Re: [twitter-dev] Re: Oauth Echo and Drupal
Hi Tim,
The call specified in your HTTP_X_* headers is for the OAuth Echo provider
to execute against the API. Since they execute the call, it invalidates the
oauth_nonce you provided. Really, it's a different API call that your
application should be executing following an OAuth Echo transaction..
1. You've got something to post with TwitPic
2. You setup a mock request to Twitter to verify credentials so that TwitPic
can identify your user with Twitter
3. You send that mock request in HTTP_X_* headers to Twitpic, along with
your API request to Twitpic with the image
4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers,
verifying the user
5. On success, TwitPic sends you in its response information about the media
you just uploaded on behalf of your user
6. You take that response and append it to a tweet, or whatever other API
operation you're doing, and send a brand new request to Twitter
Is this the flow you're following or are you trying to do something else?
Taylor
On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote:
So... I now have a test app which is sending oAuth Echo request
successfully to Twitpic.
If I change the URL to my web app I get a 401 error back from Twitter,
so there is something I am doing wrong.
I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and
HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app,
then my web app is renaming the
HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and
POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER.
This returns the 401 error.
On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi Tim,
I'm not familiar with the Drupal OAuth module, but can help you a little
bit.
Hopefully that module is a bit flexible in the different approaches you
can
use to perform OAuth with it. Essentially, you need to build a mock
request that you won't actually execute against an endpoint at Twitter
using your credentials. The canon for OAuth Echo right now is to build a
GET
request tohttp://api.twitter.com/1/account/verify_credentials.json-- but
essentially, you can use any resource you want (and the OAuth Echo proxy
provider could do something with the response in conjunction with your
request -- TwitPic, yFrog, etc. are only just one possibility of the
things
you can do with OAuth Echo.
I edited up a good example in simple PHP of using OAuth Echo against
TwitPic
the other day:http://pastie.org/pastes/1005387
Taylor
On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood t...@millwoodonline.co.uk
wrote:
I'm trying to get oAuth Echo working withhttp://drippic.com
My API url ishttp://drippic.com/drippic2/uploadif you want to give
it a try.
Here is my code.
$sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER'];
$auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION'];
$response = drupal_http_request($sp,
array('HTTP_X_AUTH_SERVICE_PROVIDER'=$sp,'Authorization'=
$auth_cred),'POST');
watchdog('drippic','/pre'.print_r($response,true).'/pre');
print(json_encode($response));
I'm not sure what I need to send it, I copied Twitpic's example and
used this in terminal
curl -v -H 'X-Auth-Service-Provider:
https://api.twitter.com/1/account/verify_credentials.json'
-H 'X-Verify-Credentials-Authorization: OAuth realm=http://
api.twitter.com/, oauth_consumer_key=GDdmIQH6jhtmLUypg82g,
oauth_signature_method=HMAC-SHA1, oauth_token=819797-
Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw,
oauth_timestamp=1272325550,
oauth_nonce=oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y,
oauth_version=1.0, oauth_signature=U1obTfE7Rs9J1kafTGwufLJdspo%3D'
http://drippic.com/drippic2/upload
It returns 401, guess it's because the details are wrong, and not sure
what I should use.
Can anyone help?
(don't really know enough about oAuth, oAuth on the site is all
managed by the Drupal oAuth module)
Re: [twitter-dev] Re: Oauth Echo and Drupal
Awesome. There's much untapped potential in OAuth Echo beyond just the
TwitPic, yFrog, etc. use cases.
This is an area where you're going to have to be very exacting. Have you
confirmed that the request you are building would actually execute against
Twitter correctly before you've sent it through your process? As in, have
you verified that the HTTP Authorization header you've created will work
against the end point before you've stuffed it into some other header,
processed the request, etc.
Can you share the authorization header you are using and how you've defined
the OAuth Echo headers? Your signature base string for the same?
Taylor
On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote:
I am trying to do something else.
I am not trying post to twitpic, I am trying to post to my own web app
(similar to twitpic).
I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and
HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app,
then my web app is renaming the
HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and
POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER.
This returns the 401 error.
On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi Tim,
The call specified in your HTTP_X_* headers is for the OAuth Echo
provider
to execute against the API. Since they execute the call, it invalidates
the
oauth_nonce you provided. Really, it's a different API call that your
application should be executing following an OAuth Echo transaction..
1. You've got something to post with TwitPic
2. You setup a mock request to Twitter to verify credentials so that
TwitPic
can identify your user with Twitter
3. You send that mock request in HTTP_X_* headers to Twitpic, along with
your API request to Twitpic with the image
4. TwitPic executes the Twitter API call specified in the HTTP_X_*
headers,
verifying the user
5. On success, TwitPic sends you in its response information about the
media
you just uploaded on behalf of your user
6. You take that response and append it to a tweet, or whatever other API
operation you're doing, and send a brand new request to Twitter
Is this the flow you're following or are you trying to do something else?
Taylor
On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood
t...@millwoodonline.co.ukwrote:
So... I now have a test app which is sending oAuth Echo request
successfully to Twitpic.
If I change the URL to my web app I get a 401 error back from Twitter,
so there is something I am doing wrong.
I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and
HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app,
then my web app is renaming the
HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and
POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER.
This returns the 401 error.
On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi Tim,
I'm not familiar with the Drupal OAuth module, but can help you a
little
bit.
Hopefully that module is a bit flexible in the different approaches
you
can
use to perform OAuth with it. Essentially, you need to build a mock
request that you won't actually execute against an endpoint at
Twitter
using your credentials. The canon for OAuth Echo right now is to
build a
GET
request tohttp://
api.twitter.com/1/account/verify_credentials.json--but
essentially, you can use any resource you want (and the OAuth Echo
proxy
provider could do something with the response in conjunction with
your
request -- TwitPic, yFrog, etc. are only just one possibility of the
things
you can do with OAuth Echo.
I edited up a good example in simple PHP of using OAuth Echo against
TwitPic
the other day:http://pastie.org/pastes/1005387
Taylor
On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood
t...@millwoodonline.co.uk
wrote:
I'm trying to get oAuth Echo working withhttp://drippic.com
My API url ishttp://drippic.com/drippic2/uploadifyou want to give
it a try.
Here is my code.
$sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER'];
$auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION'];
$response = drupal_http_request($sp,
array('HTTP_X_AUTH_SERVICE_PROVIDER'=$sp,'Authorization'=
$auth_cred),'POST');
watchdog('drippic','/pre'.print_r($response,true).'/pre');
print(json_encode($response));
I'm not sure what I need to send it, I copied Twitpic's example and
used this in terminal
curl -v -H 'X-Auth-Service-Provider:
https://api.twitter.com/1/account/verify_credentials.json'
-H 'X-Verify-Credentials-Authorization: OAuth realm=http://
api.twitter.com/, oauth_consumer_key=GDdmIQH6jhtmLUypg82g,
oauth_signature_method=HMAC-SHA1, oauth_token=819797-
Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw,
Re: [twitter-dev] Re: Oauth Echo and Drupal
Hi Tim, That sounds like your machine might be having some issues connecting via SSL. Are you able to use Curl for any other SSL-based sites? Taylor On Mon, Jun 21, 2010 at 11:57 AM, Tim Millwood t...@millwoodonline.co.ukwrote: Tried using Curl instead of drupal_http_request and got the following error. error setting certificate verify locations:\n CAfile: \/etc\/ssl\/ certs\/ca-certificates.crt\n CApath: none\n Not sure what that means On Jun 21, 4:40 pm, Tim Millwood t...@millwoodonline.co.uk wrote: I have a test air app that posts to Twitpic perfectly fine using oAuth Echo, if I change the URL to my web app I get 401. Here are the headers I am passing to twitter to verify credentials. Am I missing some? [HTTP_X_AUTH_SERVICE_PROVIDER] = https://api.twitter.com/1/account/verify_credentials.json [Authorization] = OAuth realm=twitter,oauth_consumer_key=t94eBtc4Pz2zqo4KhABseQ,oauth_token=62 66632- e0NRaGReqpzR84Floyg565BMJbBH4lYMxsJD9LNZY,oauth_version=1.0,oauth_timest amp=1276986312,oauth_nonce=KhWw0N,oauth_signature_method=HMAC- SHA1,oauth_signature=ubKN3OQy8xC5Sdkn%2BD%2Bcq9c1ywY%3D Tim On Jun 21, 4:28 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases. This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood t...@millwoodonline.co.ukwrote: I am trying to do something else. I am not trying post to twitpic, I am trying to post to my own web app (similar to twitpic). I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 21, 3:11 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction.. 1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood t...@millwoodonline.co.ukwrote: So... I now have a test app which is sending oAuth Echo request successfully to Twitpic. If I change the URL to my web app I get a 401 error back from Twitter, so there is something I am doing wrong. I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, then my web app is renaming the HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. This returns the 401 error. On Jun 17, 2:44 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tim, I'm not familiar with the Drupal OAuth module, but can help you a little bit. Hopefully that module is a bit flexible in the different approaches you can use to perform OAuth with it. Essentially, you need to build a mock request that you won't actually execute against an endpoint at Twitter using your credentials. The canon for OAuth Echo right now is to build a GET request tohttp://
