[twitter-dev] xAuth request approval / rejection?
Hi, I've just registered my first app (an iOS / Android game) with Twitter and requested xAuth privileges for it. What I want to do is simply allow the players to click a button in order to post their score along with a link to the game's page on App Store / Marketplace (e.g.: I've just scored 42 points on game XYZ - http://www.example.com;) So basically my questions are: - From what I understood there is no way to achieve what I want above with oAuth. oAuth will always redirect the user to the Allow / Deny page. Is that correct? - What is Twitter's logic for allowing / denying xAuth privileges for an application? Thanks in advance, Jay Santos -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe
Re: [twitter-dev] xAuth request approval / rejection?
Hi, You can apply for xAuth access by emailing a...@twitter.com and including as much about your native application as possible, preferably with links to screenshots. The criteria for xAuth include: the application is native for the device it is running on (non web-based), the account and application are in good standing, and the application can be verified as described. While you may want to use xAuth for this purpose, I'd also like to recommend just using Web Intents instead. If the user just needs to tweet their score, you can prepare a message to https://twitter.com/intent/tweet and keep things very simple. https://dev.twitter.com/docs/intents @episod http://twitter.com/intent/user?screen_name=episod - Taylor Singletary On Wed, Jul 27, 2011 at 6:00 PM, Jay Santos jay.san...@gmail.com wrote: Hi, I've just registered my first app (an iOS / Android game) with Twitter and requested xAuth privileges for it. What I want to do is simply allow the players to click a button in order to post their score along with a link to the game's page on App Store / Marketplace (e.g.: I've just scored 42 points on game XYZ - http://www.example.com;) So basically my questions are: - From what I understood there is no way to achieve what I want above with oAuth. oAuth will always redirect the user to the Allow / Deny page. Is that correct? - What is Twitter's logic for allowing / denying xAuth privileges for an application? Thanks in advance, Jay Santos -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe
Re: [twitter-dev] xAuth request approval / rejection?
Thanks Taylor, I've applied yesterday and got a reply. Unfortunately since we still don't have the art for the game I can't provide the screenshots. So I'm putting the xAuth process to a halt until I have it published in the App Store / Android Marketplace. But I basically wanted to know what are the criteria that Twitter uses for approval / denial. From what you wrote I believe I won't be having much problems once the app is done. I've checked Web Intents as you suggested, but I'm not sure it is the appropriate solution for what I want. I really don't want the user to type any messages, only used the canned message defined by my app. On Thu, Jul 28, 2011 at 12:35 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi, You can apply for xAuth access by emailing a...@twitter.com and including as much about your native application as possible, preferably with links to screenshots. The criteria for xAuth include: the application is native for the device it is running on (non web-based), the account and application are in good standing, and the application can be verified as described. While you may want to use xAuth for this purpose, I'd also like to recommend just using Web Intents instead. If the user just needs to tweet their score, you can prepare a message to https://twitter.com/intent/tweet and keep things very simple. https://dev.twitter.com/docs/intents @episod - Taylor Singletary On Wed, Jul 27, 2011 at 6:00 PM, Jay Santos jay.san...@gmail.com wrote: Hi, I've just registered my first app (an iOS / Android game) with Twitter and requested xAuth privileges for it. What I want to do is simply allow the players to click a button in order to post their score along with a link to the game's page on App Store / Marketplace (e.g.: I've just scored 42 points on game XYZ - http://www.example.com;) So basically my questions are: - From what I understood there is no way to achieve what I want above with oAuth. oAuth will always redirect the user to the Allow / Deny page. Is that correct? - What is Twitter's logic for allowing / denying xAuth privileges for an application? Thanks in advance, Jay Santos -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe
[twitter-dev] XAuth Authorization
Hi all, I have a query on how can i register my app with xAuth. I get an error in this line : AccessToken token = twitter.getOAuthAccessToken(); I get an error:Failed : The screen name / password combination seems to be invalid. and Error 401.. So please help me to solve my issue -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] XAuth Authorization
Hi, xAuth is not enabled by deafult when you registering the application. To enabling this, you should send a detailed mail to a...@twitter.com with the application details. Regards, George On Mon, Jun 27, 2011 at 2:55 PM, yatibawri yatiba...@gmail.com wrote: Hi all, I have a query on how can i register my app with xAuth. I get an error in this line : AccessToken token = twitter.getOAuthAccessToken(); I get an error:Failed : The screen name / password combination seems to be invalid. and Error 401.. So please help me to solve my issue -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] xAuth login
Hi Sushil, Twitter enforces that timestamps be within a reasonable amount of time from the present, so this is expected behavior. One way that you can get plan ahead for this is by reading the Date HTTP header that is sent in the response to every request -- once you parse that date, you can determine the delta between what our server clock is running at and what time your device thinks it is and then adjust your timestamp calculations accordingly. Another strategy that some developers take is to issue an unauthenticated HTTP HEAD request to https://api.twitter.com/1/help/test.json when the app starts up, which will also yield the Date header that you can adjust to. @episod http://twitter.com/intent/user?screen_name=episod - Taylor Singletary On Thu, Jun 23, 2011 at 11:36 PM, Sushil sushil.sys...@gmail.com wrote: Hi All, I have a Android application for Twitter. I'm using Twitter4j library to do xAuth authentication. I'm facing a problem during login if the device date set as any past date. Like if today is 24th June and device date set as 23rd June and when I'm trying to login it gives me following error. SNS exception :: The screen name / password combination seems to be invalid.Relevant discussions can be on the Internet at: http://www.google.co.jp/search?q=e07c50ee or http://www.google.co.jp/search?q=e7bd TwitterException{exceptionCode=[e07c50ee-e7bd 1ac06e3f-695622d6], statusCode=503, retryAfter=0, rateLimitStatus=null, version=2.1.12} But if the device date is current date then the authentication works just fine. I want to know if this is expected behavior ? Thanks, Sushil -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] xAuth Android not working
Hi everyone, I've been trying this for a couple of days and I can't make it work. I have the xAuth permissions enabled on my app but I keep getting the same error over and over: 01 Unauthorized: Authentication credentials were missing or incorrect. This is the code I have using twitter4j: RequestToken rt; Twitter twitter; twitterconsumerkey = ; twittersecretkey = YY; String username = user; String password = pass; twitter = new TwitterFactory().getInstance(); twitter.setOAuthConsumer(twitterconsumerkey, twittersecretkey); rt = twitter.getOAuthRequestToken(); I don't know if I have to do something else but right it just don't work. Any help is welcome. Thank you all. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] [xAuth-iphone]Follow action doesn't work
Dear Sir or Madam, I am programming for Number 10 iphone application.Currently,this application has xAuth access and can post information via twitter. However, when I try to call [twitterEngine enableUpdatesFor:@follower] for adding a follower. it will return a 401 error. here is my code: - (void)accessTokenReceived:(OAToken *)token forRequest:(NSString *)connectionIdentifier { [self.twitterEngine setAccessToken:token]; } - (void)requestSucceeded:(NSString *)requestIdentifier{ switch (stage) { case postLogin: stage = loginCorrect; break; case loginCorrect: if (twitterAction == follow) { NSString *follower = [NSString stringWithFormat:@Number10gov]; NSLog(@Try to Follow %@,follower); NSLog(@enableUpdatesFor: connectionIdentifier = %@, [twitterEngine enableUpdatesFor:follower]); } else if (twitterAction == retweet || twitterAction == tweet) { ... // post and retweet work well. but follow action didn't work. could you help me to point out what is the problem? if you can give me a example code to show how to do follow action in xAuth, that would be great. Many Thanks for your help. I am looking forward to your reply. Many thanks. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth
Hi Bess. As aways for xAuth access, you can email a...@twitter.com to request access. Were you not able to finish your documenting of xAuth in the period of time you had access? Do you need any other assistance in using xAuth? Taylor @episod http://twitter.com/episod - Taylor Singletary On Sat, Apr 23, 2011 at 12:22 AM, Bess bess...@gmail.com wrote: Hi Twitter API How can I request to extend my xAuth? I believe my xAuth has been expired for the app. I applied xAuth for preparing the Twitter developer book last year. It was approved for a few months. Now my xAuth app doesn't work any more. xAuth may be expired and shut down. Now the publisher has delayed the editing process. I need to gain xAuth access in order to update and demo the app. What could I do now? Thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth
Hi Twitter API How can I request to extend my xAuth? I believe my xAuth has been expired for the app. I applied xAuth for preparing the Twitter developer book last year. It was approved for a few months. Now my xAuth app doesn't work any more. xAuth may be expired and shut down. Now the publisher has delayed the editing process. I need to gain xAuth access in order to update and demo the app. What could I do now? Thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth
Hello Bess, Is it indeed not working? Tried TwURL [1]? It’s generally not a really good idea to share API keys / secrets, though, as it’s also rate-limited… [1]: https://github.com/marcel/twurl -ev On Apr 23, 2011, at 15:22, Bess wrote: Hi Twitter API How can I request to extend my xAuth? I believe my xAuth has been expired for the app. I applied xAuth for preparing the Twitter developer book last year. It was approved for a few months. Now my xAuth app doesn't work any more. xAuth may be expired and shut down. Now the publisher has delayed the editing process. I need to gain xAuth access in order to update and demo the app. What could I do now? Thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth...
Hi all, What are your experiences in requesting xAuth access? The first time I requested access was nearly three weeks ago. I then sent another request last week and still no response. Yep...nothing, nada, zip, zero, zilch... Thanks. Henning -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth...
We're usually much faster than this at answering xAuth requests.. a few tips on making sure that your message gets received and is actionable: * Send the email to a...@twitter.com from the same email address associated with the account that owns the application * Clearly state the purpose of the request in the subject line * Include your consumer key and/or application ID in the message * Clearly describe what your application does, how Twitter is used in the application, and information about your users. * Include the platforms that your application will be used on. * Include a link to your privacy policy and company (if you have one) * Include links to screenshots of your application (don't attach them to the message) @episod http://twitter.com/episod - Taylor Singletary On Wed, Apr 6, 2011 at 2:48 AM, henning0700 henning0...@gmail.com wrote: Hi all, What are your experiences in requesting xAuth access? The first time I requested access was nearly three weeks ago. I then sent another request last week and still no response. Yep...nothing, nada, zip, zero, zilch... Thanks. Henning -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth...
Oh, one more tip for requesting xAuth access: * Check your Junk folder regularly for responses -- many developers in the past have found their responses from our ticketing system in their Spam folder. @episod http://twitter.com/episod - Taylor Singletary On Wed, Apr 6, 2011 at 7:21 AM, Taylor Singletary taylorsinglet...@twitter.com wrote: We're usually much faster than this at answering xAuth requests.. a few tips on making sure that your message gets received and is actionable: * Send the email to a...@twitter.com from the same email address associated with the account that owns the application * Clearly state the purpose of the request in the subject line * Include your consumer key and/or application ID in the message * Clearly describe what your application does, how Twitter is used in the application, and information about your users. * Include the platforms that your application will be used on. * Include a link to your privacy policy and company (if you have one) * Include links to screenshots of your application (don't attach them to the message) @episod http://twitter.com/episod - Taylor Singletary On Wed, Apr 6, 2011 at 2:48 AM, henning0700 henning0...@gmail.com wrote: Hi all, What are your experiences in requesting xAuth access? The first time I requested access was nearly three weeks ago. I then sent another request last week and still no response. Yep...nothing, nada, zip, zero, zilch... Thanks. Henning -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth without sending the password suggestion
Hi! Good day! I'm Albert Padin and I've been looking at your implementation of xAuth, and I want to make a suggestion for it. The suggestion I want to make allows the requesting application to make a user authentication (login) request without including the password credential in the request being sent. Currently, it is not much of a problem sending the user login and password credentials in the request because it is done thru HTTPS. I don't know if my suggestion will make such a great improvement, but it can I think allow secure authentication (login) without the application including the password in the request done through HTTP. The implementation is basically the same as the xAuth implementation details except for the following: 1. The password credential is hashed (the same way it's hashed in the server-side. Eg. MD5) by the application. 2. After the application generates the HMAC signature, it omits the password field and value (hashed credential) from the request and sends it to the server (even thru HTTP). Now on the server end, when it receives the request, it just inserts the hash value of the user password and validates the signature. If the signature validates, then you can assume that the password was correct. If it's not valid, then either the password is wrong, or the request has been tampered with. In both cases, you don't grant a token. With this implementation, you can provide authentication thru HTTP without passing the password through the wire. I don't know if this advantage is worth it. Should you have any questions, clarifications, or reactions, please don't hesitate to reply. You may even send me a reply telling me where I might have been mistaken. Thanks and enjoy! Albert -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth and Delphi
Hello all, This is my first post on this list. I'm writing a Twitter application which has xAuth access but I'm having problems writing it in Delphi, I used the TTwitter thing but this doesn't seem to have xAuth functionality and I can't get it to work. Does someone have an example of a Delphi xAuth app or can help me out with some code? Regards, Leon -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth access_token returning 1-length 401 response
I'm trying to to get xAuth to work with my application, using libcurl and a modified TwitCurl engine. Whenever I attempt to obtain an access token, I get a 401 error that contains a single space character (0x20) and nothing else, which is extremely unhelpful. Whenever I try to do other things that shouldn't work (like setting a status without a token), the 401 error returns a useful message, so I'm pretty sure my system is working fine. Can someone point out what I'm missing here? Thanks. Here's what I'm sending to the Twitter servers... URL https://api.twitter.com/oauth/access_token HTTP Header OAuth oauth_consumer_key=cmPTwoVnltXa2N8FAgepw, oauth_nonce=12947058132c2, oauth_signature=6nWCiAN9vg4UYXtaLqh7FLFuq7E%3D, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1294705813, oauth_version=1.0 Data x_auth_mode=client_auth%26x_auth_password%3DMYPASSWORD %26x_auth_username%3DMYUSERNAME Signature Base POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DcmPTwoVnltXa2N8FAgepw %26oauth_nonce%3D12947058132c2%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1294705813%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3DMYPASSWORD%26x_auth_username %3DMYUSERNAME And here's what I'm seeing in my logs: * About to connect() to api.twitter.com port 443 (#0) * Trying 128.242.240.253... * connected * Connected to api.twitter.com (128.242.240.253) port 443 (#0) * SSL connection using DHE-RSA-AES256-SHA * Server certificate: *subject: serialNumber=Zys2dJJ09EPoEVGXYtegIdxG3OZtEOib, C=US, O=*.twitter.com, OU=GT57932074, OU=See www.rapidssl.com/resources/cps (c)10, OU=Domain Control Validated - RapidSSL(R), CN=*.twitter.com *start date: 2010-07-13 10:40:16 GMT *expire date: 2011-08-15 12:55:17 GMT *subjectAltName: api.twitter.com matched *issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority *SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. POST /oauth/access_token HTTP/1.1 Host: api.twitter.com Accept: */* Content-Length: 85 Content-Type: application/x-www-form-urlencoded HTTP/1.1 401 Unauthorized Date: Tue, 11 Jan 2011 00:25:19 GMT Server: hi Status: 401 Unauthorized X-Transaction: 1294705519-89572-46458 Last-Modified: Tue, 11 Jan 2011 00:25:19 GMT X-Runtime: 0.00697 Content-Type: text/html; charset=utf-8 Content-Length: 1 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Set-Cookie: k=38.98.60.253.1294705519623615; path=/; expires=Tue, 18- Jan-11 00:25:19 GMT; domain=.twitter.com Set-Cookie: guest_id=129470551976790627; path=/; expires=Thu, 10 Feb 2011 00:25:19 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJhsdnItAToHaWQiJWFjZDlkNWQ2YmNkOTc0%250ANmU0ZTkxNzlmZjdlMGQ0OWUxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--075877d72b9a221a932648a45490dab951649d50; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close * Closing connection #0 -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xauth in PHP
Hi, Is there anyone have the tutorial or code for twitter xauth login for PHP? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xauth in PHP
Hi, Why do you need xauth? Take it as the last option, use oauth instead. On 2 Jan 2011, at 00:22, genux33 calebzhi...@gmail.com wrote: Hi, Is there anyone have the tutorial or code for twitter xauth login for PHP? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth Approval
Hi all, I'm new to the whole OAuth/xAuth thing I'd like t know how long it's gonna take to twitter api team to authorize a xAuth use request ? any feedback on that ? I guess you got this question 100 times a day, no ? sorry ;) thx in advance -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Xauth 401 error....T^T by iOS
I use this source at https://github.com/aral/XAuthTwitterEngine first.. I register my App at dev.twitter.com and send message to a...@twitter.com .. about Xauth Key.. and i get consumerKey and consumerSecret.. I change consumerKey and consumerSecret line at XauthTwitterEngine I can get tokenString but.. i send twit message.. i get 401 error.. my id and password not wrong.. everybody success use this source.. but i can't please send to me .. why 401 error.. if you want my consumerKey and Secret .. I can.. mche...@me.com == please .. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth Request gives Error from samsung tv maple browser
HI Tom, Thanks for your support. I am using javascript for samsung TV Applicaiton not for normal browser so there is no way to know about keys and secret key.Actually Samsung SDK uses Maple browser and application runs on this browser. I hope you help me out from this issue. Please find the below code. html head lt;script type =text/Javascript language=Javascript src=sha1.js/script lt;script type=text/javascript charset=utf-8 /*To authorize on Twitter API through xAuth, you need HMAC-SHA1 I'm using the following lib for that: http://jssha.sourceforge.net Make sure you have sha.js included!Also, you need to email a...@twitter.comto get xAuth access I cannot do that for you - see http://dev.twitter.com/pages/xauth cross-domain XHRs only work on file:// protocol pages use PhoneGap! */ var TwitterApiRequest = function() { this.nonce = this.generateNonce(); this.timestamp = this.getUTCtimestamp(); this.postBody = null; this.signature = null; this.signatureBaseString = null; this.consumerSecret=MY consumerSecret ; } TwitterApiRequest.prototype.generateNonce = function () { var nonce = []; var length = 6; // arbitrary - looks like a good length for (length; length 0; length--) nonce.push1+Math.random())*0x1)|0).toString(16).substring(1)); return nonce.join(); } // could possibly do without UTC, but here we are TwitterApiRequest.prototype.getUTCtimestamp = function () { //var currentTime = new Date(); //var currentUTCTimeInSecs = Math.floor(Date.parse(currentTime.toUTCString()) / 1000); //return currentUTCTimeInSecs; return (new Date((new Date).toUTCString())).getTime() / 1000; } // don't forget trailing ! //TwitterApiRequest.prototype.consumerSecret = MY consumerSecret ; TwitterApiRequest.prototype.signatureBaseStringTemplate = POST + https%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/%2Foauth%2Faccess_token + // oauth_path oauth_consumer_key%3DMY CONSUMER KEY%26 + oauth_nonce%3D + {{ nonce }} + %26 + oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D + {{ time }} + %26 + oauth_version%3D1.0%26 + x_auth_mode%3Dclient_auth%26 + x_auth_password%3D + {{ password }} + %26 + x_auth_username%3D + {{ username }} TwitterApiRequest.prototype.authHeaderTemplate = OAuth + oauth_nonce=\ + {{ nonce }} + \, + oauth_signature_method=\HMAC-SHA1\, + oauth_timestamp=\ + {{ time }} + \, + oauth_consumer_key=\MY CONSUMER KEY\, + oauth_signature=\ + {{ signature }} + \, + oauth_version=\1.0\; TwitterApiRequest.prototype.processCredentials = function (user, pw) { this.signatureBaseString = this.signatureBaseStringTemplate .split({{ nonce }}).join(this.nonce) .split({{ time }}).join(this.timestamp) .split({{ password }}).join(encodeURIComponent(pw)) .split({{ username }}).join(encodeURIComponent(user)); this.postBody = x_auth_mode=client_auth + x_auth_password= + encodeURIComponent(pw) + + x_auth_username= + encodeURIComponent(user); } TwitterApiRequest.prototype.sign = function () { //var shaObj = new jsSHA(base_string, ASCII); //var oauth_signature = shaObj.getHMAC(consumersecret, ASCII, B64); alert(this.signatureBaseString :+this.signatureBaseString); var hmacGen = new jsSHA(this.signatureBaseString,ASCII); this.signature = hmacGen.getHMAC(this.consumerSecret,ASCII,B64)+%3D; this.authHeader = this.authHeaderTemplate .split({{ nonce }}).join(this.nonce) .split({{ time }}).join(this.timestamp) .split({{ signature }}).join(this.signature); } function ajaxrequest() { var authorizeRequest = new TwitterApiRequest(); authorizeRequest.processCredentials(suyambu.vikn...@gmail.com, simcard00); authorizeRequest.sign(); var twitterUrl = 'https://api.twitter.com/oauth/access_token?' + authorizeRequest.postBody; var req = new XMLHttpRequest(); alert(this.postBody : +authorizeRequest.postBody); alert(header :+authorizeRequest.authHeader); // sync for testing purposes, not required req.open('POST', twitterUrl, false); req.setRequestHeader(Authorization, authorizeRequest.authHeader); req.send(); alert(Response :+req.responseText); // should be 200 //console.log(req.status); alert(Status :+req.status); // should look like: // oauth_token=HERE-IS-MY-AWESOME-TOKENoauth_token_secret=THIS-IS-MY-TOKEN-SECRET // user_id=007screen_name=JamesBondx_auth_expires=0 //console.log(req.responseText); } /script /head body onLoad=ajaxrequest(); /body /html On Sat, Dec 4, 2010 at 4:35 PM, Tom van der Woerdt i...@tvdw.eu wrote: You really shouldn't implement xAuth in JavaScript for obvious reasons, like how impossible it is to keep your keys secret. Tom On 12/4/10 6:19 AM, mahesh wrote: HI Team, Here i have been getting the following problem. I can able to post the message to twitter using xAuth Protocol in safari but i can't from firefox ,samsung tv browser Maple and IE. I am using javascript xmlhttprequest and sha1 for signature. Is twitter send response when we request from samsung tv maple browser?. More over when i try to request from samsung tv maple browser i get
Re: [twitter-dev] xAuth Request gives Error from samsung tv maple browser
You really shouldn't implement xAuth in JavaScript for obvious reasons, like how impossible it is to keep your keys secret. Tom On 12/4/10 6:19 AM, mahesh wrote: HI Team, Here i have been getting the following problem. I can able to post the message to twitter using xAuth Protocol in safari but i can't from firefox ,samsung tv browser Maple and IE. I am using javascript xmlhttprequest and sha1 for signature. Is twitter send response when we request from samsung tv maple browser?. More over when i try to request from samsung tv maple browser i get following Error. Status 401 Response :Failed to validate oauth signature and token If i Run Same code in safari working fine can able to post the message. Please help me out what is the issue. Thanks in Advance. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth Request gives Error from samsung tv maple browser
HI Team, Here i have been getting the following problem. I can able to post the message to twitter using xAuth Protocol in safari but i can't from firefox ,samsung tv browser Maple and IE. I am using javascript xmlhttprequest and sha1 for signature. Is twitter send response when we request from samsung tv maple browser?. More over when i try to request from samsung tv maple browser i get following Error. Status 401 Response :Failed to validate oauth signature and token If i Run Same code in safari working fine can able to post the message. Please help me out what is the issue. Thanks in Advance. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] XAuth authentication fail on Chinese machine
Hi, We have created a Desktop Twitter application, In this application I have used XAuth feature to get data from Twitter API. It works fine on Win 7 Ultimate machine. However when I run my application's exe on core Chinese Win 7 machine, I got The remote server returned an error: (401) Unauthorized. error from following request: https://api.twitter.com/oauth/access_token?oauth_consumer_key=oauth_nonce=9644877oauth_signature_method=HMAC-SHA1oauth_timestamp=1288573328oauth_version=1.0x_auth_mode=client_authx_auth_password=XXx_auth_username=oauth_signature=XXX Can anyone help me out to know how to resolve this issue. Thanks, Pawan -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] XAuth authentication fail on Chinese machine
Hi, Most 401 Unauthorized errors (and especially the ones involving UTF8 characters) are because of errors in the Base String, used to generate the signature. Please use the validation tool at http://quonos.nl/oauthTester, it may help you a lot with validating your Base String. As access_token always involves usernames and passwords, please do substitute them with dummy ones for security reasons - just make sure that they at least look like the previous ones, because otherwise it would be hard to detect encoding issues. Tom PS: When dealing with encoding issues, XX'ing the values really doesn't help. On 11/1/10 6:58 PM, pawan wrote: Hi, We have created a Desktop Twitter application, In this application I have used XAuth feature to get data from Twitter API. It works fine on Win 7 Ultimate machine. However when I run my application's exe on core Chinese Win 7 machine, I got The remote server returned an error: (401) Unauthorized. error from following request: https://api.twitter.com/oauth/access_token?oauth_consumer_key=oauth_nonce=9644877oauth_signature_method=HMAC-SHA1oauth_timestamp=1288573328oauth_version=1.0x_auth_mode=client_authx_auth_password=XXx_auth_username=oauth_signature=XXX Can anyone help me out to know how to resolve this issue. Thanks, Pawan -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re:Re:Re: [twitter-dev] xauth return Failed to validate oauth signature and token
I need your help At 2010-10-29 17:11:55,engine.start 477914...@163.com wrote: Hi Tom, Thanks for your reply, I have fix the problem you mentioned, but it still return Failed to validate oauth signature and token... sigBase is --- POSThttps%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_tokenoauth_consumer_key%3D###%26oauth_nonce%3D128834239529a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1288342395%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D##%26x_auth_username%3D# oAuthHttpHeader is - Authorization: OAuth oauth_consumer_key=#,oauth_nonce=128834239529a,oauth_signature=SVMgVYdS%2Bf%2FQXM8sNQKlC8FScSE%3D,oauth_signature_method=HMAC-SHA1,oauth_timestamp=1288342395,oauth_version=1.0 body is x_auth_mode%3Dclient_auth%26x_auth_password%3D#%26x_auth_username%3D## modified code : bool twitCurl::xAuthAccessToken() { bool retVal = false; FILE *fp = fopen(/tmp/twitter/xauth,w); std::string url(oAuthTwitterApiUrls::OAUTHLIB_TWITTER_ACCESS_TOKEN_URL); if( isCurlInit() ) { std::string body = x_auth_mode=client_authx_auth_password= + urlencode(m_twitterPassword) + x_auth_username= + urlencode(m_twitterUsername); std::string dataStr(); dataStr = body; url += (std::string(?) + body); std::string oAuthHeader( ); struct curl_slist* pOAuthHeaderList = NULL; CURL* curlHandle = curl_easy_init();; std::string localUrl = url; size_t nPos = url.find_first_of( ? ); if( std::string::npos != nPos ) { localUrl = url.substr( 0, nPos ); } std::string oAuthHttpHeader(); /* Set OAuth header */ m_oAuth.getOAuthHeader( eOAuthHttpPost, localUrl, dataStr, oAuthHttpHeader ); if( oAuthHttpHeader.length() 0 ) { pOAuthHeaderList = curl_slist_append( pOAuthHeaderList, oAuthHttpHeader.c_str() ); if( pOAuthHeaderList ) { curl_easy_setopt( curlHandle, CURLOPT_HTTPHEADER, pOAuthHeaderList ); } } /* Set http request, url and data */ curl_easy_setopt( curlHandle, CURLOPT_POST, 1 ); curl_easy_setopt( curlHandle, CURLOPT_USE_SSL, CURLUSESSL_CONTROL); curl_easy_setopt( curlHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt( curlHandle, CURLOPT_URL, url.c_str() ); curl_easy_setopt( curlHandle, CURLOPT_WRITEFUNCTION, write_data ); curl_easy_setopt( curlHandle, CURLOPT_WRITEDATA, fp ); body = urlencode( body ); if( body.length() ) { curl_easy_setopt( curlHandle, CURLOPT_COPYPOSTFIELDS, body.c_str() ); } /* Send http request */ CURLcode code = curl_easy_perform( curlHandle ); if( code == CURLE_OK ) { retVal = true; } else { retVal = false; } if( pOAuthHeaderList ) { curl_slist_free_all( pOAuthHeaderList ); } fclose(fp); } return retVal; } Thanks. At 2010-10-29 16:27:13,Tom van der Woerdt i...@tvdw.eu wrote: Your x_auth_* parameters aren't in your base string. This might cause it. Tom On Oct 29, 2010, at 6:10 AM, udta 477914...@163.com wrote: Hi, I am using libtwitcurl, and converting oAuth to xAuth, but I got Failed to validate oauth signature and token. I compare all I can printf data to libQtweet(xauth succesful), and couldn't found any error sigBase is: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3D**%26oauth_nonce %3D1288319703364%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288319703%26oauth_version%3D1.0 oAuthHttpHeader is: Authorization: OAuth oauth_consumer_key=*,oauth_nonce=1288319703364,oauth_signature=SUlWtiHEc6wZJwiY9bZDgRkSyKE %3D,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1288319703,oauth_version=1.0 This is my code: bool twitCurl::xAuthAccessToken() { bool retVal = false; FILE *fp = fopen(/tmp/twitter/xauth,w); std::string url(oAuthTwitterApiUrls::OAUTHLIB_TWITTER_ACCESS_TOKEN_URL); if( isCurlInit() ) { std::string body = x_auth_mode=client_authx_auth_password= + urlencode(m_twitterPassword) + x_auth_username= + urlencode(m_twitterUsername); std::string dataStr(); dataStr = body; url += (std::string(?) + body); std::string oAuthHeader( ); struct curl_slist* pOAuthHeaderList = NULL; CURL* curlHandle = curl_easy_init();;
Re:Re:Re:Re: [twitter-dev] xauth return Failed to validate oauth signature and token
I have tested the header by this way: create header by twitcurl, and then use it in qtweetlib, it is OK, but fail when opposite. So I think maybe the problem is how curl openssl requesting token, but I have no idea about it At 2010-11-01 09:07:01,engine.start 477914...@163.com wrote: I need your help At 2010-10-29 17:11:55,engine.start 477914...@163.com wrote: Hi Tom, Thanks for your reply, I have fix the problem you mentioned, but it still return Failed to validate oauth signature and token... sigBase is --- POSThttps%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_tokenoauth_consumer_key%3D###%26oauth_nonce%3D128834239529a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1288342395%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D##%26x_auth_username%3D# oAuthHttpHeader is - Authorization: OAuth oauth_consumer_key=#,oauth_nonce=128834239529a,oauth_signature=SVMgVYdS%2Bf%2FQXM8sNQKlC8FScSE%3D,oauth_signature_method=HMAC-SHA1,oauth_timestamp=1288342395,oauth_version=1.0 body is x_auth_mode%3Dclient_auth%26x_auth_password%3D#%26x_auth_username%3D## modified code : bool twitCurl::xAuthAccessToken() { bool retVal = false; FILE *fp = fopen(/tmp/twitter/xauth,w); std::string url(oAuthTwitterApiUrls::OAUTHLIB_TWITTER_ACCESS_TOKEN_URL); if( isCurlInit() ) { std::string body = x_auth_mode=client_authx_auth_password= + urlencode(m_twitterPassword) + x_auth_username= + urlencode(m_twitterUsername); std::string dataStr(); dataStr = body; url += (std::string(?) + body); std::string oAuthHeader( ); struct curl_slist* pOAuthHeaderList = NULL; CURL* curlHandle = curl_easy_init();; std::string localUrl = url; size_t nPos = url.find_first_of( ? ); if( std::string::npos != nPos ) { localUrl = url.substr( 0, nPos ); } std::string oAuthHttpHeader(); /* Set OAuth header */ m_oAuth.getOAuthHeader( eOAuthHttpPost, localUrl, dataStr, oAuthHttpHeader ); if( oAuthHttpHeader.length() 0 ) { pOAuthHeaderList = curl_slist_append( pOAuthHeaderList, oAuthHttpHeader.c_str() ); if( pOAuthHeaderList ) { curl_easy_setopt( curlHandle, CURLOPT_HTTPHEADER, pOAuthHeaderList ); } } /* Set http request, url and data */ curl_easy_setopt( curlHandle, CURLOPT_POST, 1 ); curl_easy_setopt( curlHandle, CURLOPT_USE_SSL, CURLUSESSL_CONTROL); curl_easy_setopt( curlHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt( curlHandle, CURLOPT_URL, url.c_str() ); curl_easy_setopt( curlHandle, CURLOPT_WRITEFUNCTION, write_data ); curl_easy_setopt( curlHandle, CURLOPT_WRITEDATA, fp ); body = urlencode( body ); if( body.length() ) { curl_easy_setopt( curlHandle, CURLOPT_COPYPOSTFIELDS, body.c_str() ); } /* Send http request */ CURLcode code = curl_easy_perform( curlHandle ); if( code == CURLE_OK ) { retVal = true; } else { retVal = false; } if( pOAuthHeaderList ) { curl_slist_free_all( pOAuthHeaderList ); } fclose(fp); } return retVal; } Thanks. At 2010-10-29 16:27:13,Tom van der Woerdt i...@tvdw.eu wrote: Your x_auth_* parameters aren't in your base string. This might cause it. Tom On Oct 29, 2010, at 6:10 AM, udta 477914...@163.com wrote: Hi, I am using libtwitcurl, and converting oAuth to xAuth, but I got Failed to validate oauth signature and token. I compare all I can printf data to libQtweet(xauth succesful), and couldn't found any error sigBase is: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3D**%26oauth_nonce %3D1288319703364%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288319703%26oauth_version%3D1.0 oAuthHttpHeader is: Authorization: OAuth oauth_consumer_key=*,oauth_nonce=1288319703364,oauth_signature=SUlWtiHEc6wZJwiY9bZDgRkSyKE %3D,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1288319703,oauth_version=1.0 This is my code: bool twitCurl::xAuthAccessToken() { bool retVal = false; FILE *fp = fopen(/tmp/twitter/xauth,w); std::string url(oAuthTwitterApiUrls::OAUTHLIB_TWITTER_ACCESS_TOKEN_URL); if( isCurlInit() ) { std::string body = x_auth_mode=client_authx_auth_password= + urlencode(m_twitterPassword) + x_auth_username= +
Re: [twitter-dev] xauth return Failed to validate oauth signature and token
Your x_auth_* parameters aren't in your base string. This might cause it. Tom On Oct 29, 2010, at 6:10 AM, udta 477914...@163.com wrote: Hi, I am using libtwitcurl, and converting oAuth to xAuth, but I got Failed to validate oauth signature and token. I compare all I can printf data to libQtweet(xauth succesful), and couldn't found any error sigBase is: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3D**%26oauth_nonce %3D1288319703364%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288319703%26oauth_version%3D1.0 oAuthHttpHeader is: Authorization: OAuth oauth_consumer_key=*,oauth_nonce=1288319703364,oauth_signature=SUlWtiHEc6wZJwiY9bZDgRkSyKE %3D,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1288319703,oauth_version=1.0 This is my code: bool twitCurl::xAuthAccessToken() { bool retVal = false; FILE *fp = fopen(/tmp/twitter/xauth,w); std::string url(oAuthTwitterApiUrls::OAUTHLIB_TWITTER_ACCESS_TOKEN_URL); if( isCurlInit() ) { std::string body = x_auth_mode=client_authx_auth_password= + urlencode(m_twitterPassword) + x_auth_username= + urlencode(m_twitterUsername); std::string dataStr(); dataStr = body; url += (std::string(?) + body); std::string oAuthHeader( ); struct curl_slist* pOAuthHeaderList = NULL; CURL* curlHandle = curl_easy_init();; std::string localUrl = url; size_t nPos = url.find_first_of( ? ); if( std::string::npos != nPos ) { localUrl = url.substr( 0, nPos ); } dataStr = urlencode( dataStr ); std::string oAuthHttpHeader(); /* Set OAuth header */ m_oAuth.getOAuthHeader( eOAuthHttpPost, localUrl, dataStr, oAuthHttpHeader ); if( oAuthHttpHeader.length() 0 ) { pOAuthHeaderList = curl_slist_append( pOAuthHeaderList, oAuthHttpHeader.c_str() ); if( pOAuthHeaderList ) { curl_easy_setopt( curlHandle, CURLOPT_HTTPHEADER, pOAuthHeaderList ); } } /* Set http request, url and data */ curl_easy_setopt( curlHandle, CURLOPT_POST, 1 ); curl_easy_setopt( curlHandle, CURLOPT_USE_SSL, CURLUSESSL_CONTROL); curl_easy_setopt( curlHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt( curlHandle, CURLOPT_URL, url.c_str() ); curl_easy_setopt( curlHandle, CURLOPT_WRITEFUNCTION, write_data ); curl_easy_setopt( curlHandle, CURLOPT_WRITEDATA, fp ); if( dataStr.length() ) { curl_easy_setopt( curlHandle, CURLOPT_COPYPOSTFIELDS, dataStr.c_str() ); } /* Send http request */ CURLcode code = curl_easy_perform( curlHandle ); if( code == CURLE_OK ) { retVal = true; } else { retVal = false; } if( pOAuthHeaderList ) { curl_slist_free_all( pOAuthHeaderList ); } fclose(fp); } return retVal; } Thanks. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xauth return Failed to validate oauth signature and token
Hi, I am using libtwitcurl, and converting oAuth to xAuth, but I got Failed to validate oauth signature and token. I compare all I can printf data to libQtweet(xauth succesful), and couldn't found any error sigBase is: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3D**%26oauth_nonce %3D1288319703364%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288319703%26oauth_version%3D1.0 oAuthHttpHeader is: Authorization: OAuth oauth_consumer_key=*,oauth_nonce=1288319703364,oauth_signature=SUlWtiHEc6wZJwiY9bZDgRkSyKE %3D,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1288319703,oauth_version=1.0 This is my code: bool twitCurl::xAuthAccessToken() { bool retVal = false; FILE *fp = fopen(/tmp/twitter/xauth,w); std::string url(oAuthTwitterApiUrls::OAUTHLIB_TWITTER_ACCESS_TOKEN_URL); if( isCurlInit() ) { std::string body = x_auth_mode=client_authx_auth_password= + urlencode(m_twitterPassword) + x_auth_username= + urlencode(m_twitterUsername); std::string dataStr(); dataStr = body; url += (std::string(?) + body); std::string oAuthHeader( ); struct curl_slist* pOAuthHeaderList = NULL; CURL* curlHandle = curl_easy_init();; std::string localUrl = url; size_t nPos = url.find_first_of( ? ); if( std::string::npos != nPos ) { localUrl = url.substr( 0, nPos ); } dataStr = urlencode( dataStr ); std::string oAuthHttpHeader(); /* Set OAuth header */ m_oAuth.getOAuthHeader( eOAuthHttpPost, localUrl, dataStr, oAuthHttpHeader ); if( oAuthHttpHeader.length() 0 ) { pOAuthHeaderList = curl_slist_append( pOAuthHeaderList, oAuthHttpHeader.c_str() ); if( pOAuthHeaderList ) { curl_easy_setopt( curlHandle, CURLOPT_HTTPHEADER, pOAuthHeaderList ); } } /* Set http request, url and data */ curl_easy_setopt( curlHandle, CURLOPT_POST, 1 ); curl_easy_setopt( curlHandle, CURLOPT_USE_SSL, CURLUSESSL_CONTROL); curl_easy_setopt( curlHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt( curlHandle, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt( curlHandle, CURLOPT_URL, url.c_str() ); curl_easy_setopt( curlHandle, CURLOPT_WRITEFUNCTION, write_data ); curl_easy_setopt( curlHandle, CURLOPT_WRITEDATA, fp ); if( dataStr.length() ) { curl_easy_setopt( curlHandle, CURLOPT_COPYPOSTFIELDS, dataStr.c_str() ); } /* Send http request */ CURLcode code = curl_easy_perform( curlHandle ); if( code == CURLE_OK ) { retVal = true; } else { retVal = false; } if( pOAuthHeaderList ) { curl_slist_free_all( pOAuthHeaderList ); } fclose(fp); } return retVal; } Thanks. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth request returns 401, need help
Hey all, This is my first post in this group, hi! I am having trouble making a request on https://api.twitter.com/oauth/access_token. I've been at this for 2 days and I can't make any progress. I feel like everything matches up with all examples, documentation, and other forum posts perfectly. Here is my post body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Here is my base string (using the example's test credentials): POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3DE0E37C06-F12A-407B-8D80-20C78FF6183A %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1288223176%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec Here is my Authorization header: OAuth oauth_timestamp=1288223176, oauth_nonce=E0E37C06- F12A-407B-8D80-20C78FF6183A, oauth_version=1.0, oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature_method=HMAC-SHA1, oauth_signature=IwPFrvb0PExyS %2F2QQvtbelsWk48%3D -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth - sometimes success response, sometimes Error-response
Hello, I´m using xAuth in an ActionScript 3.0 Project. I still have problems that I sometimes get a successful response, and a couple of times a faulty response. If I get a bad response, then I have the HTTP status code 401 with following error message: Failed to validate oauth signature and token The values that are different are the oAuth_nonce and oAuth_timestamp. The oAuth_nonce is determined by a random number. This is determined by the uuid of the current date. Subcontent special characters such as: - removed. Such uuid should be unique. I wonder why I for similar calculations of the nonce, etc. sometimes successful and sometimes get a bad response! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth - sometimes success response, sometimes Error-response
It's likely not the nonce that is invalid in this case -- or the timestamp. In this case, the error specifically is indicating that it couldn't validate the request. Does the alternate 401 vs success happen with the exact same credentials, or are you using different credentials? Taylor On Mon, Oct 4, 2010 at 11:41 PM, andy andreas-wilkeme...@andreazw.dewrote: Hello, I´m using xAuth in an ActionScript 3.0 Project. I still have problems that I sometimes get a successful response, and a couple of times a faulty response. If I get a bad response, then I have the HTTP status code 401 with following error message: Failed to validate oauth signature and token The values that are different are the oAuth_nonce and oAuth_timestamp. The oAuth_nonce is determined by a random number. This is determined by the uuid of the current date. Subcontent special characters such as: - removed. Such uuid should be unique. I wonder why I for similar calculations of the nonce, etc. sometimes successful and sometimes get a bad response! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth - sometimes Error with StatusCode 401, sometimes Response with StatusCode 200
Hello, I using xAuth for an Flash-Application. I have written in the group Twitter Development Group already several entries, as there was problems to use xauth. I currently have an application that works half way. The problem is that I sometimes get a response with a HTTP- StatucCode of 200 and sometimes an error with a status code of 401. The only difference is that a new timestamp and a new nonce (oauth_nonce) are calculated. Is it possible that there will be differences in these parameters? The following is an example with parameters that return a successful Resposnse (HTTP status code 200): oauth_consumer_key=myConsumerKey oauth_nonce=07AF3D6E65C79090E9B35274C03E4946 oauth_signature=KnC1UxVVyqkrDsuwmBqGhiJpjQI= oauth_signature_method=HMAC-SHA1 oauth_timestamp=1285578604 oauth_version=1.0 x_auth_mode=client_auth x_auth_password=myPassword x_auth_username=myUsername And now an incorrect response with the following parameters (HTTP status code 401): oauth_consumer_key=myConsumerKey oauth_nonce=317780E4B140C66DD4715283B40F13DC oauth_signature=0Pnd/X3w8VR5+iNmpJuNeBydeec= oauth_signature_method=HMAC-SHA1 oauth_timestamp=1285579584 oauth_version=1.0 x_auth_mode=client_auth x_auth_password=myPassword x_auth_username=myUsername Thanks, Andy -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth - sometimes Error with StatusCode 401, sometimes Response with StatusCode 200
401 is a general HTTP error code. The message is more important. If the message is about an invalid nonce, then you should check the timestamp. If it's about a nonce that had already been used, check the nonce. If it's a signature error, check the code that generates the signature and make sure to use proper URL encoding (which may be an issue here). It's xAuth you are using here, so also make sure that you are entering the right password. ;-) Tom On Mon, 27 Sep 2010 02:31:01 -0700 (PDT), andy andreas-wilkeme...@andreazw.de wrote: Hello, I using xAuth for an Flash-Application. I have written in the group Twitter Development Group already several entries, as there was problems to use xauth. I currently have an application that works half way. The problem is that I sometimes get a response with a HTTP- StatucCode of 200 and sometimes an error with a status code of 401. The only difference is that a new timestamp and a new nonce (oauth_nonce) are calculated. Is it possible that there will be differences in these parameters? The following is an example with parameters that return a successful Resposnse (HTTP status code 200): oauth_consumer_key=myConsumerKey oauth_nonce=07AF3D6E65C79090E9B35274C03E4946 oauth_signature=KnC1UxVVyqkrDsuwmBqGhiJpjQI= oauth_signature_method=HMAC-SHA1 oauth_timestamp=1285578604 oauth_version=1.0 x_auth_mode=client_auth x_auth_password=myPassword x_auth_username=myUsername And now an incorrect response with the following parameters (HTTP status code 401): oauth_consumer_key=myConsumerKey oauth_nonce=317780E4B140C66DD4715283B40F13DC oauth_signature=0Pnd/X3w8VR5+iNmpJuNeBydeec= oauth_signature_method=HMAC-SHA1 oauth_timestamp=1285579584 oauth_version=1.0 x_auth_mode=client_auth x_auth_password=myPassword x_auth_username=myUsername Thanks, Andy -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xAuth problem with using filter streams
Hi all, I got xAuth problem using filter streams. My simple code has been doing fine before September(just logging). But there is something changed after sometime in September, the same code is forbidden(403) by Twitter. I processed xAuth authentication at July, and my code has been doing great with the authentication before September. I am using Twitter4j, and my code is authenticated by xAuth. The error was like: === TwitterException{exceptionCode=[6b837d58-1851a359], statusCode=403, retryAfter=0, rateLimitStatus=null, version=2.1.4} 6b837d58-1851a359 403:The request is understood, but it has been refused. An accompanying error message will explain why. Administratively forbidden === So I have no idea what's going on. Anybody has idea about this? Thanks, Shinpei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth problem with using filter streams
Hi, The 403 error can mean a lot of things. Can you give us the error message itself, instead of what Twitter4j gives you? Tom On Mon, 27 Sep 2010 19:03:58 +0900, Shinpei Ohtani shinpei.oht...@gmail.com wrote: Hi all, I got xAuth problem using filter streams. My simple code has been doing fine before September(just logging). But there is something changed after sometime in September, the same code is forbidden(403) by Twitter. I processed xAuth authentication at July, and my code has been doing great with the authentication before September. I am using Twitter4j, and my code is authenticated by xAuth. The error was like: === TwitterException{exceptionCode=[6b837d58-1851a359], statusCode=403, retryAfter=0, rateLimitStatus=null, version=2.1.4} 6b837d58-1851a359 403:The request is understood, but it has been refused. An accompanying error message will explain why. Administratively forbidden === So I have no idea what's going on. Anybody has idea about this? Thanks, Shinpei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth problem with using filter streams
The reason text was enclosed. It says 403 - Administratively Forbidden. You've been blacklisted, almost certainly for violating the API policy. -John Kalucki http://twitter.com/jkalucki Twitter, Inc. On Mon, Sep 27, 2010 at 6:06 AM, Tom van der Woerdt i...@tvdw.eu wrote: Hi, The 403 error can mean a lot of things. Can you give us the error message itself, instead of what Twitter4j gives you? Tom On Mon, 27 Sep 2010 19:03:58 +0900, Shinpei Ohtani shinpei.oht...@gmail.com wrote: Hi all, I got xAuth problem using filter streams. My simple code has been doing fine before September(just logging). But there is something changed after sometime in September, the same code is forbidden(403) by Twitter. I processed xAuth authentication at July, and my code has been doing great with the authentication before September. I am using Twitter4j, and my code is authenticated by xAuth. The error was like: === TwitterException{exceptionCode=[6b837d58-1851a359], statusCode=403, retryAfter=0, rateLimitStatus=null, version=2.1.4} 6b837d58-1851a359 403:The request is understood, but it has been refused. An accompanying error message will explain why. Administratively forbidden === So I have no idea what's going on. Anybody has idea about this? Thanks, Shinpei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth problem with using filter streams
Thanks for notifying me. Is there any specific documents what causes banned my account? I must read the docs carefully now. I found this one: http://dev.twitter.com/pages/api_faq#wrong Any other documents? Thanks in advance. On Mon, Sep 27, 2010 at 10:19 PM, John Kalucki j...@twitter.com wrote: The reason text was enclosed. It says 403 - Administratively Forbidden. You've been blacklisted, almost certainly for violating the API policy. -John Kalucki http://twitter.com/jkalucki Twitter, Inc. On Mon, Sep 27, 2010 at 6:06 AM, Tom van der Woerdt i...@tvdw.eu wrote: Hi, The 403 error can mean a lot of things. Can you give us the error message itself, instead of what Twitter4j gives you? Tom On Mon, 27 Sep 2010 19:03:58 +0900, Shinpei Ohtani shinpei.oht...@gmail.com wrote: Hi all, I got xAuth problem using filter streams. My simple code has been doing fine before September(just logging). But there is something changed after sometime in September, the same code is forbidden(403) by Twitter. I processed xAuth authentication at July, and my code has been doing great with the authentication before September. I am using Twitter4j, and my code is authenticated by xAuth. The error was like: === TwitterException{exceptionCode=[6b837d58-1851a359], statusCode=403, retryAfter=0, rateLimitStatus=null, version=2.1.4} 6b837d58-1851a359 403:The request is understood, but it has been refused. An accompanying error message will explain why. Administratively forbidden === So I have no idea what's going on. Anybody has idea about this? Thanks, Shinpei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- = Shinpei Ohtani mail : shinpei.oht...@gmail.com blog : http://d.hatena.ne.jp/shot6/ twitter : http://twitter.com/shot6 (japanese) http://twitter.com/shinpei_ohtani (english) = -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth problem with using filter streams
Hi Tom, Thanks for reply. The error message from Twitter says Administratively forbidden\n, that's all. This message is not from Twitter4j, Twitter tells it as response body. Thanks, On Mon, Sep 27, 2010 at 10:06 PM, Tom van der Woerdt i...@tvdw.eu wrote: Hi, The 403 error can mean a lot of things. Can you give us the error message itself, instead of what Twitter4j gives you? Tom On Mon, 27 Sep 2010 19:03:58 +0900, Shinpei Ohtani shinpei.oht...@gmail.com wrote: Hi all, I got xAuth problem using filter streams. My simple code has been doing fine before September(just logging). But there is something changed after sometime in September, the same code is forbidden(403) by Twitter. I processed xAuth authentication at July, and my code has been doing great with the authentication before September. I am using Twitter4j, and my code is authenticated by xAuth. The error was like: === TwitterException{exceptionCode=[6b837d58-1851a359], statusCode=403, retryAfter=0, rateLimitStatus=null, version=2.1.4} 6b837d58-1851a359 403:The request is understood, but it has been refused. An accompanying error message will explain why. Administratively forbidden === So I have no idea what's going on. Anybody has idea about this? Thanks, Shinpei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- = Shinpei Ohtani mail : shinpei.oht...@gmail.com blog : http://d.hatena.ne.jp/shot6/ twitter : http://twitter.com/shot6 (japanese) http://twitter.com/shinpei_ohtani (english) = -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth problem with using filter streams
Hi Shinpei, The best way to inquire about specific blacklisting reasons is by sending an email to a...@twitter.com from the email address associated with a Twitter account. Include your IP address(es) and as much information about what API operations you've been making and at what frequency. Reasons for blacklisting can include: opening too many simultaneous connections to the streaming API, too many failed login attempts from an IP address, repeated following/unfollowing actions, ridiculously unthrottled write actions, etc. This is also good reading: http://support.twitter.com/entries/76915 And of course: http://dev.twitter.com/api_terms Thanks, Taylor On Mon, Sep 27, 2010 at 6:39 AM, Shinpei Ohtani shinpei.oht...@gmail.comwrote: Thanks for notifying me. Is there any specific documents what causes banned my account? I must read the docs carefully now. I found this one: http://dev.twitter.com/pages/api_faq#wrong Any other documents? Thanks in advance. On Mon, Sep 27, 2010 at 10:19 PM, John Kalucki j...@twitter.com wrote: The reason text was enclosed. It says 403 - Administratively Forbidden. You've been blacklisted, almost certainly for violating the API policy. -John Kalucki http://twitter.com/jkalucki Twitter, Inc. On Mon, Sep 27, 2010 at 6:06 AM, Tom van der Woerdt i...@tvdw.eu wrote: Hi, The 403 error can mean a lot of things. Can you give us the error message itself, instead of what Twitter4j gives you? Tom On Mon, 27 Sep 2010 19:03:58 +0900, Shinpei Ohtani shinpei.oht...@gmail.com wrote: Hi all, I got xAuth problem using filter streams. My simple code has been doing fine before September(just logging). But there is something changed after sometime in September, the same code is forbidden(403) by Twitter. I processed xAuth authentication at July, and my code has been doing great with the authentication before September. I am using Twitter4j, and my code is authenticated by xAuth. The error was like: === TwitterException{exceptionCode=[6b837d58-1851a359], statusCode=403, retryAfter=0, rateLimitStatus=null, version=2.1.4} 6b837d58-1851a359 403:The request is understood, but it has been refused. An accompanying error message will explain why. Administratively forbidden === So I have no idea what's going on. Anybody has idea about this? Thanks, Shinpei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- = Shinpei Ohtani mail: shinpei.oht...@gmail.com blog: http://d.hatena.ne.jp/shot6/ twitter : http://twitter.com/shot6 (japanese) http://twitter.com/shinpei_ohtani (english) = -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth problem with using filter streams
Taylor, Thanks for the answer. These resources are helpful to me, and I send email to a...@twitter.com, and wait and see what's going on. Thanks for the help. On Mon, Sep 27, 2010 at 11:05 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Shinpei, The best way to inquire about specific blacklisting reasons is by sending an email to a...@twitter.com from the email address associated with a Twitter account. Include your IP address(es) and as much information about what API operations you've been making and at what frequency. Reasons for blacklisting can include: opening too many simultaneous connections to the streaming API, too many failed login attempts from an IP address, repeated following/unfollowing actions, ridiculously unthrottled write actions, etc. This is also good reading: http://support.twitter.com/entries/76915 And of course: http://dev.twitter.com/api_terms Thanks, Taylor On Mon, Sep 27, 2010 at 6:39 AM, Shinpei Ohtani shinpei.oht...@gmail.com wrote: Thanks for notifying me. Is there any specific documents what causes banned my account? I must read the docs carefully now. I found this one: http://dev.twitter.com/pages/api_faq#wrong Any other documents? Thanks in advance. On Mon, Sep 27, 2010 at 10:19 PM, John Kalucki j...@twitter.com wrote: The reason text was enclosed. It says 403 - Administratively Forbidden. You've been blacklisted, almost certainly for violating the API policy. -John Kalucki http://twitter.com/jkalucki Twitter, Inc. On Mon, Sep 27, 2010 at 6:06 AM, Tom van der Woerdt i...@tvdw.eu wrote: Hi, The 403 error can mean a lot of things. Can you give us the error message itself, instead of what Twitter4j gives you? Tom On Mon, 27 Sep 2010 19:03:58 +0900, Shinpei Ohtani shinpei.oht...@gmail.com wrote: Hi all, I got xAuth problem using filter streams. My simple code has been doing fine before September(just logging). But there is something changed after sometime in September, the same code is forbidden(403) by Twitter. I processed xAuth authentication at July, and my code has been doing great with the authentication before September. I am using Twitter4j, and my code is authenticated by xAuth. The error was like: === TwitterException{exceptionCode=[6b837d58-1851a359], statusCode=403, retryAfter=0, rateLimitStatus=null, version=2.1.4} 6b837d58-1851a359 403:The request is understood, but it has been refused. An accompanying error message will explain why. Administratively forbidden === So I have no idea what's going on. Anybody has idea about this? Thanks, Shinpei -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- = Shinpei Ohtani mail : shinpei.oht...@gmail.com blog : http://d.hatena.ne.jp/shot6/ twitter : http://twitter.com/shot6 (japanese) http://twitter.com/shinpei_ohtani (english) = -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- = Shinpei Ohtani mail : shinpei.oht...@gmail.com blog : http://d.hatena.ne.jp/shot6/ twitter : http://twitter.com/shot6 (japanese) http://twitter.com/shinpei_ohtani (english) = -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] xauth help for: 'failed to validate oauth signature and token'
Hi folks, I have been banging my head against the wall trying to figure out why I keep getting 'failed to validate oauth signature and token' when requesting the access token using xauth. I did get xauth enabled, however I should point out there is nothing indicating this in the app's detail page. Should there be? For sake of debugging, I am using the xAuth tutorial fields located here: http://dev.twitter.com/pages/xauth it looks quite identical. I understand the timestamps, keys, and nonce would be invalid, I just wanted to check things out: Body: x_auth_username=oauth_test_execx_auth_password=twitter- xauthx_auth_mode=client_auth Authorization header field: oauth_consumer_key=JvyS7DO2qd6NNTsXJ4E7zA, oauth_signature_method=HMAC-SHA1, oauth_signature=1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D, oauth_timestamp=1284565601, oauth_nonce=6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo, oauth_version=1.0 Signature base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec URL: https://api.twitter.com/oauth/access_token If I turn all the fields to 'real' I will get the same error as the above code does. Hearing that time can cause this I can say that my clock is only off a few seconds from my cell phone and I am using time(null) to snag the value. I assume that is seconds since 1970 without timezone interference. Any ideas? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] xAuth problem
Hi Narayan, I'd like to help, but I need more information in order to debug. Can you verify that your consumer key and secret are correct (and the same as what you have stored currently on dev.twitter.com)? Is there any reason you can think of that your application may have become suspended? Taylor On Tue, Sep 21, 2010 at 9:13 PM, Narayan Maharjan ngmm...@gmail.com wrote: Hello Taylor, I 've already checked my timestamp before couple of days. The exception occurs on all of the user who are using my application.So I think it may be due to my own application. I use twitter4j api. It shows exception every time i try to login. Please help. Thanks. On Tue, Sep 21, 2010 at 8:36 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, Has anything changed about your environment? Perhaps your clocks have changed and you aren't generating valid timestamps? When you applied and were approved for xAuth, was it a conditional approval meant for transitional purposes? Have you tried utilizing xAuth from another code base? What is the specific Twitter API exception that you are receiving? Taylor On Tue, Sep 21, 2010 at 4:22 AM, privatejava ngmm...@gmail.com wrote: Since many days i can see my xAuth is not working .It gives me error/ exception while i try to login my twitter user via xauth method.My application is a standalone app with api twitter4j.I've even already verified my xAuth but why isn't it working? Please help! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] XAuth - bad request
Hello, I am developing a desktop application using C++ and QT. (I'm not using QAuth because I don't want to have to encorporate QCA and OpenSLL into my app.) I am attempting to perform xAuth and I'm getting 400 (bad request). Here are the details (data taken from http://dev.twitter.com/pages/xauth) Base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec oauth_signature: 1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D Post body: x_auth_mode=client_authx_auth_password=twitter- xauthx_auth_username=oauth_test_exec I sent the data to a bogus (non secure) server so I could see what was going out in wireshark. Below is the outgoing message. Why is this resulting in 400? What am I missing? (Assume this is really going to https://api.twitter.com/oauth/access_token) POST /oauth/authorize HTTP/1.1 OAuth oauth_nonce: 6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo oauth_signature_method: HMAC-SHA1 oauth_timestamp: 1284565601 oauth_consumer_key: JvyS7DO2qd6NNTsXJ4E7zA oauth_signature: 1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D oauth_version: 1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 85 Connection: Keep-Alive Accept-Encoding: gzip accept-language: en,* User-Agent: Mozilla/5.0 Host: twitter.com x_auth_mode=client_authx_auth_password=twitter- xauthx_auth_username=oauth_test_exec -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] XAuth - bad request
First, let me start by saying that xAuth is only an extension to OAuth and that you will have to implement OAuth as well. The problem with your request is that you send all oauth_* parameters as header. That's wrong: the correct syntax is Authorization: OAuth oauth_nonce=nonce, oauth_signature=sig,etc Tom On 9/21/10 2:19 AM, Gary wrote: Hello, I am developing a desktop application using C++ and QT. (I'm not using QAuth because I don't want to have to encorporate QCA and OpenSLL into my app.) I am attempting to perform xAuth and I'm getting 400 (bad request). Here are the details (data taken from http://dev.twitter.com/pages/xauth) Base string: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA %26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec oauth_signature: 1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D Post body: x_auth_mode=client_authx_auth_password=twitter- xauthx_auth_username=oauth_test_exec I sent the data to a bogus (non secure) server so I could see what was going out in wireshark. Below is the outgoing message. Why is this resulting in 400? What am I missing? (Assume this is really going to https://api.twitter.com/oauth/access_token) POST /oauth/authorize HTTP/1.1 OAuth oauth_nonce: 6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo oauth_signature_method: HMAC-SHA1 oauth_timestamp: 1284565601 oauth_consumer_key: JvyS7DO2qd6NNTsXJ4E7zA oauth_signature: 1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D oauth_version: 1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 85 Connection: Keep-Alive Accept-Encoding: gzip accept-language: en,* User-Agent: Mozilla/5.0 Host: twitter.com x_auth_mode=client_authx_auth_password=twitter- xauthx_auth_username=oauth_test_exec -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xAuth problem
Since many days i can see my xAuth is not working .It gives me error/ exception while i try to login my twitter user via xauth method.My application is a standalone app with api twitter4j.I've even already verified my xAuth but why isn't it working? Please help! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth problem
Hi there, Has anything changed about your environment? Perhaps your clocks have changed and you aren't generating valid timestamps? When you applied and were approved for xAuth, was it a conditional approval meant for transitional purposes? Have you tried utilizing xAuth from another code base? What is the specific Twitter API exception that you are receiving? Taylor On Tue, Sep 21, 2010 at 4:22 AM, privatejava ngmm...@gmail.com wrote: Since many days i can see my xAuth is not working .It gives me error/ exception while i try to login my twitter user via xauth method.My application is a standalone app with api twitter4j.I've even already verified my xAuth but why isn't it working? Please help! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth problem
Hello Taylor, I 've already checked my timestamp before couple of days. The exception occurs on all of the user who are using my application.So I think it may be due to my own application. I use twitter4j api. It shows exception every time i try to login. Please help. Thanks. On Tue, Sep 21, 2010 at 8:36 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, Has anything changed about your environment? Perhaps your clocks have changed and you aren't generating valid timestamps? When you applied and were approved for xAuth, was it a conditional approval meant for transitional purposes? Have you tried utilizing xAuth from another code base? What is the specific Twitter API exception that you are receiving? Taylor On Tue, Sep 21, 2010 at 4:22 AM, privatejava ngmm...@gmail.com wrote: Since many days i can see my xAuth is not working .It gives me error/ exception while i try to login my twitter user via xauth method.My application is a standalone app with api twitter4j.I've even already verified my xAuth but why isn't it working? Please help! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] XAuth signature error
hi, my name is Kim. I will make XAuth module. So i need developer help. i make signature base string for example POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3D%2525%2526123%2521aZ%252B %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant this is dev.twitter.com example i saw it that oauth_signature is signature base string's hmac-sha1 encoding and base64 encoding's result oauth_signature=yUDBrcMMm6ghqBEKCFKVoJPIacU%3D is it right? i can't do this. somebody help me. T.T Q1. i want to know signature base string's hmac-sha1 encoding result. Q2. oauth-signature=yUDBrcMMm6ghqBEKCFKVoJPIacU%3D is it correct? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xAuth token and secret not working for POST methods
Hi, I am using Twitter xAuth to get tokens (my application is approved for using xAuth). However the tokens do not have any write permissions, so I cannot use any API that requires POST. I am getting '401 Unauthorized' error when accessing the APIs which requires POST. Note that there are no issues when I am using oAuth. Much appreciate your help on this. Thanks in advance. Regards, Nataraj -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xAuth returning 401 error.
Hm. Still having troubles with my iPhone app -- when I try to post using xAuth, I get a 401 error. Twitter claims the app has xAuth access on their end. Not sure what to do... Anyone else experiencing this issue? Thanks! Josh Knowles http://auscillate.com -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] XAuth signature error
On 9/13/10 7:01 AM, Double K wrote: hi, my name is Kim. I will make XAuth module. So i need developer help. i make signature base string for example POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3D%2525%2526123%2521aZ%252B %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant this is dev.twitter.com example i saw it that oauth_signature is signature base string's hmac-sha1 encoding and base64 encoding's result oauth_signature=yUDBrcMMm6ghqBEKCFKVoJPIacU%3D is it right? i can't do this. somebody help me. T.T Q1. i want to know signature base string's hmac-sha1 encoding result. Q2. oauth-signature=yUDBrcMMm6ghqBEKCFKVoJPIacU%3D is it correct? Yes, that signature is correct, if you are using the sample keys. Tom -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth returning 401 error.
On 9/13/10 1:16 PM, Josh Knowles wrote: Hm. Still having troubles with my iPhone app -- when I try to post using xAuth, I get a 401 error. Twitter claims the app has xAuth access on their end. Not sure what to do... Anyone else experiencing this issue? Thanks! Josh Knowles http://auscillate.com xAuth is part of OAuth, it simply exchanges usernames/passwords for credentials. Posting tweets using xAuth is impossible. ;-) 401 usually means a signature error. What is the Base String you use? (Most errors are in the Base String) Tom -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xAuth approval times
Hi, I've totally missed the announcement that basic authentication will be disabled end of August, so now my iPhone app's twitter functionality is broken. I've submitted a request to get access to xAuth authentication two days ago and still didn't get a response. What kind of timeframe are we looking at for the approval? Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth approval times
Hi Alex, We do our best to keep the wait under 72 hours, but there are times it will take longer. Taylor On Fri, Sep 10, 2010 at 4:33 AM, supersonicduck alex.stanko...@gmail.comwrote: Hi, I've totally missed the announcement that basic authentication will be disabled end of August, so now my iPhone app's twitter functionality is broken. I've submitted a request to get access to xAuth authentication two days ago and still didn't get a response. What kind of timeframe are we looking at for the approval? Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xAuth Newbie having trouble
OK, I'm trying to send my first xAuth request, but I'm getting 401 Unauthorized. Here is the base string I am signing: POST%26https%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Faccess%5Ftoken %26oauth%5Fconsumer%5Fkey%3Dwd0fPXXX9m9O7OYRg%26oauth%5Fnonce %3DAZWKFccT4qryy4LJDJMZbwNCHXwrbhsqft3e5ixz0sKGsCHcUq%26oauth %5Fsignature%5Fmethod%3DHMAC%2DSHA1%26oauth%5Ftimestamp %3D1283791832%26oauth%5Fversion%3D1%2E0%26x%5Fauth%5Fmode%3Dclient %5Fauth%26x%5Fauth%5Fpassword%3DXX%26x%5Fauth%5Fusername %3Dgarrytaylor And here is my full POST request: POST /oauth/access_token HTTP/1.1 Host: api.twitter.com User-Agent: SNDTWEET Connection: close Content-Length: 74 Authorization: OAuth realm=, oauth_nonce=AZWKFccT4qryy4LJDJMZbwNCHXwrbhsqft3e5ixz0sKGsCHcUq, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283791832, oauth_consumer_key=wd0fPXXX9m9O7OYRg, oauth_signature=XjbVbryI8WQDIpuZlZbl7iwDHNc%3D, oauth_version=1.0 Content-Type: application/x-www-form-urlencoded x_auth_mode=client_authx_auth_password=XXx_auth_username=garrytaylor I've used XXX in some places for security reasons. Is there anything that look immediately wrong here? Thanks a lot Garry -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth Newbie having trouble
Without looking to deeply yet (sorry, on vacation!) it appears you are over encoding values in your signature basestring.. For example, underscores are not protected characters and need not be encoded. I recommend reviewing the OAuth spec regarding encoding characters and ensure your encoder follows those rules. Taylor On Monday, September 6, 2010, Garry taylor.ga...@gmail.com wrote: OK, I'm trying to send my first xAuth request, but I'm getting 401 Unauthorized. Here is the base string I am signing: POST%26https%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Faccess%5Ftoken %26oauth%5Fconsumer%5Fkey%3Dwd0fPXXX9m9O7OYRg%26oauth%5Fnonce %3DAZWKFccT4qryy4LJDJMZbwNCHXwrbhsqft3e5ixz0sKGsCHcUq%26oauth %5Fsignature%5Fmethod%3DHMAC%2DSHA1%26oauth%5Ftimestamp %3D1283791832%26oauth%5Fversion%3D1%2E0%26x%5Fauth%5Fmode%3Dclient %5Fauth%26x%5Fauth%5Fpassword%3DXX%26x%5Fauth%5Fusername %3Dgarrytaylor And here is my full POST request: POST /oauth/access_token HTTP/1.1 Host: api.twitter.com User-Agent: SNDTWEET Connection: close Content-Length: 74 Authorization: OAuth realm=, oauth_nonce=AZWKFccT4qryy4LJDJMZbwNCHXwrbhsqft3e5ixz0sKGsCHcUq, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283791832, oauth_consumer_key=wd0fPXXX9m9O7OYRg, oauth_signature=XjbVbryI8WQDIpuZlZbl7iwDHNc%3D, oauth_version=1.0 Content-Type: application/x-www-form-urlencoded x_auth_mode=client_authx_auth_password=XXx_auth_username=garrytaylor I've used XXX in some places for security reasons. Is there anything that look immediately wrong here? Thanks a lot Garry -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth Newbie having trouble
You should try verifying your Base String using my OAuth validator, http://quonos.nl/oauthTester/ Your Base String looks like it is encoded too much. Syntax is methodurlparameters. You have method%26url%26parameters. Tom On 9/6/10 2:53 PM, Garry wrote: OK, I'm trying to send my first xAuth request, but I'm getting 401 Unauthorized. Here is the base string I am signing: POST%26https%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Faccess%5Ftoken %26oauth%5Fconsumer%5Fkey%3Dwd0fPXXX9m9O7OYRg%26oauth%5Fnonce %3DAZWKFccT4qryy4LJDJMZbwNCHXwrbhsqft3e5ixz0sKGsCHcUq%26oauth %5Fsignature%5Fmethod%3DHMAC%2DSHA1%26oauth%5Ftimestamp %3D1283791832%26oauth%5Fversion%3D1%2E0%26x%5Fauth%5Fmode%3Dclient %5Fauth%26x%5Fauth%5Fpassword%3DXX%26x%5Fauth%5Fusername %3Dgarrytaylor And here is my full POST request: POST /oauth/access_token HTTP/1.1 Host: api.twitter.com User-Agent: SNDTWEET Connection: close Content-Length: 74 Authorization: OAuth realm=, oauth_nonce=AZWKFccT4qryy4LJDJMZbwNCHXwrbhsqft3e5ixz0sKGsCHcUq, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1283791832, oauth_consumer_key=wd0fPXXX9m9O7OYRg, oauth_signature=XjbVbryI8WQDIpuZlZbl7iwDHNc%3D, oauth_version=1.0 Content-Type: application/x-www-form-urlencoded x_auth_mode=client_authx_auth_password=XXx_auth_username=garrytaylor I've used XXX in some places for security reasons. Is there anything that look immediately wrong here? Thanks a lot Garry -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xAuth support
Hi, I have just received an e-mail that Starting August 31, all applications will be required to use “OAuth” to access your Twitter account. Wondering if there is any impact on xAuth and whether xAuth is still supported? Any info on this will be much appreciated. Thanks, Rajat -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth support
I have just received an e-mail that Starting August 31, all applications will be required to use _OAuth_ to access your Twitter account. Wondering if there is any impact on xAuth and whether xAuth is still supported? Any info on this will be much appreciated. xAuth is still supported. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Happiness is having a scratch for every itch. -- Ogden Nash -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] XAuth 401 error
Hi, My mobile app was working like a charm using xAuth authentication until this morning (in France). Even after the Basic Auth removal my app was working (using xAuth) yesterday evening but this morning in france, my app always returns 401 error.I 'have'nt changed anything. Have you changed something in xAuth process yesterday ? Any idea ??? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth not Working (Help)
Thanks for Replying Guys! Taylor, Why was it necessary to generate generate other keys ? And Tom (or Taylor) I'm using consumerSecret because at session : Example request for an xAuth request token, this key is listed in the request keys. So, is this example depracated ? Another doubt. After generating OAuth signature base string I didn't understand how to generate oauth_signature based on that string. I'm using some as3 crypto methods to do it , but I really don't know what keys combinations to use to generate the correct oauth_signature. I'm using the xAuth documentation example. var signString:String = POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw%26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D%2525%2526123%2521aZ%252B%2528%2529456242134%26x_auth_username%3DtpFriendlyGiant; var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerKey) + + encodeURIComponent(consumerSecret))); var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) ); trace(signString); params.oauth_signature = encodeURIComponent(sha); thanks -- jp -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth not Working (Help)
By revealing your consumer secret in this forum, especially for a key that has access to xAuth, you've basically compromised your application and the potential security of many -- your consumer secret should be kept safe and outside of public visibility. It's still a necessary component for you to build your integration. Have you seen this AS3 library for OAuth? http://code.google.com/p/oauth-as3/ I can't really help too much with your actual code in AS3, but taking a look at (or utilizing) this library might aid your understanding in this area. I would also caution against trusting that the default character conversions that encodeURIComponent() performs will be valid in all cases. Taylor 2010/8/31 João Paulo Sabino de Moraes jona...@gmail.com Thanks for Replying Guys! Taylor, Why was it necessary to generate generate other keys ? And Tom (or Taylor) I'm using consumerSecret because at session : Example request for an xAuth request token, this key is listed in the request keys. So, is this example depracated ? Another doubt. After generating OAuth signature base string I didn't understand how to generate oauth_signature based on that string. I'm using some as3 crypto methods to do it , but I really don't know what keys combinations to use to generate the correct oauth_signature. I'm using the xAuth documentation example. var signString:String = POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw%26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D%2525%2526123%2521aZ%252B%2528%2529456242134%26x_auth_username%3DtpFriendlyGiant; var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerKey) + + encodeURIComponent(consumerSecret))); var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) ); trace(signString); params.oauth_signature = encodeURIComponent(sha); thanks -- jp -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth not Working (Help)
thanks taylor, I'm using a newer as3 api, and lookint at its sorces I saw how to get oauth_signature only for oauth authentication and I'm trying to adapt it to xAuth. I think my only problem is the way I'm calculating oauth_signature based on hmac as you can see at the 2 lines below var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerKey) + + encodeURIComponent(consumerSecret))); I'm making a hmac key based on consumerKey and consumerSecret and here: var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var oauth_signature:String = Base64.encodeByteArray( hmac.compute( key, data ) ); I'm encoding data (encoded base string) with consumerKey and secret hmac key and that would be my oauth_signature. So,I'm not sure if the way I'm calculating key var is correct Concat encoded consumer key and consumerSecret is the right thing ? thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth not Working (Help)
Hey João, The signing key is the concatenation of the consumer_secretuser_secret. If you don't have a user_secret the signing key will be consumer_secret. A couple of examples consumer_secret: 1234 user_secret: signing_key: 1234 consumer_secret: 1234 user_secret: 5678 signing_key: 12345678 Give that a try and see it helps. Matt 2010/8/31 João Paulo Sabino de Moraes jona...@gmail.com: thanks taylor, I'm using a newer as3 api, and lookint at its sorces I saw how to get oauth_signature only for oauth authentication and I'm trying to adapt it to xAuth. I think my only problem is the way I'm calculating oauth_signature based on hmac as you can see at the 2 lines below var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerKey) + + encodeURIComponent(consumerSecret))); I'm making a hmac key based on consumerKey and consumerSecret and here: var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var oauth_signature:String = Base64.encodeByteArray( hmac.compute( key, data ) ); I'm encoding data (encoded base string) with consumerKey and secret hmac key and that would be my oauth_signature. So,I'm not sure if the way I'm calculating key var is correct Concat encoded consumer key and consumerSecret is the right thing ? thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xAuth not Working (Help)
Hi Everyone, I´ve got an application account that has already an xAuth access. But I still got 401 Error saying : Failed to validate oauth signature and token; I thinks I´m not missing any parameter, the code is in as3 but you can see the parameteres and more below the encoded signstring . request = ACCESS; var vars:String = ; var urlRequest:URLRequest = new URLRequest( https://api.twitter.com/oauth/access_token;); var params : URLVariables = new URLVariables(); params.oauth_consumer_key = consumerKey; vars += oauth_consumer_key=+consumerKey; params.oauth_consumer_secret = consumerSecret; vars += oauth_consumer_secret=+consumerSecret; var temp = nonce; params.oauth_nonce = temp; vars += oauth_nonce=+temp; params.oauth_signature_method = HMAC-SHA1; vars += oauth_signature_method=HMAC-SHA1; var temp = time; params.oauth_timestamp = temp; vars += oauth_timestamp=+temp; params.oauth_version = 1.0; vars += oauth_version=1.0; params.x_auth_mode = client_auth; vars += x_auth_mode=client_auth; params.x_auth_password = password; vars += x_auth_password=+password; params.x_auth_username = user; vars += x_auth_username=+user; var signString:String = POST + encodeURIComponent( https://api.twitter.com/oauth/access_token;) + + encodeURIComponent(vars); var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerSecret) + + encodeURIComponent(oauthTokenSecret))); var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) ); trace(signString); params.oauth_signature = encodeURIComponent(sha); oauth_consumer_key=31NPH6FNUQi5HsWHzSbjQoauth_consumer_secret=jSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bIoauth_nonce=94252oauth_signature_method=HMAC-SHA1oauth_timestamp=1283202704oauth_version=1.0x_auth_mode=client_authx_auth_password=passWordTestx_auth_username=usernameTest Ecoded SignString: POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3D31NPH6FNUQi5HsWHzSbjQ%26oauth_consumer_secret%3DjSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI%26oauth_nonce%3D94252%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283202704%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DpassWordTest%26x_auth_username%3DusernameTest thanks -- João Paulo S. de Moraes +55 81 3432 3804 +55 81 9189 3814 (mobile) -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth not Working (Help)
Hi João, Can you share the code you use to actually execute the request? I'd like to make sure that all the OAuth-related parameters are being sent in the HTTP header, the x_auth_* parameters should be in the POST body. You shouldn't have any x_auth parameters in your authorization header, and you shouldn't have any oauth_* parameters in your POST body. On first glance, your signature base string appears correct. Have you also verified that the timestamp on the machine executing the requests is in sync with our clock? Thanks, Taylor 2010/8/30 João Paulo Sabino de Moraes jona...@gmail.com Hi Everyone, I´ve got an application account that has already an xAuth access. But I still got 401 Error saying : Failed to validate oauth signature and token; I thinks I´m not missing any parameter, the code is in as3 but you can see the parameteres and more below the encoded signstring . request = ACCESS; var vars:String = ; var urlRequest:URLRequest = new URLRequest( https://api.twitter.com/oauth/access_token;); var params : URLVariables = new URLVariables(); params.oauth_consumer_key = consumerKey; vars += oauth_consumer_key=+consumerKey; params.oauth_consumer_secret = consumerSecret; vars += oauth_consumer_secret=+consumerSecret; var temp = nonce; params.oauth_nonce = temp; vars += oauth_nonce=+temp; params.oauth_signature_method = HMAC-SHA1; vars += oauth_signature_method=HMAC-SHA1; var temp = time; params.oauth_timestamp = temp; vars += oauth_timestamp=+temp; params.oauth_version = 1.0; vars += oauth_version=1.0; params.x_auth_mode = client_auth; vars += x_auth_mode=client_auth; params.x_auth_password = password; vars += x_auth_password=+password; params.x_auth_username = user; vars += x_auth_username=+user; var signString:String = POST + encodeURIComponent( https://api.twitter.com/oauth/access_token;) + + encodeURIComponent(vars); var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerSecret) + + encodeURIComponent(oauthTokenSecret))); var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) ); trace(signString); params.oauth_signature = encodeURIComponent(sha); oauth_consumer_key=31NPH6FNUQi5HsWHzSbjQoauth_consumer_secret=jSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bIoauth_nonce=94252oauth_signature_method=HMAC-SHA1oauth_timestamp=1283202704oauth_version=1.0x_auth_mode=client_authx_auth_password=passWordTestx_auth_username=usernameTest Ecoded SignString: POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3D31NPH6FNUQi5HsWHzSbjQ%26oauth_consumer_secret%3DjSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI%26oauth_nonce%3D94252%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283202704%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DpassWordTest%26x_auth_username%3DusernameTest thanks -- João Paulo S. de Moraes +55 81 3432 3804 +55 81 9189 3814 (mobile) -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth not Working (Help)
Actually, it looks very much wrong. You are including your secret in the Base String and POST. Don't. Tom On 8/30/10 11:44 PM, Taylor Singletary wrote: Hi João, Can you share the code you use to actually execute the request? I'd like to make sure that all the OAuth-related parameters are being sent in the HTTP header, the x_auth_* parameters should be in the POST body. You shouldn't have any x_auth parameters in your authorization header, and you shouldn't have any oauth_* parameters in your POST body. On first glance, your signature base string appears correct. Have you also verified that the timestamp on the machine executing the requests is in sync with our clock? Thanks, Taylor 2010/8/30 João Paulo Sabino de Moraes jona...@gmail.com mailto:jona...@gmail.com Hi Everyone, I´ve got an application account that has already an xAuth access. But I still got 401 Error saying : Failed to validate oauth signature and token; I thinks I´m not missing any parameter, the code is in as3 but you can see the parameteres and more below the encoded signstring . request = ACCESS; var vars:String = ; var urlRequest:URLRequest = new URLRequest(https://api.twitter.com/oauth/access_token;); var params : URLVariables = new URLVariables(); params.oauth_consumer_key = consumerKey; vars += oauth_consumer_key=+consumerKey; params.oauth_consumer_secret = consumerSecret; vars += oauth_consumer_secret=+consumerSecret; var temp = nonce; params.oauth_nonce = temp; vars += oauth_nonce=+temp; params.oauth_signature_method = HMAC-SHA1; vars += oauth_signature_method=HMAC-SHA1; var temp = time; params.oauth_timestamp = temp; vars += oauth_timestamp=+temp; params.oauth_version = 1.0; vars += oauth_version=1.0; params.x_auth_mode = client_auth; vars += x_auth_mode=client_auth; params.x_auth_password = password; vars += x_auth_password=+password; params.x_auth_username = user; vars += x_auth_username=+user; var signString:String = POST + encodeURIComponent(https://api.twitter.com/oauth/access_token;) + + encodeURIComponent(vars); var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerSecret) + + encodeURIComponent(oauthTokenSecret))); var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) ); trace(signString); params.oauth_signature = encodeURIComponent(sha); oauth_consumer_key=31NPH6FNUQi5HsWHzSbjQoauth_consumer_secret=jSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bIoauth_nonce=94252oauth_signature_method=HMAC-SHA1oauth_timestamp=1283202704oauth_version=1.0x_auth_mode=client_authx_auth_password=passWordTestx_auth_username=usernameTest Ecoded SignString: POSThttps%3A%2F%2Fapi.twitter.com http://2Fapi.twitter.com%2Foauth%2Faccess_tokenoauth_consumer_key%3D31NPH6FNUQi5HsWHzSbjQ%26oauth_consumer_secret%3DjSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI%26oauth_nonce%3D94252%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283202704%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DpassWordTest%26x_auth_username%3DusernameTest thanks -- João Paulo S. de Moraes +55 81 3432 3804 +55 81 9189 3814 (mobile) -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] xAuth not Working (Help)
Good eye, Tom. Thanks -- missed that in my quick once-over. João -- I had to regenerate your consumer key and secret. You'll want to go to your application on dev.twitter.com to obtain your keys again. Thanks, Taylor On Mon, Aug 30, 2010 at 2:46 PM, Tom van der Woerdt i...@tvdw.eu wrote: Actually, it looks very much wrong. You are including your secret in the Base String and POST. Don't. Tom On 8/30/10 11:44 PM, Taylor Singletary wrote: Hi João, Can you share the code you use to actually execute the request? I'd like to make sure that all the OAuth-related parameters are being sent in the HTTP header, the x_auth_* parameters should be in the POST body. You shouldn't have any x_auth parameters in your authorization header, and you shouldn't have any oauth_* parameters in your POST body. On first glance, your signature base string appears correct. Have you also verified that the timestamp on the machine executing the requests is in sync with our clock? Thanks, Taylor 2010/8/30 João Paulo Sabino de Moraes jona...@gmail.com mailto:jona...@gmail.com Hi Everyone, I´ve got an application account that has already an xAuth access. But I still got 401 Error saying : Failed to validate oauth signature and token; I thinks I´m not missing any parameter, the code is in as3 but you can see the parameteres and more below the encoded signstring . request = ACCESS; var vars:String = ; var urlRequest:URLRequest = new URLRequest(https://api.twitter.com/oauth/access_token;); var params : URLVariables = new URLVariables(); params.oauth_consumer_key = consumerKey; vars += oauth_consumer_key=+consumerKey; params.oauth_consumer_secret = consumerSecret; vars += oauth_consumer_secret=+consumerSecret; var temp = nonce; params.oauth_nonce = temp; vars += oauth_nonce=+temp; params.oauth_signature_method = HMAC-SHA1; vars += oauth_signature_method=HMAC-SHA1; var temp = time; params.oauth_timestamp = temp; vars += oauth_timestamp=+temp; params.oauth_version = 1.0; vars += oauth_version=1.0; params.x_auth_mode = client_auth; vars += x_auth_mode=client_auth; params.x_auth_password = password; vars += x_auth_password=+password; params.x_auth_username = user; vars += x_auth_username=+user; var signString:String = POST + encodeURIComponent(https://api.twitter.com/oauth/access_token;) + + encodeURIComponent(vars); var hmac:HMAC = Crypto.getHMAC(sha1); var key:ByteArray = Hex.toArray( Hex.fromString(encodeURIComponent(consumerSecret) + + encodeURIComponent(oauthTokenSecret))); var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) ); trace(signString); params.oauth_signature = encodeURIComponent(sha); oauth_consumer_key=31NPH6FNUQi5HsWHzSbjQoauth_consumer_secret=jSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bIoauth_nonce=94252oauth_signature_method=HMAC-SHA1oauth_timestamp=1283202704oauth_version=1.0x_auth_mode=client_authx_auth_password=passWordTestx_auth_username=usernameTest Ecoded SignString: POSThttps%3A%2F%2Fapi.twitter.com http://2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3D31NPH6FNUQi5HsWHzSbjQ%26oauth_consumer_secret%3DjSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI%26oauth_nonce%3D94252%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283202704%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DpassWordTest%26x_auth_username%3DusernameTest thanks -- João Paulo S. de Moraes +55 81 3432 3804 +55 81 9189 3814 (mobile) -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:
[twitter-dev] xAuth — how long wait for accept?
I would like to use xAuth and I send a request to a...@twitter.com one week ago. There is still no any answer so I would like to know, how long I must wait for accepting my request? Please, share your experience. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] xauth nonce and token secret
I'm trying to implement Twitter XAuth for my application. My application has already been registered and approved for XAuth privileges. However, the documentation mentions that I need to include a nonce or token secret when authenticating. What is this? I have no idea what the nonce or token secret is and how to generate/get one. Also, if anyone else can verify how if the code I'm writing to generate the signing secret is correct. $signature = base64_encode(hash_hmac('sha1', $baseString, $oauth_consumer_secret.''.$token_secret, true)); where $baseString is the signature base, $oauth_consumer_secret is self-explanatory and $token_secret is the token secret(whatever that is). I'm actually able to send a request to twitter but I always get the same response Failed to validate oauth signature and token. My php code is below. It'll be helpful if someone can help me out with this as I've been trying to get this to work for a while now. Thanks! ? $oauth_consumer_key = XXX; $oauth_consumer_secret = YYY; $oauth_nonce = ???; $oauth_signature_method = HMAC-SHA1; $oauth_timestamp = time(); $oauth_version = 1.0; $x_auth_mode = client_auth; $x_auth_password = ; $x_auth_username = ; $token_secret = ; $baseString = https://api.twitter.com/oauth/access_token; . oauth_consumer_key= .urlencode($oauth_consumer_key) . oauth_nonce= . urlencode($oauth_nonce) . oauth_signature_method= . urlencode($oauth_signature_method) . oauth_timestamp= . urlencode($oauth_timestamp) . oauth_version= . urlencode($oauth_version) . x_auth_mode= . urlencode($x_auth_mode) . x_auth_password= . urlencode($x_auth_password) . x_auth_username= . urlencode($x_auth_username); $baseString = POST . urlencode($a); $post = x_auth_mode=client_authx_auth_password= . urlencode($x_auth_password) . x_auth_username= . urlencode(x_auth_username); $signature = base64_encode(hash_hmac('sha1', $baseString, $oauth_consumer_secret.''.$token_secret, true)); $auth = OAuth oauth_nonce=\ . $oauth_nonce . \, oauth_signature_method=\ . $oauth_signature_method . \, oauth_timestamp=\ . $oauth_timestamp . \, oauth_consumer_key=\ . $oauth_consumer_key . \, oauth_signature=\ . urlencode($signature) .\, oauth_version=\ . $oauth_version . \; $ch = curl_init(https://api.twitter.com/oauth/access_token;); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_HTTPHEADER, array(Expect: , Authorization: $auth)); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); $b = curl_exec($ch); var_dump($b); curl_close($ch); ?
Re: [twitter-dev] xauth nonce and token secret
On 8/18/10 12:11 AM, Olu wrote: I'm trying to implement Twitter XAuth for my application. My application has already been registered and approved for XAuth privileges. However, the documentation mentions that I need to include a nonce or token secret when authenticating. What is this? I have no idea what the nonce or token secret is and how to generate/get one. Also, if anyone else can verify how if the code I'm writing to generate the signing secret is correct. $signature = base64_encode(hash_hmac('sha1', $baseString, $oauth_consumer_secret.''.$token_secret, true)); where $baseString is the signature base, $oauth_consumer_secret is self-explanatory and $token_secret is the token secret(whatever that is). I'm actually able to send a request to twitter but I always get the same response Failed to validate oauth signature and token. My php code is below. It'll be helpful if someone can help me out with this as I've been trying to get this to work for a while now. Thanks! ? $oauth_consumer_key = XXX; $oauth_consumer_secret = YYY; $oauth_nonce = ???; $oauth_signature_method = HMAC-SHA1; $oauth_timestamp = time(); $oauth_version = 1.0; $x_auth_mode = client_auth; $x_auth_password = ; $x_auth_username = ; $token_secret = ; $baseString = https://api.twitter.com/oauth/access_token; . oauth_consumer_key= .urlencode($oauth_consumer_key) . oauth_nonce= . urlencode($oauth_nonce) . oauth_signature_method= . urlencode($oauth_signature_method) . oauth_timestamp= . urlencode($oauth_timestamp) . oauth_version= . urlencode($oauth_version) . x_auth_mode= . urlencode($x_auth_mode) . x_auth_password= . urlencode($x_auth_password) . x_auth_username= . urlencode($x_auth_username); $baseString = POST . urlencode($a); $post = x_auth_mode=client_authx_auth_password= . urlencode($x_auth_password) . x_auth_username= . urlencode(x_auth_username); $signature = base64_encode(hash_hmac('sha1', $baseString, $oauth_consumer_secret.''.$token_secret, true)); $auth = OAuth oauth_nonce=\ . $oauth_nonce . \, oauth_signature_method=\ . $oauth_signature_method . \, oauth_timestamp=\ . $oauth_timestamp . \, oauth_consumer_key=\ . $oauth_consumer_key . \, oauth_signature=\ . urlencode($signature) .\, oauth_version=\ . $oauth_version . \; $ch = curl_init(https://api.twitter.com/oauth/access_token;); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_HTTPHEADER, array(Expect: , Authorization: $auth)); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); $b = curl_exec($ch); var_dump($b); curl_close($ch); ? Hi, I love quoting the OAuth RFC, so here I go : A nonce is a random string, uniquely generated by the client to allow the server to verify that a request has never been made before and helps prevent replay attacks when requests are made over a non-secure channel. The nonce value MUST be unique across all requests with the same timestamp, client credentials, and token combinations. Your code to generate the signature is fine. As far as I know, the PHP urlencode() is not sufficient. You should use rawurlencode() and then decode the ~ (and some other character, but to be honest, I forgot). The URL in your base string must not include query parameters. The query parameters go in the third part of the Base String, together with the post body. The token/secret are not needed for xAuth. Simply leave them blank. Tom
[twitter-dev] xAuth
I'm getting a 401 when I try to use xAuth in my iPhone app. Is this occurring for others?
[twitter-dev] xauth token exchange failing
Hi, I'm seeing across the board failure of xAuth token exchange for my app, Kiwi. The app has not changed for months and is in use by thousands of users. So I don't think it's something I've done recently. Is it related to what I'm seeing on status.twitter.com? Is there a way to tell whether the problem is: twitter, my IP, my app, or my accounts? Is there something in the HTTP response tea leaves that can tell me more info? Currently I'm getting: Status = 500 Internal Server Error; isaiah http://twitter.com/isaiah
Re: [twitter-dev] xauth token exchange failing
Hi Isaiah, This is related to the same issue you see on status.twitter.com -- it's effecting many user-related write operations (including, for instance, instantiating an access token on behalf of a user). We are working to resolve the issue. Taylor On Mon, Jul 19, 2010 at 12:10 PM, Isaiah Carew isa...@me.com wrote: Hi, I'm seeing across the board failure of xAuth token exchange for my app, Kiwi. The app has not changed for months and is in use by thousands of users. So I don't think it's something I've done recently. Is it related to what I'm seeing on status.twitter.com? Is there a way to tell whether the problem is: twitter, my IP, my app, or my accounts? Is there something in the HTTP response tea leaves that can tell me more info? Currently I'm getting: Status = 500 Internal Server Error; isaiah http://twitter.com/isaiah
Re: [twitter-dev] xauth token exchange failing
The status page at: dev.twitter.com/status says things are all go -- but I'm still getting 500s during token exchange. Any updates? isaiah http://twitter.com/isaiah On Jul 19, 2010, at 12:55 PM, Taylor Singletary wrote: Hi Isaiah, This is related to the same issue you see on status.twitter.com -- it's effecting many user-related write operations (including, for instance, instantiating an access token on behalf of a user). We are working to resolve the issue. Taylor On Mon, Jul 19, 2010 at 12:10 PM, Isaiah Carew isa...@me.com wrote: Hi, I'm seeing across the board failure of xAuth token exchange for my app, Kiwi. The app has not changed for months and is in use by thousands of users. So I don't think it's something I've done recently. Is it related to what I'm seeing on status.twitter.com? Is there a way to tell whether the problem is: twitter, my IP, my app, or my accounts? Is there something in the HTTP response tea leaves that can tell me more info? Currently I'm getting: Status = 500 Internal Server Error; isaiah http://twitter.com/isaiah
[twitter-dev] xAuth: Fetching Acess_Token.. 401 Error
Hi All, Im Tired!!! Was working on this right from mrning to get the authentication working using xAuth. I always get *401 error*. Here is what im doing. Request URL: https://api.twitter.com/oauth/access_token Signature Base String: POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3DD31A2bkKGtA8jAvuc15g %26oauth_nonce%3DMToxOj555%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276894058513750%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DPASSWORD %26x_auth_username%3DUSERNAME HTTP POST Body: x_auth_mode%3Dclient_auth%26x_auth_password%3DPASSWORD %26x_auth_username%3DUSERNAME HEADER: OAuth oauth_nonce=MToxOj555, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276894058513750, oauth_consumer_key=D31A2bkKGtA8jAvuc15g, oauth_signature=1WKKwjlPzcaw7n9m+B4Gwtja5IE%3D, oauth_version=1.0 ContentType: application/x-www-form-urlencoded Host: api.twitter.com Accept:application/json Really not sure whats going wrong. Im trying from my Symbian emulator. Could you please help me out. Let me know if you are looking for more informations. Cheers, Priju
Re: [twitter-dev] xAuth: Fetching Acess_Token.. 401 Error
Hi Priju, Assuming that you also have xAuth access enabled in your application, I think the issue might be around your timestamp -- it appears to be in milliseconds and not seconds -- the oauth_timestamp field should be in seconds. Hope that solves your problem! Thanks, Taylor On Fri, Jun 18, 2010 at 11:00 AM, priju paul prijujacobp...@gmail.comwrote: Hi All, Im Tired!!! Was working on this right from mrning to get the authentication working using xAuth. I always get *401 error*. Here is what im doing. Request URL: https://api.twitter.com/oauth/access_token Signature Base String: POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_tokenoauth_consumer_key%3DD31A2bkKGtA8jAvuc15g %26oauth_nonce%3DMToxOj555%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276894058513750%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DPASSWORD %26x_auth_username%3DUSERNAME HTTP POST Body: x_auth_mode%3Dclient_auth%26x_auth_password%3DPASSWORD %26x_auth_username%3DUSERNAME HEADER: OAuth oauth_nonce=MToxOj555, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276894058513750, oauth_consumer_key=D31A2bkKGtA8jAvuc15g, oauth_signature=1WKKwjlPzcaw7n9m+B4Gwtja5IE%3D, oauth_version=1.0 ContentType: application/x-www-form-urlencoded Host: api.twitter.com Accept:application/json Really not sure whats going wrong. Im trying from my Symbian emulator. Could you please help me out. Let me know if you are looking for more informations. Cheers, Priju
[twitter-dev] xAuth 401 error Invalid / used nonce
When trying to authorise the user I get given a 401 error with the error message:{request:/oauth/access_token,error:Invalid / used nonce} Looking at the debug output taken from libcurl and looking at values it looks like it should be working to me, I've tested the signature generation with the test values on the documentation and get back the correct values so I'm confident the signature generated is valid. The debug output from libcurl is as follows (secure data changed obviously) POST /oauth/access_token HTTP/1.1 Host: api.twitter.com Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=iqlxlrA3pTVVVpwMKazlYUqrYPMiXCihUexbGvh2AO, ouath_timestamp=1276784317, oauth_signature_method=HMAC-SHA1, oauth_consumer_key=x, oauth_version=1.0, oauth_signature=oM%2FecGU%2F%2BybuA6fggUWuZ620nmA%3D Accept: application/json Content-Length: 82 I'm then trying to post the following data: x_auth_Mode=client_authx_auth_password=passwordx_auth_username=username I'm encoding values before adding to the header as can be seen with signature, the password and username are encoded as needed (although currently testing with values with only valid characters so that shouldn't be an issue) looking at advice tips given on this board already I think I meet all of them: - I'm using HTTP headers adding the content type, authorization and accept strings to the header using curl_slist_append and then use curl_easy_setopt(curlhandle, CURLOPT_HTTPHEADER, headers) to set the headers to those that I have created (as can be seen in debug dump) - I'm using the libcurl POST functions to post the actual information: curl_easy_setopt(curlhandle, CURLOPT_POST, 1); curl_easy_setopt(curlhandle, CURLOPT_POSTFIELDS, data_char); curl_easy_setopt(curlhandle, CURLOPT_POSTFIELDSIZE, data_length) - I use the curl_easy_setopt(curlhandle, CURLOPT_SSL_VERIFYPEER, FALSE) for SSL, without this the communication to API fails so assume SSL is fine - Post bosy is xAuth params in format required as can be seen in my post string, will take the application/x-www-form-urlencoded property from the header set in request - paramaters in POST are url encoed but as stated this test example isn't using unsafe characters From the error message I'd assume there is something about my nonce it doesn't like but it is randomly generated each request and isn't the same as past nonce ? I'm not sure about the timestamp, the post was made at 15:18 (GMT +1, UK) used in debug dump so gave me a timestamp of 1276784317 Any feedback as to why I'm getting the error would be great, been looking at it for some time trying a fair few different ideas and not able to get it working
[twitter-dev] xAuth - favorites/create - bug - 401 error
The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
[twitter-dev] xAuth Unsupported URL Error
Hello, I recently received authorization from Twitter to use xAuth for authentication on an iphone application. I am using the POST method as described in the docs for xAuth, however, everytime I make my NSMutableURLRequest I get an 'unsupported url' error. The url I'm using the post to looks like this: https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token I am using the following authorization header: OAuth oauth_nonce=EBE7DF5A-0B88-4455-92F3-FCD6AEA3B297, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1275580859, oauth_consumer_key=myconsumerkey, oauth_signature=mysignature%3D, oauth_version=1.0 The post body looks like this: x_auth_mode=client_authx_auth_password=passwordx_auth_username=username Are there any ideas as to what could be going wrong? It seems no matter what I do, the NSURLConnection fails immediately with this unsupported url error: NSErrorFailingURLKey = https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token; NSErrorFailingURLStringKey = https%3A%2F%2Fapi.twitter.com %2Foauth%2Faccess_token; NSLocalizedDescription = unsupported URL; NSUnderlyingError = Error Domain=kCFErrorDomainCFNetwork Code=-1002 UserInfo=0x3f5d230 unsupported URL; Thanks! Craig
[twitter-dev] xAuth Permissions
How long does it typically take Twitter to respond to a request for xAuth permissions? I sent an email to a...@twitter.com with the necessary information. The auto-response I received from them included a link to my ticket that didn't work. Actually, the link worked but the page it arrives at reports that the ticket does not exist. The URL says: http://twitter.com/?kind=errormessage=Failed+to+update+user+with+new+properties:+Email+has+already+been+taken Is there a way to verify whether or not my request has been registered with their system? Thanks for you help, Jeff
Re: [twitter-dev] xAuth Permissions
EXACTLY my problem... My original ticket: 1008949 gave the same problem last week--closed or deleted. I ended up logging in using my MouseAddict account and creating a new support ticket (1009858) ...unfortunately it was around 900 tickets AFTER this first one...which makes me think my request will be acted upon MUCH later than I had hoped. My hope is that since I emailed the first request, like they asked, their support system did not correctly hook the resulting ticket into the login for my Twitter account -- thus causing the ticket system's inability to find that ticket. Here's hoping. Jann On Jun 1, 2010, at 6:41 AM, jsleuth wrote: How long does it typically take Twitter to respond to a request for xAuth permissions? I sent an email to a...@twitter.com with the necessary information. The auto-response I received from them included a link to my ticket that didn't work. Actually, the link worked but the page it arrives at reports that the ticket does not exist. The URL says: http://twitter.com/?kind=errormessage=Failed+to+update+user+with+new+properties:+Email+has+already+been+taken Is there a way to verify whether or not my request has been registered with their system? Thanks for you help, Jeff
Re: [twitter-dev] xAuth Permissions
Processing for XAuth is usually within a couple of days. Might be few days more since it is a long weekend in the states. The ticketing count is for all support request to Twitter not just XAuth tickets and if you sent the request to a...@twitter.com it is looked at by the @twitterapi and skips the regular @support queue. Make sure you email a...@twitter.com from the email address associated with your twitter account. Abraham On Tue, Jun 1, 2010 at 08:04, Jann Gobble janngob...@gmail.com wrote: EXACTLY my problem... My original ticket: 1008949 gave the same problem last week--closed or deleted. I ended up logging in using my MouseAddict account and creating a new support ticket (1009858) ...unfortunately it was around 900 tickets AFTER this first one...which makes me think my request will be acted upon MUCH later than I had hoped. My hope is that since I emailed the first request, like they asked, their support system did not correctly hook the resulting ticket into the login for my Twitter account -- thus causing the ticket system's inability to find that ticket. Here's hoping. Jann On Jun 1, 2010, at 6:41 AM, jsleuth wrote: How long does it typically take Twitter to respond to a request for xAuth permissions? I sent an email to a...@twitter.com with the necessary information. The auto-response I received from them included a link to my ticket that didn't work. Actually, the link worked but the page it arrives at reports that the ticket does not exist. The URL says: http://twitter.com/?kind=errormessage=Failed+to+update+user+with+new+properties:+Email+has+already+been+taken Is there a way to verify whether or not my request has been registered with their system? Thanks for you help, Jeff -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] xAuth between client and server.
I'm currently developing an iPhone app that interfaces with Twitter. On initial purchase and setup, the application would function completely independent of our service, interacting directly with Twitter, and can continue to be used without our service. This is the typical use case of xAuth, so no problems here. However, if the user chooses, our server will monitor Twitter on behalf of the user for the purpose of sending push notifications. This choice would be opt-in, obvious in function and be described clearly. For the best user experience, I'd like to be able to just pass the OAuth tokens to the server for its use, rather than requiring the user to go through an additional round of authentication. Is this acceptable, or would I need to force the user to go through a round of OAuth authentication? I tried to research this a bit, but didn't see anything that directly addresses this issue. Thanks for any advice! Rufo
Re: [twitter-dev] xAuth between client and server.
Hi Rufo, The best way to approach this scenario is that you would: A) Collect access tokens through xAuth on your iPhone application. B) Using some secure means, you would transmit the access token to your server-side application, associating them with the user C) For new users to your site who aren't already associated through xAuth on your iphone application, you would use the standard OAuth flow to obtain an access token The key takeaway is not to surprise your users. If it isn't clear that by signing in on the iPhone it will also create a server-side integration on your website, it should be. Take care in making sure that access tokens don't bleed in that it's not possible for a user to use an access token belonging to another user. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Mon, May 24, 2010 at 8:45 AM, Rufo Sanchez r...@rufosanchez.com wrote: I'm currently developing an iPhone app that interfaces with Twitter. On initial purchase and setup, the application would function completely independent of our service, interacting directly with Twitter, and can continue to be used without our service. This is the typical use case of xAuth, so no problems here. However, if the user chooses, our server will monitor Twitter on behalf of the user for the purpose of sending push notifications. This choice would be opt-in, obvious in function and be described clearly. For the best user experience, I'd like to be able to just pass the OAuth tokens to the server for its use, rather than requiring the user to go through an additional round of authentication. Is this acceptable, or would I need to force the user to go through a round of OAuth authentication? I tried to research this a bit, but didn't see anything that directly addresses this issue. Thanks for any advice! Rufo
Re: [twitter-dev] xAuth between client and server.
Taylor, We're definitely going to make it very clear when you opt-in that you're linking your account to an outside service. Glad to hear the exchange of xAuth tokens from our app to the server won't be a problem. Thanks for the clarification! Rufo On Mon, May 24, 2010 at 12:30 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rufo, The best way to approach this scenario is that you would: A) Collect access tokens through xAuth on your iPhone application. B) Using some secure means, you would transmit the access token to your server-side application, associating them with the user C) For new users to your site who aren't already associated through xAuth on your iphone application, you would use the standard OAuth flow to obtain an access token The key takeaway is not to surprise your users. If it isn't clear that by signing in on the iPhone it will also create a server-side integration on your website, it should be. Take care in making sure that access tokens don't bleed in that it's not possible for a user to use an access token belonging to another user. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Mon, May 24, 2010 at 8:45 AM, Rufo Sanchez r...@rufosanchez.com wrote: I'm currently developing an iPhone app that interfaces with Twitter. On initial purchase and setup, the application would function completely independent of our service, interacting directly with Twitter, and can continue to be used without our service. This is the typical use case of xAuth, so no problems here. However, if the user chooses, our server will monitor Twitter on behalf of the user for the purpose of sending push notifications. This choice would be opt-in, obvious in function and be described clearly. For the best user experience, I'd like to be able to just pass the OAuth tokens to the server for its use, rather than requiring the user to go through an additional round of authentication. Is this acceptable, or would I need to force the user to go through a round of OAuth authentication? I tried to research this a bit, but didn't see anything that directly addresses this issue. Thanks for any advice! Rufo
[twitter-dev] xAuth and Appcelerator Titanium
I'm currently developing an iPhone App with Titanium. I got the xauth set up from Twitter but I'm unable to get it work. 1 How do I retrieve more information after my request than 401 Authentication needed in order to debug my app? 2 is there a HMAC_SHA1 library in javascript that I can trust? 3 How can I check that my HMAC_SHA1 works for Twitter? I pretty much double checked everything, but there's no way I can have it work. Thanks
[twitter-dev] XAuth Issues with MGTwitterEngine
Hello, I am having some issues implementing XAuth support into an iPhone application using MGTwitterEngine and OAuthConsumer libraries. I know that XAuth support has been rolled in to MGTwitterEngine fairly recently, but I need to get this app working as soon as possible, so I would appreciate any insights you might have regarding the issue. I assume the problem is within one of the libraries. Every authentication request I make gets a 401 response with the error message: Failed to validate oauth signature and token Here is the OAuth header I am using as a reference: OAuth oauth_consumer_key=, oauth_signature_method=HMAC- SHA1, oauth_signature=fn0Jacb0S82Nq73humvpO9p%2FfD4%3D, oauth_timestamp=1274478827, oauth_nonce=45EA837E- CD9A-4C53-8925-3036196E8F2F, oauth_version=1.0 I tried changing the nonce to a simpler string, and playing with the timestamp, but it didn't seem to make a difference. I also added application/x-www-form-urlencoded as the Content-Type header. Twitter support just confirmed that XAuth is enabled for our app, but I am at a loss as to what's going wrong here. I'll appreciate some help, thank you.
[twitter-dev] xAuth gives 401 error code
Hi, I tried to use xAuth. and facing the below exception. Can u please help finding the issue. Thanks Ashok 05-20 01:36:48.582: INFO/AccessToken(530): x_auth_username=sahuashokx_auth_mode=client_authoauth_version=1.0oauth_nonce=516625b7- d264-434f-856f-a2bf3a1bb7b6oauth_signature_method=HMAC- SHA1oauth_consumer_key=4nh2gyegnLIao9MqXZB9Ngx_auth_password=ashoksahuoauth_timestamp=1274299608 05-20 01:36:48.582: INFO/AccessToken(530): https://api.twitter.com/oauth/access_token?x_auth_username=sahuashokx_auth_mode=client_authoauth_version=1.0oauth_nonce=516625b7-d264-434f-856f-a2bf3a1bb7b6oauth_signature_method=HMAC-SHA1oauth_consumer_key=4nh2gyegnLIao9MqXZB9Ngx_auth_password=ashoksahuoauth_timestamp=1274299608 05-20 01:36:48.602: INFO/AccessToken(530): POST 05-20 01:36:48.652: INFO/AccessToken(530): OAuth oauth_consumer_key=4nh2gyegnLIao9MqXZB9Ng,oauth_nonce=255f2c88-1125-401c- a86e-ec3e3f50b039,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1274299608,oauth_version=1.0,oauth_signature=%5BB %4043d04910 05-20 01:36:52.551: INFO/Errorcode=(530): 401 05-20 01:36:52.561: INFO/Errorcode=(530): [Ljava.lang.String;@43d442c0 05-20 01:36:52.561: WARN/System.err(530): java.io.IOException: Received authentication challenge is null 05-20 01:36:52.588: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnection.doRequestInternal(HttpURLConnection.java: 1596) 05-20 01:36:52.591: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnection.doRequest(HttpURLConnection.java: 1551) 05-20 01:36:52.617: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnection.getResponseCode(HttpURLConnection.java: 1273) 05-20 01:36:52.621: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnection.getResponseCode(HttpsURLConnection.java: 116) 05-20 01:36:52.621: WARN/System.err(530): at com.sahu.TestxAuth.AccessToken.request(AccessToken.java:100) 05-20 01:36:52.632: WARN/System.err(530): at com.sahu.TestxAuth.AccessToken.mainEntry(AccessToken.java:75) 05-20 01:36:52.632: WARN/System.err(530): at com.sahu.TestxAuth.TestxAuth.onCreate(TestxAuth.java:13) 05-20 01:36:52.632: WARN/System.err(530): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java: 1047) 05-20 01:36:52.632: WARN/System.err(530): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java: 2431) 05-20 01:36:52.632: WARN/System.err(530): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java: 2484) 05-20 01:36:52.632: WARN/System.err(530): at android.app.ActivityThread.access$2200(ActivityThread.java:119) 05-20 01:36:52.641: WARN/System.err(530): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1835) 05-20 01:36:52.641: WARN/System.err(530): at android.os.Handler.dispatchMessage(Handler.java:99) 05-20 01:36:52.641: WARN/System.err(530): at android.os.Looper.loop(Looper.java:123) 05-20 01:36:52.641: WARN/System.err(530): at android.app.ActivityThread.main(ActivityThread.java:4325) 05-20 01:36:52.666: WARN/System.err(530): at java.lang.reflect.Method.invokeNative(Native Method) 05-20 01:36:52.671: WARN/System.err(530): at java.lang.reflect.Method.invoke(Method.java:521) 05-20 01:36:52.691: WARN/System.err(530): at com.android.internal.os.ZygoteInit $MethodAndArgsCaller.run(ZygoteInit.java:860) 05-20 01:36:52.691: WARN/System.err(530): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:618) 05-20 01:36:52.691: WARN/System.err(530): at dalvik.system.NativeStart.main(Native Method) 05-20 01:36:53.011: INFO/ActivityManager(52): Displayed activity com.sahu.TestxAuth/.TestxAuth: 5371 ms (total 5371 ms)
Re: [twitter-dev] xAuth gives 401 error code
Hi Ashok, When using xAuth, it's required that you use HTTP-header based OAuth rather than query parameter based OAuth. It appears that you are mixing both together in these requests -- using both query-string based OAuth and header based OAuth. Your request URI should only include: https://api.twitter.com/oauth/access_token and nothing else. Here's a handy checklist of things to remember with xAuth: - You must be using HTTP headers for the OAuth Authorization - You must be using POST as your method - You must be using SSL - Your POST body must contain the x_auth_* parameters as standard application/x-www-form-urlencoded parameters - Your Content-Type should be set to application/x-www-form-urlencoded - If the logins or passwords you are sending have non-url-safe characters, they should be URL encoded in your POST body and encoded again in your signature base string (just like any OAuth request) Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, May 19, 2010 at 1:11 PM, asho...@huawei.com ashok.c...@gmail.comwrote: Hi, I tried to use xAuth. and facing the below exception. Can u please help finding the issue. Thanks Ashok 05-20 01:36:48.582: INFO/AccessToken(530): x_auth_username=sahuashokx_auth_mode=client_authoauth_version=1.0oauth_nonce=516625b7- d264-434f-856f-a2bf3a1bb7b6oauth_signature_method=HMAC- SHA1oauth_consumer_key=4nh2gyegnLIao9MqXZB9Ngx_auth_password=ashoksahuoauth_timestamp=1274299608 05-20 01:36:48.582: INFO/AccessToken(530): https://api.twitter.com/oauth/access_token?x_auth_username=sahuashokx_auth_mode=client_authoauth_version=1.0oauth_nonce=516625b7-d264-434f-856f-a2bf3a1bb7b6oauth_signature_method=HMAC-SHA1oauth_consumer_key=4nh2gyegnLIao9MqXZB9Ngx_auth_password=ashoksahuoauth_timestamp=1274299608 05-20https://api.twitter.com/oauth/access_token?x_auth_username=sahuashokx_auth_mode=client_authoauth_version=1.0oauth_nonce=516625b7-d264-434f-856f-a2bf3a1bb7b6oauth_signature_method=HMAC-SHA1oauth_consumer_key=4nh2gyegnLIao9MqXZB9Ngx_auth_password=ashoksahuoauth_timestamp=1274299608 05-20 01:36:48.602: INFO/AccessToken(530): POST 05-20 01:36:48.652: INFO/AccessToken(530): OAuth oauth_consumer_key=4nh2gyegnLIao9MqXZB9Ng,oauth_nonce=255f2c88-1125-401c- a86e-ec3e3f50b039,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1274299608,oauth_version=1.0,oauth_signature=%5BB %4043d04910 05-20 01:36:52.551: INFO/Errorcode=(530): 401 05-20 01:36:52.561: INFO/Errorcode=(530): [Ljava.lang.String;@43d442c0 05-20 01:36:52.561: WARN/System.err(530): java.io.IOException: Received authentication challenge is null 05-20 01:36:52.588: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnection.doRequestInternal(HttpURLConnection.java: 1596) 05-20 01:36:52.591: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnection.doRequest(HttpURLConnection.java: 1551) 05-20 01:36:52.617: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnection.getResponseCode(HttpURLConnection.java: 1273) 05-20 01:36:52.621: WARN/System.err(530): at org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnection.getResponseCode(HttpsURLConnection.java: 116) 05-20 01:36:52.621: WARN/System.err(530): at com.sahu.TestxAuth.AccessToken.request(AccessToken.java:100) 05-20 01:36:52.632: WARN/System.err(530): at com.sahu.TestxAuth.AccessToken.mainEntry(AccessToken.java:75) 05-20 01:36:52.632: WARN/System.err(530): at com.sahu.TestxAuth.TestxAuth.onCreate(TestxAuth.java:13) 05-20 01:36:52.632: WARN/System.err(530): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java: 1047) 05-20 01:36:52.632: WARN/System.err(530): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java: 2431) 05-20 01:36:52.632: WARN/System.err(530): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java: 2484) 05-20 01:36:52.632: WARN/System.err(530): at android.app.ActivityThread.access$2200(ActivityThread.java:119) 05-20 01:36:52.641: WARN/System.err(530): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1835) 05-20 01:36:52.641: WARN/System.err(530): at android.os.Handler.dispatchMessage(Handler.java:99) 05-20 01:36:52.641: WARN/System.err(530): at android.os.Looper.loop(Looper.java:123) 05-20 01:36:52.641: WARN/System.err(530): at android.app.ActivityThread.main(ActivityThread.java:4325) 05-20 01:36:52.666: WARN/System.err(530): at java.lang.reflect.Method.invokeNative(Native Method) 05-20 01:36:52.671: WARN/System.err(530): at java.lang.reflect.Method.invoke(Method.java:521) 05-20 01:36:52.691: WARN/System.err(530): at com.android.internal.os.ZygoteInit $MethodAndArgsCaller.run(ZygoteInit.java:860) 05-20 01:36:52.691: WARN/System.err(530): at
[twitter-dev] xAuth now returns a 403 when posting a tweet
I have been using the xAuth code by Aral Balkan for my iPhone apps: http://aralbalkan.com/3133/ The code had been working fine for a couple of months both getting token and posting tweets. I rerun the code today, and all of a sudden while getting the token still work, posting a tweet always returns a 403: Twitter request failed: 18C9AA7E-05BF-408D-A8CE-7480A2FAD4CB with error:Error Domain=HTTP Code=403 “Operation could not be completed. (HTTP error 403.)” Has something changed on Twitter's end regarding the xAuth protocol since March 11, which is when Aral Balkan's code was last modified? Any ideas? Thanks. -- neptune2000
[twitter-dev] xAuth Access
Hello, I have aked for having access to the xAuth API and I have received an e-mail with the message above: Thanks for your interest in XAuth. Your application now has the ability to use XAuth, and you can read the documentation here: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token-for-xAuth ... The problem is that I am still getting HTTP 401 when I try to use xAuth. Is there another way to check if my application really has the ability to use xAuth? Regards, Hugo
Re: [twitter-dev] xAuth Access
You can check if xauth access is enabled on http://dev.twitter.com -- Little androids dreaming of Nexus Ones compiled this text. On Apr 30, 2010 5:59 PM, Hugo Nunes hgnu...@gmail.com wrote: Hello, I have aked for having access to the xAuth API and I have received an e-mail with the message above: Thanks for your interest in XAuth. Your application now has the ability to use XAuth, and you can read the documentation here: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token-for-xAuth ... The problem is that I am still getting HTTP 401 when I try to use xAuth. Is there another way to check if my application really has the ability to use xAuth? Regards, Hugo
[twitter-dev] xAuth problems
Hello everyone, I'm having constant 401 errors when trying xAuth. My application has already been accepted and its permissions granted and refreshed. Any ideas what the problem is?
Re: [twitter-dev] xAuth problems
I'm having constant 401 errors when trying xAuth. My application has already been accepted and its permissions granted and refreshed. Any ideas what the problem is? Post your sig base, if you have it. xAuth is working fine over here. What are you using to do your oAuth signatures? -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If you have integrity, nothing else matters. -- Alan Simpson ---
Re: [twitter-dev] xAuth problems
Hi Fernando, Happy to help you out. Common issues when trying to get xAuth to work: - You must be using HTTP headers for the OAuth Authorization - You must be using POST as your method - You must be using SSL - Your POST body must contain the x_auth_* parameters as standard application/x-www-form-urlencoded parameters - Your Content-Type should be set to application/x-www-form-urlencoded - If the logins or passwords you are sending have non-url-safe characters, they should be URL encoded in your POST body and encoded again in your signature base string (just like any OAuth request) If you post an example signature base string with your username and passwords redacted, along with a redacted POST body, and the exact URL you are hitting we can help you further. Thanks! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 2:51 PM, Fernando Olivares aeris@gmail.comwrote: Hello everyone, I'm having constant 401 errors when trying xAuth. My application has already been accepted and its permissions granted and refreshed. Any ideas what the problem is?
Re: [twitter-dev] xAuth Approval?
On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote: On 04/26/2010 05:16 PM, Cameron Kaiser wrote: xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. Yeah ... but I *like* having the browser involved. Which is fine. However, there are other people who don't like getting the browser involved (people making command line Linux programs, for instance, or people exposing their own APIs that interact with Twitter). -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 04/27/2010 04:53 AM, John Meyer wrote: On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote: Yeah ... but I *like* having the browser involved. Which is fine. However, there are other people who don't like getting the browser involved (people making command line Linux programs, for instance, or people exposing their own APIs that interact with Twitter). Well ... there's Lynx. ;-) But seriously, I make command-line Linux Twitter programs for my own use all the time, and I released four of them as open source projects. *But*: 1. Those only use API calls that don't require authentication. 2. They are free as in beer as well as in freedom. There are exactly *zero* potential *paying* customers for a command-line Linux program. Let me quote two paragraphs from the Twitter Security Best Practices web page: Be sure that you're not exposing sensitive information through debugging screens/logs. Some web frameworks make it easy to access debugging information if your application is not properly configured. For desktop and mobile developers, it's easy to accidentally ship a build with debugging flags or symbols enabled. Build checks for these configurations into your deployment/build process. As aforementioned, for optimal security you should be using OAuth. But once you have a token with which to make requests on behalf of a user, where do you put it? Ideally, in an encrypted store managed by your operating system. On Mac OS X, this would be the Keychain. In the GNOME desktop environment, there's the Keyring. In the KDE desktop environment, there's KWallet. If you're building desktop applications that you are going to ask people to pay for, you 1. *Must* have a better user interface than a command line, 2. *Must* adhere to the Twitter security best practices, including the two I've highlighted, and 3. In all probability *shouldn't* waste your time building a Linux version. Windows is 89-90 percent of the desktop market, Macintosh is 9 - 10 percent, and Linux is 1 percent. -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en