Re: [twitter-dev] Re: Oauth Echo and Drupal
Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp://api.twitter.com/1/account/verify_credentials.json-- but essentially, you can use any resource you want (and the OAuth Echo proxy provider could do something with the response in conjunction with your request -- TwitPic, yFrog, etc. are only just one possibility of the things you can do with OAuth Echo. I edited up a good example in simple PHP of using OAuth Echo against TwitPic the other day:http://pastie.org/pastes/1005387 Taylor On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood t...@millwoodonline.co.uk wrote: I'm trying to get oAuth Echo working withhttp://drippic.com My API url ishttp://drippic.com/drippic2/uploadif you want to give it a try. Here is my code. $sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER']; $auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION']; $response = drupal_http_request($sp, array('HTTP_X_AUTH_SERVICE_PROVIDER'=$sp,'Authorization'= $auth_cred),'POST'); watchdog('drippic','/pre'.print_r($response,true).'/pre'); print(json_encode($response)); I'm not sure what I need to send it, I copied Twitpic's example and used this in terminal curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json' -H 'X-Verify-Credentials-Authorization: OAuth realm=http:// api.twitter.com/, oauth_consumer_key=GDdmIQH6jhtmLUypg82g, oauth_signature_method=HMAC-SHA1, oauth_token=819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw, oauth_timestamp=1272325550, oauth_nonce=oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y, oauth_version=1.0, oauth_signature=U1obTfE7Rs9J1kafTGwufLJdspo%3D' http://drippic.com/drippic2/upload It returns 401, guess it's because the details are wrong, and not sure what I should use. Can anyone help? (don't really know enough about oAuth, oAuth on the site is all managed by the Drupal oAuth module)
[twitter-dev] Re: Oauth Echo and Drupal
I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp://api.twitter.com/1/account/verify_credentials.json--but essentially, you can use any resource you want (and the OAuth Echo proxy provider could do something with the response in conjunction with your request -- TwitPic, yFrog, etc. are only just one possibility of the things you can do with OAuth Echo. I edited up a good example in simple PHP of using OAuth Echo against TwitPic the other day:http://pastie.org/pastes/1005387 Taylor On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood t...@millwoodonline.co.uk wrote: I'm trying to get oAuth Echo working withhttp://drippic.com My API url ishttp://drippic.com/drippic2/uploadifyou want to give it a try. Here is my code. $sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER']; $auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION']; $response = drupal_http_request($sp, array('HTTP_X_AUTH_SERVICE_PROVIDER'=$sp,'Authorization'= $auth_cred),'POST'); watchdog('drippic','/pre'.print_r($response,true).'/pre'); print(json_encode($response)); I'm not sure what I need to send it, I copied Twitpic's example and used this in terminal curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json' -H 'X-Verify-Credentials-Authorization: OAuth realm=http:// api.twitter.com/, oauth_consumer_key=GDdmIQH6jhtmLUypg82g, oauth_signature_method=HMAC-SHA1, oauth_token=819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw, oauth_timestamp=1272325550, oauth_nonce=oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y, oauth_version=1.0, oauth_signature=U1obTfE7Rs9J1kafTGwufLJdspo%3D' http://drippic.com/drippic2/upload It returns 401, guess it's because the details are wrong, and not sure what I should use. Can anyone help? (don't really know enough about oAuth, oAuth on the site is all managed by the Drupal oAuth module)
Re: [twitter-dev] Re: Oauth Echo and Drupal
Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp:// api.twitter.com/1/account/verify_credentials.json--but essentially, you can use any resource you want (and the OAuth Echo proxy provider could do something with the response in conjunction with your request -- TwitPic, yFrog, etc. are only just one possibility of the things you can do with OAuth Echo. I edited up a good example in simple PHP of using OAuth Echo against TwitPic the other day:http://pastie.org/pastes/1005387 Taylor On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood t...@millwoodonline.co.uk wrote: I'm trying to get oAuth Echo working withhttp://drippic.com My API url ishttp://drippic.com/drippic2/uploadifyou want to give it a try. Here is my code. $sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER']; $auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION']; $response = drupal_http_request($sp, array('HTTP_X_AUTH_SERVICE_PROVIDER'=$sp,'Authorization'= $auth_cred),'POST'); watchdog('drippic','/pre'.print_r($response,true).'/pre'); print(json_encode($response)); I'm not sure what I need to send it, I copied Twitpic's example and used this in terminal curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json' -H 'X-Verify-Credentials-Authorization: OAuth realm=http:// api.twitter.com/, oauth_consumer_key=GDdmIQH6jhtmLUypg82g, oauth_signature_method=HMAC-SHA1, oauth_token=819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw,
[twitter-dev] Re: Oauth Echo and Drupal
I have a test air app that posts to Twitpic perfectly fine using oAuth Echo, if I change the URL to my web app I get 401. Here are the headers I am passing to twitter to verify credentials. Am I missing some? [HTTP_X_AUTH_SERVICE_PROVIDER] = https://api.twitter.com/1/account/verify_credentials.json [Authorization] = OAuth realm=twitter,oauth_consumer_key=t94eBtc4Pz2zqo4KhABseQ,oauth_token=6266632- e0NRaGReqpzR84Floyg565BMJbBH4lYMxsJD9LNZY,oauth_version=1.0,oauth_timestamp=1276986312,oauth_nonce=KhWw0N,oauth_signature_method=HMAC- SHA1,oauth_signature=ubKN3OQy8xC5Sdkn%2BD%2Bcq9c1ywY%3D Tim On Jun 21, 4:28 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp:// api.twitter.com/1/account/verify_credentials.json--but essentially, you can use any resource you want (and the OAuth Echo proxy provider could do something with the response in conjunction with your request -- TwitPic, yFrog, etc. are only just one possibility of the things you can do with OAuth Echo. I edited up a good example in simple PHP of using OAuth Echo against TwitPic the other day:http://pastie.org/pastes/1005387 Taylor On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood t...@millwoodonline.co.uk wrote: I'm trying to get oAuth Echo working withhttp://drippic.com My API url ishttp://drippic.com/drippic2/uploadifyouwant to give it a try. Here is my code. $sp =
[twitter-dev] Re: Oauth Echo and Drupal
Tried using Curl instead of drupal_http_request and got the following error. error setting certificate verify locations:\n CAfile: \/etc\/ssl\/ certs\/ca-certificates.crt\n CApath: none\n Not sure what that means On Jun 21, 4:40 pm, Tim Millwood t...@millwoodonline.co.uk wrote: I have a test air app that posts to Twitpic perfectly fine using oAuth Echo, if I change the URL to my web app I get 401. Here are the headers I am passing to twitter to verify credentials. Am I missing some? [HTTP_X_AUTH_SERVICE_PROVIDER] =https://api.twitter.com/1/account/verify_credentials.json [Authorization] = OAuth realm=twitter,oauth_consumer_key=t94eBtc4Pz2zqo4KhABseQ,oauth_token=62 66632- e0NRaGReqpzR84Floyg565BMJbBH4lYMxsJD9LNZY,oauth_version=1.0,oauth_timest amp=1276986312,oauth_nonce=KhWw0N,oauth_signature_method=HMAC- SHA1,oauth_signature=ubKN3OQy8xC5Sdkn%2BD%2Bcq9c1ywY%3D Tim On Jun 21, 4:28 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp:// api.twitter.com/1/account/verify_credentials.json--but essentially, you can use any resource you want (and the OAuth Echo proxy provider could do something with the response in conjunction with your request -- TwitPic, yFrog, etc. are only just one possibility of the things you can do with OAuth Echo. I edited up a good example in simple PHP of using OAuth Echo against
Re: [twitter-dev] Re: Oauth Echo and Drupal
Hi Tim, That sounds like your machine might be having some issues connecting via SSL. Are you able to use Curl for any other SSL-based sites? Taylor On Mon, Jun 21, 2010 at 11:57 AM, Tim Millwood t...@millwoodonline.co.ukwrote: Tried using Curl instead of drupal_http_request and got the following error. error setting certificate verify locations:\n CAfile: \/etc\/ssl\/ certs\/ca-certificates.crt\n CApath: none\n Not sure what that means On Jun 21, 4:40 pm, Tim Millwood t...@millwoodonline.co.uk wrote: I have a test air app that posts to Twitpic perfectly fine using oAuth Echo, if I change the URL to my web app I get 401. Here are the headers I am passing to twitter to verify credentials. Am I missing some? [HTTP_X_AUTH_SERVICE_PROVIDER] = https://api.twitter.com/1/account/verify_credentials.json [Authorization] = OAuth realm=twitter,oauth_consumer_key=t94eBtc4Pz2zqo4KhABseQ,oauth_token=62 66632- e0NRaGReqpzR84Floyg565BMJbBH4lYMxsJD9LNZY,oauth_version=1.0,oauth_timest amp=1276986312,oauth_nonce=KhWw0N,oauth_signature_method=HMAC- SHA1,oauth_signature=ubKN3OQy8xC5Sdkn%2BD%2Bcq9c1ywY%3D Tim On Jun 21, 4:28 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp://
[twitter-dev] Re: Oauth Echo and Drupal
Hi Tim, That error you are getting is often thrown when curl tries to verify the remote host. You can bypass this check in PHP using: curl_setopt($link, CURLOPT_SSL_VERIFYPEER, FALSE); BUT this isn't ideal as it only hides the problem on your server. Instead, what you need to do is check the permissions on your server in the certificates folder. Reading the error message you get it implies your certificate folder is: /etc/ssl/certs/ca-certificates.crt We can't help specifically on how to do this for your environment but your hosting provider should be able to help you. Hope that helps, Matt On Jun 21, 11:59 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, That sounds like your machine might be having some issues connecting via SSL. Are you able to use Curl for any other SSL-based sites? Taylor On Mon, Jun 21, 2010 at 11:57 AM, Tim Millwood t...@millwoodonline.co.ukwrote: Tried using Curl instead of drupal_http_request and got the following error. error setting certificate verify locations:\n CAfile: \/etc\/ssl\/ certs\/ca-certificates.crt\n CApath: none\n Not sure what that means On Jun 21, 4:40 pm, Tim Millwood t...@millwoodonline.co.uk wrote: I have a test air app that posts to Twitpic perfectly fine using oAuth Echo, if I change the URL to my web app I get 401. Here are the headers I am passing to twitter to verify credentials. Am I missing some? [HTTP_X_AUTH_SERVICE_PROVIDER] = https://api.twitter.com/1/account/verify_credentials.json [Authorization] = OAuth realm=twitter,oauth_consumer_key=t94eBtc4Pz2zqo4KhABseQ,oauth_token=62 66632- e0NRaGReqpzR84Floyg565BMJbBH4lYMxsJD9LNZY,oauth_version=1.0,oauth_timest amp=1276986312,oauth_nonce=KhWw0N,oauth_signature_method=HMAC- SHA1,oauth_signature=ubKN3OQy8xC5Sdkn%2BD%2Bcq9c1ywY%3D Tim On Jun 21, 4:28 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header
[twitter-dev] Re: Oauth Echo and Drupal
curl_setopt($link, CURLOPT_SSL_VERIFYPEER, FALSE); This worked! Now I get the error Failed to open\/read local data from file\/ application. On Jun 21, 8:20 pm, themattharris thematthar...@twitter.com wrote: Hi Tim, That error you are getting is often thrown when curl tries to verify the remote host. You can bypass this check in PHP using: curl_setopt($link, CURLOPT_SSL_VERIFYPEER, FALSE); BUT this isn't ideal as it only hides the problem on your server. Instead, what you need to do is check the permissions on your server in the certificates folder. Reading the error message you get it implies your certificate folder is: /etc/ssl/certs/ca-certificates.crt We can't help specifically on how to do this for your environment but your hosting provider should be able to help you. Hope that helps, Matt On Jun 21, 11:59 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, That sounds like your machine might be having some issues connecting via SSL. Are you able to use Curl for any other SSL-based sites? Taylor On Mon, Jun 21, 2010 at 11:57 AM, Tim Millwood t...@millwoodonline.co.ukwrote: Tried using Curl instead of drupal_http_request and got the following error. error setting certificate verify locations:\n CAfile: \/etc\/ssl\/ certs\/ca-certificates.crt\n CApath: none\n Not sure what that means On Jun 21, 4:40 pm, Tim Millwood t...@millwoodonline.co.uk wrote: I have a test air app that posts to Twitpic perfectly fine using oAuth Echo, if I change the URL to my web app I get 401. Here are the headers I am passing to twitter to verify credentials. Am I missing some? [HTTP_X_AUTH_SERVICE_PROVIDER] = https://api.twitter.com/1/account/verify_credentials.json [Authorization] = OAuth realm=twitter,oauth_consumer_key=t94eBtc4Pz2zqo4KhABseQ,oauth_token=62 66632- e0NRaGReqpzR84Floyg565BMJbBH4lYMxsJD9LNZY,oauth_version=1.0,oauth_timest amp=1276986312,oauth_nonce=KhWw0N,oauth_signature_method=HMAC- SHA1,oauth_signature=ubKN3OQy8xC5Sdkn%2BD%2Bcq9c1ywY%3D Tim On Jun 21, 4:28 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change
[twitter-dev] Re: Oauth Echo and Drupal
Removed curl_setopt($curl, CURLOPT_POST, 1); and it worked. Yay! http://drippic.com will be oAuth echo compatible within the next 24 hours. On Jun 21, 8:24 pm, Tim Millwood t...@millwoodonline.co.uk wrote: curl_setopt($link, CURLOPT_SSL_VERIFYPEER, FALSE); This worked! Now I get the error Failed to open\/read local data from file\/ application. On Jun 21, 8:20 pm, themattharris thematthar...@twitter.com wrote: Hi Tim, That error you are getting is often thrown when curl tries to verify the remote host. You can bypass this check in PHP using: curl_setopt($link, CURLOPT_SSL_VERIFYPEER, FALSE); BUT this isn't ideal as it only hides the problem on your server. Instead, what you need to do is check the permissions on your server in the certificates folder. Reading the error message you get it implies your certificate folder is: /etc/ssl/certs/ca-certificates.crt We can't help specifically on how to do this for your environment but your hosting provider should be able to help you. Hope that helps, Matt On Jun 21, 11:59 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, That sounds like your machine might be having some issues connecting via SSL. Are you able to use Curl for any other SSL-based sites? Taylor On Mon, Jun 21, 2010 at 11:57 AM, Tim Millwood t...@millwoodonline.co.ukwrote: Tried using Curl instead of drupal_http_request and got the following error. error setting certificate verify locations:\n CAfile: \/etc\/ssl\/ certs\/ca-certificates.crt\n CApath: none\n Not sure what that means On Jun 21, 4:40 pm, Tim Millwood t...@millwoodonline.co.uk wrote: I have a test air app that posts to Twitpic perfectly fine using oAuth Echo, if I change the URL to my web app I get 401. Here are the headers I am passing to twitter to verify credentials. Am I missing some? [HTTP_X_AUTH_SERVICE_PROVIDER] = https://api.twitter.com/1/account/verify_credentials.json [Authorization] = OAuth realm=twitter,oauth_consumer_key=t94eBtc4Pz2zqo4KhABseQ,oauth_token=62 66632- e0NRaGReqpzR84Floyg565BMJbBH4lYMxsJD9LNZY,oauth_version=1.0,oauth_timest amp=1276986312,oauth_nonce=KhWw0N,oauth_signature_method=HMAC- SHA1,oauth_signature=ubKN3OQy8xC5Sdkn%2BD%2Bcq9c1ywY%3D Tim On Jun 21, 4:28 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're
[twitter-dev] Re: Oauth Echo and Drupal
So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp://api.twitter.com/1/account/verify_credentials.json-- but essentially, you can use any resource you want (and the OAuth Echo proxy provider could do something with the response in conjunction with your request -- TwitPic, yFrog, etc. are only just one possibility of the things you can do with OAuth Echo. I edited up a good example in simple PHP of using OAuth Echo against TwitPic the other day:http://pastie.org/pastes/1005387 Taylor On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I'm trying to get oAuth Echo working withhttp://drippic.com My API url ishttp://drippic.com/drippic2/uploadif you want to give it a try. Here is my code. $sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER']; $auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION']; $response = drupal_http_request($sp, array('HTTP_X_AUTH_SERVICE_PROVIDER'=$sp,'Authorization'= $auth_cred),'POST'); watchdog('drippic','/pre'.print_r($response,true).'/pre'); print(json_encode($response)); I'm not sure what I need to send it, I copied Twitpic's example and used this in terminal curl -v -H 'X-Auth-Service-Provider: https://api.twitter.com/1/account/verify_credentials.json' -H 'X-Verify-Credentials-Authorization: OAuth realm=http:// api.twitter.com/, oauth_consumer_key=GDdmIQH6jhtmLUypg82g, oauth_signature_method=HMAC-SHA1, oauth_token=819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw, oauth_timestamp=1272325550, oauth_nonce=oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y, oauth_version=1.0, oauth_signature=U1obTfE7Rs9J1kafTGwufLJdspo%3D' http://drippic.com/drippic2/upload It returns 401, guess it's because the details are wrong, and not sure what I should use. Can anyone help? (don't really know enough about oAuth, oAuth on the site is all managed by the Drupal oAuth module)