[twitter-dev] Re: Incorrect Signature for oAuth
Thanks to all your replies helped I can now perform status updates via oAuth. I'm rather irritated that Uri.EscapeDataString doesn't escape all illegal characters. It just fails now if a status update contains exclamation marks, asterisk, dollar signs, single quotes and probably a few more. I'll solve that in the morning. Thanks again. Rhys On Jun 8, 1:57 am, StephenBnz wrote: > Hi Rhys, > - you're right status should be at the end of the base string. Even > though it's sent as a POST, it still has to go in alpha order in the > base string. > - Also be careful of the leading %3F you've got after the update.xml - > should just be (method)&(baseURL+service)&(list of params separated by > %26) > - Once you've signed with this string, your message will look like: > (pseudo code not actual message) > > POST HTTP 1.1 /statuses/update.xml > Host: api.twitter.com:443 > Authorization: (list of params as normal, including oauth_signature > but NOT including status) > Content-type: application/x-www-form-urlencoded > Body: > status=test > > Also note that if you have non-alpha characters in the status string > (eg. space, etc) you must URL encode them BEFORE compiling the base > signature string, and also ensure they remain URL encoded in the POST > body. > > Hope this helps > Stephen > > On Jun 8, 7:36 am,rhysmeister wrote: > > > > > Hi, thanks to you both. I've removed the source parameter. > > > There is something wrong with my signature base indeed. Here's what I > > am sending for a status update... > > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml&%3Fstatus > > %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce > > %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > > %3D1275946125%26oauth_token%3Dxx > > %26oauth_version%3D1.0 > > > As far as I can gather from this > > linkhttp://dev.twitter.com/pages/auth#auth-request, > > I need to remove query parameter from the url and order them in the > > string. So in this case status would appear at the end. I can't find > > it now, but some poster in a group said to put the status paramter in > > the url rather than the post body. I think I must have been ordering > > the signature base incorrectly previous to this. > > > Rhys > > > On Jun 7, 3:09 pm, Taylor Singletary > > wrote: > > > > To help you debug, it would be useful to see the signature base string > > > that > > > was generated for the request. Possible things going wrong: the signature > > > base string isn't mentioning that this is a POST, or your OAuth-based > > > parameters are leaking into your POST body.. > > > > As Hwee-Boon said, you also needn't include the source parameter, as it > > > will > > > be ignored. > > > > Taylor Singletary > > > Developer Advocate, Twitterhttp://twitter.com/episod > > > > On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar wrote: > > > > Since it's GET works and POST, no. 1 reason is to make sure the base > > > > URI in the base signature string is constructed correctly. In your > > > > example, you don't need source= since it's OAuth. > > > > > -- > > > > Hwee-Boon > > > > > On Jun 6, 8:56 pm,rhysmeister wrote: > > > > > Hi All, > > > > > > I am having problems identifying what is wrong with converting my app > > > > > to use oAuth. All my GET requests work fine but my POST requests all > > > > > fail with an incorrect signature error. I am adding the oauth > > > > > parameters to the authorisation header of my request. My authorisation > > > > > header is build like below for GET requests (this works); > > > > > > OAuth > > > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > > > > _signature_method="HMAC- > > > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > > > > xxx" > > > > > > My POST requests (these don't work); > > > > > > OAuth > > > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > > > > _signature_method="HMAC- > > > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > > > > xxx" > > > > > > I get the below error returned... > > > > > > > > > > > > > > > > > > > > > /1/statuses/update.xml?source=xx > > > > > Incorrect signature > > > > > > > > > > > Would anyone be able to provide any pointers here? > > > > > > Cheers, > > > > > > Rhys
[twitter-dev] Re: Incorrect Signature for oAuth
Hi Rhys, - you're right status should be at the end of the base string. Even though it's sent as a POST, it still has to go in alpha order in the base string. - Also be careful of the leading %3F you've got after the update.xml - should just be (method)&(baseURL+service)&(list of params separated by %26) - Once you've signed with this string, your message will look like: (pseudo code not actual message) POST HTTP 1.1 /statuses/update.xml Host: api.twitter.com:443 Authorization: (list of params as normal, including oauth_signature but NOT including status) Content-type: application/x-www-form-urlencoded Body: status=test Also note that if you have non-alpha characters in the status string (eg. space, etc) you must URL encode them BEFORE compiling the base signature string, and also ensure they remain URL encoded in the POST body. Hope this helps Stephen On Jun 8, 7:36 am, rhysmeister wrote: > Hi, thanks to you both. I've removed the source parameter. > > There is something wrong with my signature base indeed. Here's what I > am sending for a status update... > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml&%3Fstatus > %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce > %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > %3D1275946125%26oauth_token%3Dxx > %26oauth_version%3D1.0 > > As far as I can gather from this > linkhttp://dev.twitter.com/pages/auth#auth-request, > I need to remove query parameter from the url and order them in the > string. So in this case status would appear at the end. I can't find > it now, but some poster in a group said to put the status paramter in > the url rather than the post body. I think I must have been ordering > the signature base incorrectly previous to this. > > Rhys > > On Jun 7, 3:09 pm, Taylor Singletary > wrote: > > > To help you debug, it would be useful to see the signature base string that > > was generated for the request. Possible things going wrong: the signature > > base string isn't mentioning that this is a POST, or your OAuth-based > > parameters are leaking into your POST body.. > > > As Hwee-Boon said, you also needn't include the source parameter, as it will > > be ignored. > > > Taylor Singletary > > Developer Advocate, Twitterhttp://twitter.com/episod > > > On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar wrote: > > > Since it's GET works and POST, no. 1 reason is to make sure the base > > > URI in the base signature string is constructed correctly. In your > > > example, you don't need source= since it's OAuth. > > > > -- > > > Hwee-Boon > > > > On Jun 6, 8:56 pm, rhysmeister wrote: > > > > Hi All, > > > > > I am having problems identifying what is wrong with converting my app > > > > to use oAuth. All my GET requests work fine but my POST requests all > > > > fail with an incorrect signature error. I am adding the oauth > > > > parameters to the authorisation header of my request. My authorisation > > > > header is build like below for GET requests (this works); > > > > > OAuth > > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > > > _signature_method="HMAC- > > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > > > xxx" > > > > > My POST requests (these don't work); > > > > > OAuth > > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > > > _signature_method="HMAC- > > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > > > xxx" > > > > > I get the below error returned... > > > > > > > > > > > > > > > > > /1/statuses/update.xml?source=xx > > > > Incorrect signature > > > > > > > > > Would anyone be able to provide any pointers here? > > > > > Cheers, > > > > > Rhys
[twitter-dev] Re: Incorrect Signature for oAuth
Hi, thanks to you both. I've removed the source parameter. There is something wrong with my signature base indeed. Here's what I am sending for a status update... POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml&%3Fstatus %3Dtest%26oauth_consumer_key%3Dxx%26oauth_nonce %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1275946125%26oauth_token%3Dxx %26oauth_version%3D1.0 As far as I can gather from this link http://dev.twitter.com/pages/auth#auth-request, I need to remove query parameter from the url and order them in the string. So in this case status would appear at the end. I can't find it now, but some poster in a group said to put the status paramter in the url rather than the post body. I think I must have been ordering the signature base incorrectly previous to this. Rhys On Jun 7, 3:09 pm, Taylor Singletary wrote: > To help you debug, it would be useful to see the signature base string that > was generated for the request. Possible things going wrong: the signature > base string isn't mentioning that this is a POST, or your OAuth-based > parameters are leaking into your POST body.. > > As Hwee-Boon said, you also needn't include the source parameter, as it will > be ignored. > > Taylor Singletary > Developer Advocate, Twitterhttp://twitter.com/episod > > > > On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar wrote: > > Since it's GET works and POST, no. 1 reason is to make sure the base > > URI in the base signature string is constructed correctly. In your > > example, you don't need source= since it's OAuth. > > > -- > > Hwee-Boon > > > On Jun 6, 8:56 pm, rhysmeister wrote: > > > Hi All, > > > > I am having problems identifying what is wrong with converting my app > > > to use oAuth. All my GET requests work fine but my POST requests all > > > fail with an incorrect signature error. I am adding the oauth > > > parameters to the authorisation header of my request. My authorisation > > > header is build like below for GET requests (this works); > > > > OAuth > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > > _signature_method="HMAC- > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > > xxx" > > > > My POST requests (these don't work); > > > > OAuth > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > > _signature_method="HMAC- > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > > xxx" > > > > I get the below error returned... > > > > > > > > > > > > > /1/statuses/update.xml?source=xx > > > Incorrect signature > > > > > > > Would anyone be able to provide any pointers here? > > > > Cheers, > > > > Rhys
Re: [twitter-dev] Re: Incorrect Signature for oAuth
To help you debug, it would be useful to see the signature base string that was generated for the request. Possible things going wrong: the signature base string isn't mentioning that this is a POST, or your OAuth-based parameters are leaking into your POST body.. As Hwee-Boon said, you also needn't include the source parameter, as it will be ignored. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar wrote: > Since it's GET works and POST, no. 1 reason is to make sure the base > URI in the base signature string is constructed correctly. In your > example, you don't need source= since it's OAuth. > > -- > Hwee-Boon > > On Jun 6, 8:56 pm, rhysmeister wrote: > > Hi All, > > > > I am having problems identifying what is wrong with converting my app > > to use oAuth. All my GET requests work fine but my POST requests all > > fail with an incorrect signature error. I am adding the oauth > > parameters to the authorisation header of my request. My authorisation > > header is build like below for GET requests (this works); > > > > OAuth > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > _signature_method="HMAC- > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > xxx" > > > > My POST requests (these don't work); > > > > OAuth > > > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > _signature_method="HMAC- > > > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > xxx" > > > > I get the below error returned... > > > > > > > > > > /1/statuses/update.xml?source=xx > > Incorrect signature > > > > > > Would anyone be able to provide any pointers here? > > > > Cheers, > > > > Rhys >
[twitter-dev] Re: Incorrect Signature for oAuth
Since it's GET works and POST, no. 1 reason is to make sure the base URI in the base signature string is constructed correctly. In your example, you don't need source= since it's OAuth. -- Hwee-Boon On Jun 6, 8:56 pm, rhysmeister wrote: > Hi All, > > I am having problems identifying what is wrong with converting my app > to use oAuth. All my GET requests work fine but my POST requests all > fail with an incorrect signature error. I am adding the oauth > parameters to the authorisation header of my request. My authorisation > header is build like below for GET requests (this works); > > OAuth > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > _signature_method="HMAC- > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > xxx" > > My POST requests (these don't work); > > OAuth > oauth_timestamp="1234567890",oauth_nonce="xx",oauth_version="1.0",oauth > _signature_method="HMAC- > SHA1",oauth_consumer_key="xx",oauth_token="xx",oauth_signature="xxx > xxx" > > I get the below error returned... > > > > > /1/statuses/update.xml?source=xx > Incorrect signature > > > Would anyone be able to provide any pointers here? > > Cheers, > > Rhys
