The code to generate the header + POST data:
   (again, just a skeleton, ugly code, will be fixed when i got a working

                   dstr = ''
                   if data:
                           dstr += ''

                           for k in ('oauth_callback', 'oauth_consumer_key', 
   'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
                                   if not k in data: raise KeyError(Missing 
+ k + , please
   specify it at the login)
                                   dstr += k + '=' + data[k] + ''
                           dstr = dstr[:-1]

                   secr = self.keySet[1]
                   sign_key_base = 'POST' + '' + urllib.quote_plus('http://
   api.twitter.com/oauth/request_token') + ''
                   sign_key_base += urllib.quote_plus(dstr)
                   print 'Using sign base:'
                   print '\t' + sign_key_base + '\n'
                   print '\t Key:'
                   print '\t\t', [data['consumer_secret'] + '']
                   print '\t\t', [hmac.new(data['consumer_secret'] + '',
   sign_key_base, hashlib.sha1).digest()]
                   print '\t\t', 
   + '', sign_key_base, hashlib.sha1).digest())]
                   secr =
   urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
   '', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
                   print '\t\t', [secr], '\n'

                   ret = 'POST ' + URL  + ' HTTP/1.1\r\n'
                   ret += 'Content-Type: 

                   ret += 'Authorization: OAuth oauth_nonce=' + 
   data['oauth_nonce'] +
   ', '
                   ret += 'oauth_callback=' + data['oauth_callback'] + ', '
                   ret += 'oauth_signature_method=HMAC-SHA1, '
                   ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', '
                   ret += 'oauth_consumer_key=' + 
   data['oauth_consumer_key'] + ', '
                   ret += 'oauth_token=' + data['oauth_token'] + ', '
                   ret += 'oauth_signature=' + secr + ', '
                   ret += 'oauth_version=1.0\r\n'
                   ret += 'User-Agent: InetCheck\r\n'

[twitter-dev] Re: /oauth/request_token - Can't get one

2011-06-28 Thread DoXiD
After talking with a nice guy at the IRC channel he mentioned that i
needed to sort my headers and my POST data.
Sad and done, i sorted my things but still didn't help, any other

Here's a output (readable version) of my HEAD+POST:

On Jun 28, 5:31 pm, DoXiD anton.do...@gmail.com wrote:
 First off, i'm uncertain which keys i can and can not post, so i'll
 obscure them.

 My main problem is that i don't know which keys to send to the

 Here is that i'm trying to send:
 (Note: time matches the servers, i've made sure of that)
 (Note: I have checked so that _all_ my keys are correct)
 (Note: I've also made sure that the signature matches up to my content
 of POST)

 POST /oauth/request_token HTTP/1.1
 Content-Type: application/x-www-form-urlencoded
 Authorization: OAuth oauth_nonce=1309272106, oauth_callback=,
 oauth_signature_method=HMAC-SHA1, oauth_timestamp=1309272106,
 oauth_consumer_key=pk...8pw, oauth_token=,
 oauth_signature=T5...5pQ%3D, oauth_version=1.0
 User-Agent: InetCheck
 Host: api.twitter.com
 Keep-Alive: 115
 Content-Length: 171


 After tat i recive either Failed to validate oauth signature and
 token or just a 401 return code.

 I'm trying to get my hands dirty here by developing my own API for
 I know there are some out there but i don't like em + i don't trust
 other people.

 So i'm running Python2.6.5
 And i'm using the modules:
 from socket import *
 from time import time, gmtime
 from random import randint
 import base64
 import hashlib
 import hmac
 import urllib

 (i know, you're not supposed to do from m import * but i'm just
 making some basic code for a skeleton atm).

 The code to generate the header + POST data:
 (again, just a skeleton, ugly code, will be fixed when i got a working

                 dstr = ''
                 if data:
                         dstr += ''

                         for k in ('oauth_callback', 'oauth_consumer_key', 
 'oauth_signature_method', 'oauth_timestamp', 'oauth_token',
                                 if not k in data: raise KeyError(Missing  + 
 k + , please
 specify it at the login)
                                 dstr += k + '=' + data[k] + ''
                         dstr = dstr[:-1]

                 secr = self.keySet[1]
                 sign_key_base = 'POST' + '' + urllib.quote_plus('http://
 api.twitter.com/oauth/request_token') + ''
                 sign_key_base += urllib.quote_plus(dstr)
                 print 'Using sign base:'
                 print '\t' + sign_key_base + '\n'
                 print '\t Key:'
                 print '\t\t', [data['consumer_secret'] + '']
                 print '\t\t', [hmac.new(data['consumer_secret'] + '',
 sign_key_base, hashlib.sha1).digest()]
                 print '\t\t', 
 + '', sign_key_base, hashlib.sha1).digest())]
                 secr =
 urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] +
 '', sign_key_base, hashlib.sha1).digest()).replace('\n', ''))
                 print '\t\t', [secr], '\n'

                 ret = 'POST ' + URL  + ' HTTP/1.1\r\n'
                 ret += 'Content-Type: application/x-www-form-urlencoded\r\n'

                 ret += 'Authorization: OAuth oauth_nonce=' + 
 data['oauth_nonce'] +
 ', '
                 ret += 'oauth_callback=' + data['oauth_callback'] + ', '
                 ret += 'oauth_signature_method=HMAC-SHA1, '
                 ret += 'oauth_timestamp=' + data['oauth_nonce'] + ', '
                 ret += 'oauth_consumer_key=' + data['oauth_consumer_key'] + 
 ', '
                 ret += 'oauth_token=' + data['oauth_token'] + ', '
                 ret += 'oauth_signature=' + secr + ', '
                 ret += 'oauth_version=1.0\r\n'
                 ret += 'User-Agent: InetCheck\r\n'
                 ret += 'Host: ' + host + '\r\n'

                 ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr)) 
 + '\r\n
 \r\n' + dstr

 Please help me, it's getting on my nerves this oAuth stuff,
 really never ever came in contact with it until Twitter, sure it looks
 like a good security implementation but atm i don't like it :/

 Any help is apritiated.

 Also, validated my oauth_signature and content 

 Everyting matches up against what i'm sending to the server.
 So if Twitter follows that standard it should all be good.

 I don't know tho if i should skip oauth_callback since it's an empty
 string anyways, or if i should skip oauth_token because i don't have
 one (also a empty string).

Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi