[twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...

[Ryan]

Spent the day trying to get OAuth working with PHP, curse August the
31st, first time I've heard of it, etc,etc. Anyhow I need some help to
see where I'm going wrong with this code to retireve the auth token
 Please...

?php
  function CalcHmacSha1($data,$key) {

$blocksize = 64;
$hashfunc = 'sha1';
if (strlen($key)  $blocksize) {
  $key = pack('H*', $hashfunc($key));
}
$key = str_pad($key, $blocksize, chr(0x00));
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
$hmac = pack(
'H*', $hashfunc(
($key^$opad).pack(
'H*', $hashfunc(
($key^$ipad).$data
)
)
)
);
return $hmac;
  }


define(TWITTER_CONSUMER_KEY, XX);
define(TWITTER_CONSUMER_SECRET,
X);

define(TWITTER_OAUTH_HOST,https://api.twitter.com;);
define(TWITTER_REQUEST_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/
request_token);
define(TWITTER_AUTHORIZE_URL, TWITTER_OAUTH_HOST . /oauth/
authorize);
define(TWITTER_ACCESS_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/
access_token);
define(TWITTER_PUBLIC_TIMELINE_API, TWITTER_OAUTH_HOST . /statuses/
public_timeline.json);
define(TWITTER_UPDATE_STATUS_API, TWITTER_OAUTH_HOST . /statuses/
update.json);

$oauth_callback=http://www.refreshcreations.co.uk/twittertest/ryan-
oauth.php;
define(OAUTH_SIGNATURE_METHOD, HMAC-SHA1);
$oauth_timestamp = date(YmdHis);
define(OAUTH_VERSION, 1.0);
$oauth_nonce = md5(microtime());
$timestamp = date(YmdHis);

$post_data = oauth_callback=.$oauth_callback;
$post_data.= oauth_consumer_key=.TWITTER_CONSUMER_KEY;
$post_data.= oauth_nonce=.$oauth_nonce;
$post_data.= oauth_signature_method=.OAUTH_SIGNATURE_METHOD;
$post_data.= auth_timestamp=.$oauth_timestamp;
$post_data.= oauth_version=.OAUTH_VERSION;

$post_data=rawurlencode($post_data);
$post_data.=rawurlencode(oauth_signature=.CalcHmacSha1($post_data,
TWITTER_CONSUMER_SECRET.));


$auth_header =X-Verify-Credentials-Authorization: OAuth realm=
\http://api.twitter.com\,;;
$auth_header.=OAuth oauth_nonce=\.$oauth_nonce.\, ;
$auth_header.=oauth_callback=\.$oauth_callback.\, ;
$auth_header.=oauth_signature_method=\.OAUTH_SIGNATURE_METHOD.\,
;
$auth_header.=oauth_timestamp=\.$oauth_timestamp.\, ;
$auth_header.=oauth_consumer_key=\.TWITTER_CONSUMER_KEY.\, ;
$auth_header.=oauth_signature=\.CalcHmacSha1($post_data,
TWITTER_CONSUMER_SECRET.).\, ;
$auth_header.=oauth_version=\.OAUTH_VERSION.\, ;

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, TWITTER_REQUEST_TOKEN_URL);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header));
$curlresponse = curl_exec($curl);
curl_exec($curl);


//GET CURL VALUES BACK.

$info = curl_getinfo($curl);

echo dl;
foreach($info as $key =$value){
echo dt.$key./dtdd.$value./dd;
}
echo /dl\n;


?

returns: Failed to validate oauth signature and token
any ideas?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...

[Tom van der Woerdt]

On 9/2/10 6:46 PM, Ryan wrote:
 Spent the day trying to get OAuth working with PHP, curse August the
 31st, first time I've heard of it, etc,etc. Anyhow I need some help to
 see where I'm going wrong with this code to retireve the auth token
  Please...
 
 ?php
   function CalcHmacSha1($data,$key) {
 
 $blocksize = 64;
 $hashfunc = 'sha1';
 if (strlen($key)  $blocksize) {
   $key = pack('H*', $hashfunc($key));
 }
 $key = str_pad($key, $blocksize, chr(0x00));
 $ipad = str_repeat(chr(0x36), $blocksize);
 $opad = str_repeat(chr(0x5c), $blocksize);
 $hmac = pack(
 'H*', $hashfunc(
 ($key^$opad).pack(
 'H*', $hashfunc(
 ($key^$ipad).$data
 )
 )
 )
 );
 return $hmac;
   }
 
 
 define(TWITTER_CONSUMER_KEY, XX);
 define(TWITTER_CONSUMER_SECRET,
 X);
 
 define(TWITTER_OAUTH_HOST,https://api.twitter.com;);
 define(TWITTER_REQUEST_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/
 request_token);
 define(TWITTER_AUTHORIZE_URL, TWITTER_OAUTH_HOST . /oauth/
 authorize);
 define(TWITTER_ACCESS_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/
 access_token);
 define(TWITTER_PUBLIC_TIMELINE_API, TWITTER_OAUTH_HOST . /statuses/
 public_timeline.json);
 define(TWITTER_UPDATE_STATUS_API, TWITTER_OAUTH_HOST . /statuses/
 update.json);
 
 $oauth_callback=http://www.refreshcreations.co.uk/twittertest/ryan-
 oauth.php;
 define(OAUTH_SIGNATURE_METHOD, HMAC-SHA1);
 $oauth_timestamp = date(YmdHis);
 define(OAUTH_VERSION, 1.0);
 $oauth_nonce = md5(microtime());
 $timestamp = date(YmdHis);
 
 $post_data = oauth_callback=.$oauth_callback;
 $post_data.= oauth_consumer_key=.TWITTER_CONSUMER_KEY;
 $post_data.= oauth_nonce=.$oauth_nonce;
 $post_data.= oauth_signature_method=.OAUTH_SIGNATURE_METHOD;
 $post_data.= auth_timestamp=.$oauth_timestamp;
 $post_data.= oauth_version=.OAUTH_VERSION;
 
 $post_data=rawurlencode($post_data);
 $post_data.=rawurlencode(oauth_signature=.CalcHmacSha1($post_data,
 TWITTER_CONSUMER_SECRET.));
 
 
 $auth_header =X-Verify-Credentials-Authorization: OAuth realm=
 \http://api.twitter.com\,;;
 $auth_header.=OAuth oauth_nonce=\.$oauth_nonce.\, ;
 $auth_header.=oauth_callback=\.$oauth_callback.\, ;
 $auth_header.=oauth_signature_method=\.OAUTH_SIGNATURE_METHOD.\,
 ;
 $auth_header.=oauth_timestamp=\.$oauth_timestamp.\, ;
 $auth_header.=oauth_consumer_key=\.TWITTER_CONSUMER_KEY.\, ;
 $auth_header.=oauth_signature=\.CalcHmacSha1($post_data,
 TWITTER_CONSUMER_SECRET.).\, ;
 $auth_header.=oauth_version=\.OAUTH_VERSION.\, ;
 
 $curl = curl_init();
 curl_setopt($curl, CURLOPT_URL, TWITTER_REQUEST_TOKEN_URL);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header));
 $curlresponse = curl_exec($curl);
 curl_exec($curl);
 
 
 //GET CURL VALUES BACK.
 
 $info = curl_getinfo($curl);
 
 echo dl;
   foreach($info as $key =$value){
   echo dt.$key./dtdd.$value./dd;
   }
 echo /dl\n;
 
 
 ?
 
 returns: Failed to validate oauth signature and token
 any ideas?
 

Multiple.

1. PHP has the hash_hmac function which can do hmac-sha1 for you.
2. Timestamp should be time(), not some date() combination
3. This doesn't look like the normal OAuth stuff, but like OAuth Echo
4. TWITTER_PUBLIC_TIMELINE_API and TWITTER_UPDATE_STATUS_API point
to non-existent pages (missing the version part).
5. I'd recommend using uniqid() for generating a nonce instead of
md5'ing the microtime. It won't cause trouble, but uniqid() is more unique.
6. rawurlencode() isn't the proper function for URL encoding, but I
can't give you a better one right now.
7. You are generating a post_data variable but you don't post it ;-)

Tom

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...

[Cameron Kaiser]

 Spent the day trying to get OAuth working with PHP, curse August the
 31st, first time I've heard of it, etc,etc. Anyhow I need some help to
 see where I'm going wrong with this code to retireve the auth token
  Please...
 
 ?php
   function CalcHmacSha1($data,$key) {
 
 $blocksize = 64;
 $hashfunc = 'sha1';
 if (strlen($key)  $blocksize) {
   $key = pack('H*', $hashfunc($key));
 }
 $key = str_pad($key, $blocksize, chr(0x00));
 $ipad = str_repeat(chr(0x36), $blocksize);
 $opad = str_repeat(chr(0x5c), $blocksize);
 $hmac = pack(
 'H*', $hashfunc(
 ($key^$opad).pack(
 'H*', $hashfunc(
 ($key^$ipad).$data
 )
 )
 )
 );
 return $hmac;
   }

Tom already pointed out that PHP does this for you, but for purposes of
education, I think your $hmac = pack(... line is wrong. You're prepacking
the result of ($key^$ipad).$data, which is changing the output. Try
something like

 $hmac = pack(
 'H*', $hashfunc(
 ($key^$opad).
 $hashfunc(
 ($key^$ipad).$data
 )
 )
 );

Notice only one pack operation, at top level. This assumes that your
SHA-1 is also emitting correct output; watch out for 64-bit systems.

(from a fellow reinventor of the wheel)

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Today's forecast is total crap! -- Strong Bad, Homestar Runner Menu #11 --

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...

[Martin Dapas]

On Thu, Sep 02, 2010 at 10:37:03PM +0200, Tom van der Woerdt wrote:
 On 9/2/10 6:46 PM, Ryan wrote:
  any ideas?
  
 
 Multiple.
 
 1. PHP has the hash_hmac function which can do hmac-sha1 for you.

hash_hamc is not always available. You could check with:

if (extension_loaded ('hash')) {
  hash_hmac ('sha1', $str, $key, true);
} else {
  //use hand_crafted_version
}


 2. Timestamp should be time(), not some date() combination
 3. This doesn't look like the normal OAuth stuff, but like OAuth Echo
 4. TWITTER_PUBLIC_TIMELINE_API and TWITTER_UPDATE_STATUS_API point
 to non-existent pages (missing the version part).
 5. I'd recommend using uniqid() for generating a nonce instead of
 md5'ing the microtime. It won't cause trouble, but uniqid() is more unique.
 6. rawurlencode() isn't the proper function for URL encoding, but I
 can't give you a better one right now.

I believe it is if you are on PHP 5.3 or later. Before that, this
should do it:

function oauth_encode ($str) {
  return str_replace ('%E7', '~', rawurlencode ($str));
}


-- 
Martin Dapas

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Where am I going wrong?

[jgervin]

I am trying to follow your example on inserting the twitter login
button but nothing is showing up. Here is my code:

div id=twitter-connect-placeholder/div
script type=text/javascript
  var anywhereApiKey = mykeyxx;
  twttr.anywhere(anywhereApiKey, 1.0.0, onAnywhereLoad);
  function onAnywhereLoad(twitter) {
//  Simplest use case: Append a connect button to the specified
DOM
//  element.
twitter(#twitter-connect-placeholder).connectButton();

//  Connect buttons have a range of sizes to choose from:
//  small, medium, large, xlarge.  medium is the default size.
//  You can specify the size as follows:
twitter(#twitter-connect-placeholder).connectButton({ size:
large });
  };
/script

This is in my head of my application.html.erb file
script src=http://platform.twitter.com/anywhere.js?
id=myKeyxv=1 type=text/javascript/script