[twitter-dev] Re: Failed to validate oauth signature and token using python/django libs
Update: It works now. Thanks to everyone who tried to help me diagnose the issue. Today, Hedley posted about the system being off can cause the request token to fail. This was my exact problem it turns out. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/aadee92bc5c34f29?pli=1 Thanks again! ~Blaine On Jul 9, 10:57 pm, JDG ghil...@gmail.com wrote: No. According to the oauth spec, your signature key is always consumer_secrettoken_secret, even if token_secret is empty, so when you first call request_token, your key will be consumer_secret On Thu, Jul 9, 2009 at 21:24, Blaine Garrett bla...@blainegarrett.comwrote: Hi, Thanks for the quick reply Matt. Below is a recap of the setup with a bit more clarity as well as the keys, url, and pre-encoded data. Hopefully this sheds some light on the issue. I also tried the PHP lib someone recommended with the same results - i.e 401 error. So again, I am thinking it is something external to the Django setup - be it on either end of the requests. Thanks again! Blaine 1. Url I am trying to call the twitter API: http://articulture.blainegarrett.com/signin/ 2. View Code being called: [python_code] def signin(request): from acsite.people import oauthtwitter import acsite.settings as settings # Step 1: Create an anonymous twitter oauth consumer oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg', 'MY_SECRET_KEY') # Blaine's Personal Dev Site keys # Step 2: Fetch Request Token From Twitter request_token = oauth_consumer.getRequestToken() # In here I get the 401 error raise Exception(request_token) # Never gets here [/python_code] 3: I installed fresh copies: python-twitter :http://code.google.com/p/python-twitter/ oauth-python-twitterhttp://code.google.com/p/python-twitter/%0Aoauth-python-twitter: http://code.google.com/p/oauth-python-twitter/ oauth :http://oauth.googlecode.com/svn/code/python/oauth/oauth.py In the oauth.py, I changed the line 36: SIGNATURE_METHOD = 'HMAC-SHA1' 4. With no other changes, I get: the urllib2 exception: HTTPError at / signin/ HTTP Error 401: Unauthorized 5. When I wrap the url opener code in oauthtwitter.py on approx line 102 in: try: url_data = opener.open(url).read() except urllib2.HTTPError, e: raise Exception('GET REQUEST VERSION : Unable to connect to the oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url, e.msg)) I get the exception: GET REQUEST VERSION: Unable to connect to the oAuth Service. Code: 401 - Url: https://twitter.com/oauth/request_token?oauth_nonce=51064775oauth_ti... : Content - Unauthorized 6. Trying again with a new request, adding an exception of the key,raw returned from build_signature_base_string in build_signature in oauth.py line 563, I get: key=MY_SECRET_KEY, raw: GEThttps%3A%2F%2Ftwitter.com%2Foauth %2Frequest_tokenoauth_consumer_key%3DVx43QEmSCP1whLq1OSPg %26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0 Note trailing ampersand on the key returned. Could this be a query string artifact? On Jul 6, 10:59 am, Matt Sanford m...@twitter.com wrote: Hi Blaine, Failing the validate the signature when getting a request token is pretty rare. As you said the fact this all works from other libraries seems to point to a library issue. The most helpful things to see in these cases are: • The actual HTTP request and response that fails. By seeing the URL requested I can try and recreate the signature and find the mismatch. • The signature base string used to create the oauth_signature parameter. This usually requires adding some print statements to the oauth library you're using but can be really helpful. If you can send the HTTP request and response (headers and bodies) that will be a good start. If you're not sure how to get them from your library I recommend using a debugging proxy like Charles [1]. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] -http://www.charlesproxy.com/ On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote: Hi, I get the 401:Unauthorized Error every time I attempt to get a request token. When I attempt to go to the URL directly in the browser (not yet accessed to preserve nonce) I get a body of Failed to validate oauth signature and token. I am using the Leah's oauth client listed athttp://oauth.net/code as well as the python-twitter (0.7-devel) and oauth-python-twitter (v0.1) I was able to get these same libraries to work on a different project but not on the current one I am working on. I have refreshed my tokens numerous times and also tried the working ones from the other project. I also tried the tokens from this project on the other project that was working and that WORKED.
[twitter-dev] Re: Failed to validate oauth signature and token using python/django libs
Hi, Thanks for the quick reply Matt. Below is a recap of the setup with a bit more clarity as well as the keys, url, and pre-encoded data. Hopefully this sheds some light on the issue. I also tried the PHP lib someone recommended with the same results - i.e 401 error. So again, I am thinking it is something external to the Django setup - be it on either end of the requests. Thanks again! Blaine 1. Url I am trying to call the twitter API: http://articulture.blainegarrett.com/signin/ 2. View Code being called: [python_code] def signin(request): from acsite.people import oauthtwitter import acsite.settings as settings # Step 1: Create an anonymous twitter oauth consumer oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg', 'MY_SECRET_KEY') # Blaine's Personal Dev Site keys # Step 2: Fetch Request Token From Twitter request_token = oauth_consumer.getRequestToken() # In here I get the 401 error raise Exception(request_token) # Never gets here [/python_code] 3: I installed fresh copies: python-twitter : http://code.google.com/p/python-twitter/ oauth-python-twitter : http://code.google.com/p/oauth-python-twitter/ oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py In the oauth.py, I changed the line 36: SIGNATURE_METHOD = 'HMAC-SHA1' 4. With no other changes, I get: the urllib2 exception: HTTPError at / signin/ HTTP Error 401: Unauthorized 5. When I wrap the url opener code in oauthtwitter.py on approx line 102 in: try: url_data = opener.open(url).read() except urllib2.HTTPError, e: raise Exception('GET REQUEST VERSION : Unable to connect to the oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url, e.msg)) I get the exception: GET REQUEST VERSION: Unable to connect to the oAuth Service. Code: 401 - Url: https://twitter.com/oauth/request_token?oauth_nonce=51064775oauth_timestamp=1247173406oauth_consumer_key=Vx43QEmSCP1whLq1OSPgoauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D : Content - Unauthorized 6. Trying again with a new request, adding an exception of the key,raw returned from build_signature_base_string in build_signature in oauth.py line 563, I get: key=MY_SECRET_KEY, raw: GEThttps%3A%2F%2Ftwitter.com%2Foauth %2Frequest_tokenoauth_consumer_key%3DVx43QEmSCP1whLq1OSPg %26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0 Note trailing ampersand on the key returned. Could this be a query string artifact? On Jul 6, 10:59 am, Matt Sanford m...@twitter.com wrote: Hi Blaine, Failing the validate the signature when getting a request token is pretty rare. As you said the fact this all works from other libraries seems to point to a library issue. The most helpful things to see in these cases are: • The actual HTTP request and response that fails. By seeing the URL requested I can try and recreate the signature and find the mismatch. • The signature base string used to create the oauth_signature parameter. This usually requires adding some print statements to the oauth library you're using but can be really helpful. If you can send the HTTP request and response (headers and bodies) that will be a good start. If you're not sure how to get them from your library I recommend using a debugging proxy like Charles [1]. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] -http://www.charlesproxy.com/ On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote: Hi, I get the 401:Unauthorized Error every time I attempt to get a request token. When I attempt to go to the URL directly in the browser (not yet accessed to preserve nonce) I get a body of Failed to validate oauth signature and token. I am using the Leah's oauth client listed athttp://oauth.net/code as well as the python-twitter (0.7-devel) and oauth-python-twitter (v0.1) I was able to get these same libraries to work on a different project but not on the current one I am working on. I have refreshed my tokens numerous times and also tried the working ones from the other project. I also tried the tokens from this project on the other project that was working and that WORKED. As such, I am guessing it is an issue with my setup or some other lib I am working with. Both projects however have Python Versions 2.5.2 and should otherwise be the same setups. Domain the project is on ishttp://articulture.blainegarrett.comif the matters for some odd reason. Any thoughts? Here is the code I am using to call the libs if it helps: oauth_consumer = oauthtwitter.OAuthApi(consumer_token, consumer_secret) request_token = oauth_consumer.getRequestToken() # httplib exception bubbles from within here authorization_url = oauth_consumer.getAuthorizationURL(request_token) Thank you! ~Blaine -- Blaine Garrett gchat : bla...@jrcorps.com aim: zombiediv y!:
[twitter-dev] Re: Failed to validate oauth signature and token using python/django libs
No. According to the oauth spec, your signature key is always consumer_secrettoken_secret, even if token_secret is empty, so when you first call request_token, your key will be consumer_secret On Thu, Jul 9, 2009 at 21:24, Blaine Garrett bla...@blainegarrett.comwrote: Hi, Thanks for the quick reply Matt. Below is a recap of the setup with a bit more clarity as well as the keys, url, and pre-encoded data. Hopefully this sheds some light on the issue. I also tried the PHP lib someone recommended with the same results - i.e 401 error. So again, I am thinking it is something external to the Django setup - be it on either end of the requests. Thanks again! Blaine 1. Url I am trying to call the twitter API: http://articulture.blainegarrett.com/signin/ 2. View Code being called: [python_code] def signin(request): from acsite.people import oauthtwitter import acsite.settings as settings # Step 1: Create an anonymous twitter oauth consumer oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg', 'MY_SECRET_KEY') # Blaine's Personal Dev Site keys # Step 2: Fetch Request Token From Twitter request_token = oauth_consumer.getRequestToken() # In here I get the 401 error raise Exception(request_token) # Never gets here [/python_code] 3: I installed fresh copies: python-twitter : http://code.google.com/p/python-twitter/ oauth-python-twitterhttp://code.google.com/p/python-twitter/%0Aoauth-python-twitter: http://code.google.com/p/oauth-python-twitter/ oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py In the oauth.py, I changed the line 36: SIGNATURE_METHOD = 'HMAC-SHA1' 4. With no other changes, I get: the urllib2 exception: HTTPError at / signin/ HTTP Error 401: Unauthorized 5. When I wrap the url opener code in oauthtwitter.py on approx line 102 in: try: url_data = opener.open(url).read() except urllib2.HTTPError, e: raise Exception('GET REQUEST VERSION : Unable to connect to the oAuth Service. Code: %s - Url: %s : Content - %s' % (e.code, e.url, e.msg)) I get the exception: GET REQUEST VERSION: Unable to connect to the oAuth Service. Code: 401 - Url: https://twitter.com/oauth/request_token?oauth_nonce=51064775oauth_timestamp=1247173406oauth_consumer_key=Vx43QEmSCP1whLq1OSPgoauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D : Content - Unauthorized 6. Trying again with a new request, adding an exception of the key,raw returned from build_signature_base_string in build_signature in oauth.py line 563, I get: key=MY_SECRET_KEY, raw: GEThttps%3A%2F%2Ftwitter.com%2Foauth %2Frequest_tokenoauth_consumer_key%3DVx43QEmSCP1whLq1OSPg %26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0 Note trailing ampersand on the key returned. Could this be a query string artifact? On Jul 6, 10:59 am, Matt Sanford m...@twitter.com wrote: Hi Blaine, Failing the validate the signature when getting a request token is pretty rare. As you said the fact this all works from other libraries seems to point to a library issue. The most helpful things to see in these cases are: • The actual HTTP request and response that fails. By seeing the URL requested I can try and recreate the signature and find the mismatch. • The signature base string used to create the oauth_signature parameter. This usually requires adding some print statements to the oauth library you're using but can be really helpful. If you can send the HTTP request and response (headers and bodies) that will be a good start. If you're not sure how to get them from your library I recommend using a debugging proxy like Charles [1]. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] -http://www.charlesproxy.com/ On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote: Hi, I get the 401:Unauthorized Error every time I attempt to get a request token. When I attempt to go to the URL directly in the browser (not yet accessed to preserve nonce) I get a body of Failed to validate oauth signature and token. I am using the Leah's oauth client listed athttp://oauth.net/code as well as the python-twitter (0.7-devel) and oauth-python-twitter (v0.1) I was able to get these same libraries to work on a different project but not on the current one I am working on. I have refreshed my tokens numerous times and also tried the working ones from the other project. I also tried the tokens from this project on the other project that was working and that WORKED. As such, I am guessing it is an issue with my setup or some other lib I am working with. Both projects however have Python Versions 2.5.2 and should otherwise be the same setups. Domain the project is on ishttp://articulture.blainegarrett.comif the matters for some odd reason.
[twitter-dev] Re: Failed to validate oauth signature and token using python/django libs
Hi Blaine, Failing the validate the signature when getting a request token is pretty rare. As you said the fact this all works from other libraries seems to point to a library issue. The most helpful things to see in these cases are: • The actual HTTP request and response that fails. By seeing the URL requested I can try and recreate the signature and find the mismatch. • The signature base string used to create the oauth_signature parameter. This usually requires adding some print statements to the oauth library you're using but can be really helpful. If you can send the HTTP request and response (headers and bodies) that will be a good start. If you're not sure how to get them from your library I recommend using a debugging proxy like Charles [1]. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://www.charlesproxy.com/ On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote: Hi, I get the 401:Unauthorized Error every time I attempt to get a request token. When I attempt to go to the URL directly in the browser (not yet accessed to preserve nonce) I get a body of Failed to validate oauth signature and token. I am using the Leah's oauth client listed at http://oauth.net/code as well as the python-twitter (0.7-devel) and oauth-python-twitter (v0.1) I was able to get these same libraries to work on a different project but not on the current one I am working on. I have refreshed my tokens numerous times and also tried the working ones from the other project. I also tried the tokens from this project on the other project that was working and that WORKED. As such, I am guessing it is an issue with my setup or some other lib I am working with. Both projects however have Python Versions 2.5.2 and should otherwise be the same setups. Domain the project is on is http://articulture.blainegarrett.com if the matters for some odd reason. Any thoughts? Here is the code I am using to call the libs if it helps: oauth_consumer = oauthtwitter.OAuthApi(consumer_token, consumer_secret) request_token = oauth_consumer.getRequestToken() # httplib exception bubbles from within here authorization_url = oauth_consumer.getAuthorizationURL(request_token) Thank you! ~Blaine -- Blaine Garrett gchat : bla...@jrcorps.com aim: zombiediv y!: zombiediv