Hi again,
A nonce is expected to be unique for each request, that is really
it's only function. You should not need the login/password anywhere,
and if the library you're using requires that it's doing something
incorrectly. I'm not much of a VB programmer, but I just read through
your source and from the Form1 class it looks like you're writing a
desktop application, is that correct?
The other thing I noticed in Form1 is that you try to call
OAuth.AccessTokenGet without ever getting a request token. I think one
step you're missing here is OAuth.AuthorizationLinkGet, which gets a
request token and returns the URL the user's browser should be sent
to. Your code from Form1 does not appear to get the URL or send the
user there, unless the source on this site is incomplete or I'm mis-
reading it.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
On Jun 25, 2009, at 12:04 PM, Obrzut wrote:
Well, Hi again Matt.
Basically, it is hard to describe exactly what my app is doing because
it is using third party code.
Firstly, this is the URL I am trying to access;
url = "http://twitter.com/statuses/show/123.xml";
Then, here are the URL's for authentication that my API uses;
Public Const REQUEST_TOKEN As String = "http://twitter.com/oauth/
request_token"
Public Const AUTHORISE As String = "http://twitter.com/oauth/
authorize"
Public Const ACCESS_TOKEN As String = "http://twitter.com/oauth/
access_token"
I am using the C# Base Class with a VB.NET adapted C# Class to
interface with the C# Base Class for OAuth.
That is basically everything!
It generates a URL too. BUT - I just tried something:
I added http://<MY USERNAME>:<MY PASSWORD>@twitter.com/etc...
To the URL that asks for the Login Prompt and also changed the Nonce.
I get a blank page then! Haha.
You see - when I clicked CANCEL on the Login prompt - I would get the
following output;
<hash>
<request>/oauth/access_token?
oauth_version
=
1.0
&
;oauth_nonce
=
9995405
&oauth_timestamp=1245956104&oauth_signature_method=HMAC-
SHA1
&
;oauth_consumer_key
=CgZiTeNqGk2c0eZSdb9qg&oauth_signature=DaoiZKL5EMak1RyvTsGzYhlKe7Y
%3d</request>
<error>Invalid / used nonce</error>
</hash>
You see - the Nonces have been used for some reason? I changed the
nonce from the original 6545405 to 9995405 and when I updated with a
new nonce I got the blank page. When I tried to access the source code
for you - I got the Login prompt again with the expired nonce.
SO
It seems the problem lies somewhere with updateing the nonces for each
request? AND/OR Supplying Login Credentials?
Perhaps this is what the 401 : Unauthorised error message from Visual
Studio means during a Web Request?
I will keep tinkering with the code by firstly adding my Twitter
Username and Password to the URL as above - but also try updateing the
nonce?
Any ideas on how to do this? I have posted my code in the initial
post.
On Jun 25, 7:41 pm, Matt Sanford <m...@twitter.com> wrote:
Hello again,
The access token URL [1] should be accessed by your application
to exchange a request token for an access token, not from a browser.
You're seeing a login dialog because that is what browsers do with
HTTP 401 (Unauthorized). Your description has been a bit confusing,
is this the problem (excluding this browser thing):
1. Application gets a request token
2. Redirect the user to twitter.com/oauth/authorize … user clicks
through to accept
3. User returns to your site
4. Your site called twitter.com/oauth/access_token
5. BOOM: twitter.com/oauth/access_token returns 401
Is that the flow? If so, the body of the 401 would be most
helpful. If that is not the flow, please try and describe what you
are
doing so I can try and reproduce the error and look for bugs on our
side.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
[1] -http://twitter.com/oauth/access_token
On Jun 25, 2009, at 11:33 AM, Obrzut wrote:
I have read that document. Like I said in my initial post - I have
read the tutorials and FAQs.
Furthermore - I have converted a C# Class that utilises OAuth C#
Base
Class to VB.NET without a hitch.
It works just fine - the only problem is that it is reaching a Login
prompt that is asking for credentials that I do not have.
A. Williams - did you even read my last post? I find it highly
ignorant of you to refer me to the guide when I have successfully
authenticated the OAuth procedure.
That said, will anyone who cares to read my posts reply with some
thing that is relevant and makes sense?
I have given all the URL's needed - the parameters I am passing to
Twitters oauth page - and I am getting a LOGIN PROMPT.
Read my previous posts for more information.
Kind regards,
Obrzut
On Jun 25, 7:23 pm, Abraham Williams <4bra...@gmail.com> wrote:
I would recommend readinghttp://oauth.net/documentation/getting-startedso
you have a thorough
understanding of how Oauth.
On Thu, Jun 25, 2009 at 12:17, Obrzut<sa...@peyoteuk.com> wrote:
WOW! Thanks! I'll try that!
Just a side note - I extracted the URL and ran it thru a web
browser -
then it started popping open a Username / Password box?
It stated;
The server twitter.com at Twitter API requires a username and
password.
What is all this about? I ask, because, my twitter username and
password do not work?
When I ran the URL via the web browser object in VB.NET the
document
completed without any body of text. It just exited without a login
prompt. Nothing.
So, it seems the URL I am creating seems sound - as it created a
Login
prompt in google Chrome. But, I dunno what credentials I require
for
the login prompt?
http://twitter.com/oauth/access_token?oauth_version=1.0&oauth_nonce=2
...
This is the URL I used to access the login prompt.
Any pointers?
On Jun 25, 6:04 pm, Bojan Rajkovic <boj...@brandeis.edu> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Obrzut wrote:
"oauth_version
=1.0&oauth_nonce=5048009&oauth_timestamp=1245948327&oauth_sig
nature_method=HMAC-
SHA1
&oauth_consumer_key
=CgZiTeNqGk2c0eZSdb9qg&oauth_signature=vxFWk3JvGKdKI RYR31%2b2JC
%2bh30o%3d"
This is an example URL I am sending. Is there anything suspect
you can
see just by looking at it?
It really would help me out no end.
Kind regards,
Obrzut
You need to apply a lexicographical byte ordering to the OAuth
parameters--that is, sort them alphabetically.
I ran into this in the beginning, and scratched my head for a
while
until I read the OAuth standard.
Cheers,
- --
Bojan Rajkovic <boj...@brandeis.edu>
Biochemistry '10, Brandeis University
PGP Signature Key ID: 0x8783D016
PGP Encryption Key ID: 0x2497B8B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org
iQIcBAEBAgAGBQJKQ647AAoJEO4IwQyHg9AWnVkP/2H5dQWnGSYXGGQV0YW6oswQ
gBELIhWjHiq9lkQQbOrCUqV6hR4wycSa5hNfaW+YxQsVEuORTw1FAhiayJPRcVAH
I8cgewOSgXG5CSbXfutPmfQFHZNdN3zgJMaS0sAwoyEik+nb/JePlUEkn7f9CPzb
buqLAjadh0bLNdB/U2ld5FBgnAc1zQEJrGCePqfzYls3RTQm+dc6wtpzRnlKVDER
hfsVh0E9OUZOIjEmaHsc7KUjoiATSB/j0LXrF+3x3BR/ISYkoLW0cJPQEscJVrG+
JbtJ3Q4H1uJpDn5iF4ENhzjZa1/v45w/zliXk8MeDixLC4jtTUE54oKZsYFjhL/v
d1BMgmgTVCJq7Qj2jJNKjD/A2nriAErh/i/42850MsF9JCnff6d2kruXccdHM8Lv
ExttUH9k6c0U4SBVYjjv+Np4OOwWDJvwNx3mXW5mgfLsCtMKdSDD+mm4/M9MHDxR
sHo54jlWDXGYHrbAJLtCBp02UN3FTlieQ61QYniaUJcZOuzMoKkmVn4/uHMJT7SQ
u+DxUMYaFEpot72IOzgFmAmeToGw1GWyeBzeZnkPq5li5Y+EyUCVKH8dxSj4omM+
qUHwvhI93cS6+mmh3L1KGsfg6uXl88xi1oP3d+k1N65nX4troGWE00VPROTbAPzk
+UNJsrk9WkRuaif1le0b
=M/IL
-----END PGP SIGNATURE-----
--
Abraham Williams | Community Evangelist |http://web608.org
Hacker |http://abrah.am|http://twitter.com/abraham
Project |http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
