[twitter-dev] Re: Friendship Create

Tue, 28 Apr 2009 08:29:27 -0700 


Hi there,
They must be sorted for the signature, but reviewing the code it looks like no matter the order you send them in we're re-sorting to validate the signature. So, you can send them either way. Sending them sorted will prevent the 3-email exchange where we verify they are indeed sorted for signing so I'm still rather partial to it :). When you get a 401 you should get a response body with some sort of message. Often times this is that it could not validate the signature but if I don't know I really cannot help. Like all other issue sending the request/response headers and body is very helpful. 

Thanks;
 – Matt Sanford / @mzsanford
     Twitter Dev

On Apr 28, 2009, at 7:53 AM, tayknight wrote:



Hey, Paul. I'm bumping my head against a similar thing in friendship/
exists (which is a GET request, and I'm getting a 401 error, not 500).
I know the parameters have to be sorted for signature creation. But
the OAuth spec docs seem to contradict if they have to be sorted in
the actual request. In [1] is seems  to say they have to be. But in
[2], is clearly shows they aren't sorted lexigraphically. Matt, I'd
love to have some clarification on this.

Thanks to both of you.

[1] http://oauth.net/core/1.0/#sig_norm_param
[2] http://oauth.net/core/1.0/#anchor30 (please see A.5.3.

On Apr 27, 4:52 pm, Paul Kinlan <paul.kin...@gmail.com> wrote:
I have just checked the library and whilst it sorts the keys, I don't think it sorts the library sorts actual query string when it makes the request. I 
will have to check that bit out.

Paul.

2009/4/27 Dossy Shiobara <do...@panoptic.com>




On 4/27/09 5:29 PM, Paul Kinlan wrote:



Bellow is an example query.
http://twitter.com/friendships/create.xml?screen_name=twollo&oauth_no ... 


"s" comes after "o".



OAuth 1.0 specification mandates the parameters be sorted when the
signature is computed.  Are you doing this?
Also, getting HTTP 500 Server Error ... I ran into that when I was using HTTP Authorize header authentication and didn't "Parameter Encode" the 
signature.



--
Dossy Shiobara              | do...@panoptic.com |http://dossy.org/
Panoptic Computer Network   |http://panoptic.com/
 "He realized the fastest way to change is to laugh at your own
   folly -- then you can let go and quickly move on." (p. 70)

Reply via email to