[twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...
Spent the day trying to get OAuth working with PHP, curse August the 31st, first time I've heard of it, etc,etc. Anyhow I need some help to see where I'm going wrong with this code to retireve the auth token Please... ?php function CalcHmacSha1($data,$key) { $blocksize = 64; $hashfunc = 'sha1'; if (strlen($key) $blocksize) { $key = pack('H*', $hashfunc($key)); } $key = str_pad($key, $blocksize, chr(0x00)); $ipad = str_repeat(chr(0x36), $blocksize); $opad = str_repeat(chr(0x5c), $blocksize); $hmac = pack( 'H*', $hashfunc( ($key^$opad).pack( 'H*', $hashfunc( ($key^$ipad).$data ) ) ) ); return $hmac; } define(TWITTER_CONSUMER_KEY, XX); define(TWITTER_CONSUMER_SECRET, X); define(TWITTER_OAUTH_HOST,https://api.twitter.com;); define(TWITTER_REQUEST_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/ request_token); define(TWITTER_AUTHORIZE_URL, TWITTER_OAUTH_HOST . /oauth/ authorize); define(TWITTER_ACCESS_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/ access_token); define(TWITTER_PUBLIC_TIMELINE_API, TWITTER_OAUTH_HOST . /statuses/ public_timeline.json); define(TWITTER_UPDATE_STATUS_API, TWITTER_OAUTH_HOST . /statuses/ update.json); $oauth_callback=http://www.refreshcreations.co.uk/twittertest/ryan- oauth.php; define(OAUTH_SIGNATURE_METHOD, HMAC-SHA1); $oauth_timestamp = date(YmdHis); define(OAUTH_VERSION, 1.0); $oauth_nonce = md5(microtime()); $timestamp = date(YmdHis); $post_data = oauth_callback=.$oauth_callback; $post_data.= oauth_consumer_key=.TWITTER_CONSUMER_KEY; $post_data.= oauth_nonce=.$oauth_nonce; $post_data.= oauth_signature_method=.OAUTH_SIGNATURE_METHOD; $post_data.= auth_timestamp=.$oauth_timestamp; $post_data.= oauth_version=.OAUTH_VERSION; $post_data=rawurlencode($post_data); $post_data.=rawurlencode(oauth_signature=.CalcHmacSha1($post_data, TWITTER_CONSUMER_SECRET.)); $auth_header =X-Verify-Credentials-Authorization: OAuth realm= \http://api.twitter.com\,;; $auth_header.=OAuth oauth_nonce=\.$oauth_nonce.\, ; $auth_header.=oauth_callback=\.$oauth_callback.\, ; $auth_header.=oauth_signature_method=\.OAUTH_SIGNATURE_METHOD.\, ; $auth_header.=oauth_timestamp=\.$oauth_timestamp.\, ; $auth_header.=oauth_consumer_key=\.TWITTER_CONSUMER_KEY.\, ; $auth_header.=oauth_signature=\.CalcHmacSha1($post_data, TWITTER_CONSUMER_SECRET.).\, ; $auth_header.=oauth_version=\.OAUTH_VERSION.\, ; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, TWITTER_REQUEST_TOKEN_URL); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header)); $curlresponse = curl_exec($curl); curl_exec($curl); //GET CURL VALUES BACK. $info = curl_getinfo($curl); echo dl; foreach($info as $key =$value){ echo dt.$key./dtdd.$value./dd; } echo /dl\n; ? returns: Failed to validate oauth signature and token any ideas? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...
On 9/2/10 6:46 PM, Ryan wrote: Spent the day trying to get OAuth working with PHP, curse August the 31st, first time I've heard of it, etc,etc. Anyhow I need some help to see where I'm going wrong with this code to retireve the auth token Please... ?php function CalcHmacSha1($data,$key) { $blocksize = 64; $hashfunc = 'sha1'; if (strlen($key) $blocksize) { $key = pack('H*', $hashfunc($key)); } $key = str_pad($key, $blocksize, chr(0x00)); $ipad = str_repeat(chr(0x36), $blocksize); $opad = str_repeat(chr(0x5c), $blocksize); $hmac = pack( 'H*', $hashfunc( ($key^$opad).pack( 'H*', $hashfunc( ($key^$ipad).$data ) ) ) ); return $hmac; } define(TWITTER_CONSUMER_KEY, XX); define(TWITTER_CONSUMER_SECRET, X); define(TWITTER_OAUTH_HOST,https://api.twitter.com;); define(TWITTER_REQUEST_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/ request_token); define(TWITTER_AUTHORIZE_URL, TWITTER_OAUTH_HOST . /oauth/ authorize); define(TWITTER_ACCESS_TOKEN_URL, TWITTER_OAUTH_HOST . /oauth/ access_token); define(TWITTER_PUBLIC_TIMELINE_API, TWITTER_OAUTH_HOST . /statuses/ public_timeline.json); define(TWITTER_UPDATE_STATUS_API, TWITTER_OAUTH_HOST . /statuses/ update.json); $oauth_callback=http://www.refreshcreations.co.uk/twittertest/ryan- oauth.php; define(OAUTH_SIGNATURE_METHOD, HMAC-SHA1); $oauth_timestamp = date(YmdHis); define(OAUTH_VERSION, 1.0); $oauth_nonce = md5(microtime()); $timestamp = date(YmdHis); $post_data = oauth_callback=.$oauth_callback; $post_data.= oauth_consumer_key=.TWITTER_CONSUMER_KEY; $post_data.= oauth_nonce=.$oauth_nonce; $post_data.= oauth_signature_method=.OAUTH_SIGNATURE_METHOD; $post_data.= auth_timestamp=.$oauth_timestamp; $post_data.= oauth_version=.OAUTH_VERSION; $post_data=rawurlencode($post_data); $post_data.=rawurlencode(oauth_signature=.CalcHmacSha1($post_data, TWITTER_CONSUMER_SECRET.)); $auth_header =X-Verify-Credentials-Authorization: OAuth realm= \http://api.twitter.com\,;; $auth_header.=OAuth oauth_nonce=\.$oauth_nonce.\, ; $auth_header.=oauth_callback=\.$oauth_callback.\, ; $auth_header.=oauth_signature_method=\.OAUTH_SIGNATURE_METHOD.\, ; $auth_header.=oauth_timestamp=\.$oauth_timestamp.\, ; $auth_header.=oauth_consumer_key=\.TWITTER_CONSUMER_KEY.\, ; $auth_header.=oauth_signature=\.CalcHmacSha1($post_data, TWITTER_CONSUMER_SECRET.).\, ; $auth_header.=oauth_version=\.OAUTH_VERSION.\, ; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, TWITTER_REQUEST_TOKEN_URL); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header)); $curlresponse = curl_exec($curl); curl_exec($curl); //GET CURL VALUES BACK. $info = curl_getinfo($curl); echo dl; foreach($info as $key =$value){ echo dt.$key./dtdd.$value./dd; } echo /dl\n; ? returns: Failed to validate oauth signature and token any ideas? Multiple. 1. PHP has the hash_hmac function which can do hmac-sha1 for you. 2. Timestamp should be time(), not some date() combination 3. This doesn't look like the normal OAuth stuff, but like OAuth Echo 4. TWITTER_PUBLIC_TIMELINE_API and TWITTER_UPDATE_STATUS_API point to non-existent pages (missing the version part). 5. I'd recommend using uniqid() for generating a nonce instead of md5'ing the microtime. It won't cause trouble, but uniqid() is more unique. 6. rawurlencode() isn't the proper function for URL encoding, but I can't give you a better one right now. 7. You are generating a post_data variable but you don't post it ;-) Tom -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...
Spent the day trying to get OAuth working with PHP, curse August the 31st, first time I've heard of it, etc,etc. Anyhow I need some help to see where I'm going wrong with this code to retireve the auth token Please... ?php function CalcHmacSha1($data,$key) { $blocksize = 64; $hashfunc = 'sha1'; if (strlen($key) $blocksize) { $key = pack('H*', $hashfunc($key)); } $key = str_pad($key, $blocksize, chr(0x00)); $ipad = str_repeat(chr(0x36), $blocksize); $opad = str_repeat(chr(0x5c), $blocksize); $hmac = pack( 'H*', $hashfunc( ($key^$opad).pack( 'H*', $hashfunc( ($key^$ipad).$data ) ) ) ); return $hmac; } Tom already pointed out that PHP does this for you, but for purposes of education, I think your $hmac = pack(... line is wrong. You're prepacking the result of ($key^$ipad).$data, which is changing the output. Try something like $hmac = pack( 'H*', $hashfunc( ($key^$opad). $hashfunc( ($key^$ipad).$data ) ) ); Notice only one pack operation, at top level. This assumes that your SHA-1 is also emitting correct output; watch out for 64-bit systems. (from a fellow reinventor of the wheel) -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Today's forecast is total crap! -- Strong Bad, Homestar Runner Menu #11 -- -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...
On Thu, Sep 02, 2010 at 10:37:03PM +0200, Tom van der Woerdt wrote: On 9/2/10 6:46 PM, Ryan wrote: any ideas? Multiple. 1. PHP has the hash_hmac function which can do hmac-sha1 for you. hash_hamc is not always available. You could check with: if (extension_loaded ('hash')) { hash_hmac ('sha1', $str, $key, true); } else { //use hand_crafted_version } 2. Timestamp should be time(), not some date() combination 3. This doesn't look like the normal OAuth stuff, but like OAuth Echo 4. TWITTER_PUBLIC_TIMELINE_API and TWITTER_UPDATE_STATUS_API point to non-existent pages (missing the version part). 5. I'd recommend using uniqid() for generating a nonce instead of md5'ing the microtime. It won't cause trouble, but uniqid() is more unique. 6. rawurlencode() isn't the proper function for URL encoding, but I can't give you a better one right now. I believe it is if you are on PHP 5.3 or later. Before that, this should do it: function oauth_encode ($str) { return str_replace ('%E7', '~', rawurlencode ($str)); } -- Martin Dapas -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Where am I going wrong?
I am trying to follow your example on inserting the twitter login button but nothing is showing up. Here is my code: div id=twitter-connect-placeholder/div script type=text/javascript var anywhereApiKey = mykeyxx; twttr.anywhere(anywhereApiKey, 1.0.0, onAnywhereLoad); function onAnywhereLoad(twitter) { // Simplest use case: Append a connect button to the specified DOM // element. twitter(#twitter-connect-placeholder).connectButton(); // Connect buttons have a range of sizes to choose from: // small, medium, large, xlarge. medium is the default size. // You can specify the size as follows: twitter(#twitter-connect-placeholder).connectButton({ size: large }); }; /script This is in my head of my application.html.erb file script src=http://platform.twitter.com/anywhere.js? id=myKeyxv=1 type=text/javascript/script