Did you adjust the timestamp in that tool? The hosebird implementation tolerates at most a 5 minute clock skew... in other words if it receives a timestamp that is 5 minutes older (or newer) than the current time, it rejects the request.
---Mark http://twitter.com/mccv On Thu, May 6, 2010 at 6:39 AM, lqd <remy.ra...@gmail.com> wrote: > Hey guys, a couple questions/remarks on the new user streams features: > > 1) OAuth > I have no problem using the stream with BasicAuth, nor using the REST > API with OAuth. However I'm always getting 401s with OAuth on the > stream, even though Zac's fork or earlybird works flawlessly. > Just to try and locate the problem I tried signing the request with > the official noob tool at > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ > and sending the header with curl (with fiddling with spaces, tabs & > newline just in case, and even the realm value - just because > earlybird's impl doesn't send it), and I still can't login. While my > own code signing matches the parameters this tool outputs (and works > on api.twitter.com) it doesn't match what the ruby gem generates, even > when using the same timestamp and nonce, so I was suspecting some > difference in the base string. (I don't know Ruby, or how to get the > Base String there, but there's apparently a signature_base_string > method, and it did seem to have all the oauth params in the query > string) > > 2) +1 on the user burping at the beginning :) > > 3) Are the deletion notices going to be hydrated too ? ATM it's a > little raw. While it's understandable for the status not to be there > since it's just been deleted, maybe the full JSON user could be there > instead of just its id ? > > Thanks > Rémy > @lqd > > On May 6, 12:41 am, Mark McBride <mmcbr...@twitter.com> wrote: >> Ok. The query string OAuth variant should be working now. We only >> support HMAC-SHA1 (just like twitter.com does) for signature methods, >> and don't have plans to support other schemes. >> >> ---Mark >> >> http://twitter.com/mccv >> >> >> >> On Wed, May 5, 2010 at 3:21 PM, John Kalucki <j...@twitter.com> wrote: >> > We should probably just burp the whole user object out at connection start. >> >> > On Wed, May 5, 2010 at 3:12 PM, Zac Bowling <zbowl...@gmail.com> wrote: >> >> Hydrated message support in earlybird! >> >> >>http://github.com/zbowling/earlybird/ >> >> >> OAuth in query string doesn't work and only HMAC-SHA1 signature (unless >> >> you >> >> only allow plaintext over SSL) but its fine. >> >> >> One feature request would be an inital event with the users credentials >> >> just >> >> like how the user's social graph comes down initially. Right now I don't >> >> know the user's screen_name unless I also hit api.twitter.com or he tells >> >> me >> >> on the command line. With that I could drop the dependency on the twitter >> >> gem. >> >> >> Zac Bowling >> >> @zbowling >> >> >> On Wed, May 5, 2010 at 10:54 AM, Mark McBride <mmcbr...@twitter.com> >> >> wrote: >> >> >>> It should support both. Can you send me a direct email with a URL >> >>> that you tried? >> >> >>> ---Mark >> >> >>>http://twitter.com/mccv >> >> >>> On Wed, May 5, 2010 at 10:38 AM, Zac Bowling <zbowl...@gmail.com> wrote: >> >>> > My fork of earlybird works: >> >> >>> >http://github.com/zbowling/earlybird/ >> >> >>> > Fixing it to support hydrated objects. >> >> >>> > One thing is that it doesn't appear to support query string passed >> >>> > OAuth >> >>> > params but if I pass it as authentication headers it works. >> >> >>> > Zac Bowling >> >> >>> > On Wed, May 5, 2010 at 10:31 AM, Mark McBride <mmcbr...@twitter.com> >> >>> > wrote: >> >> >>> >> OAuth support on betastream is live now. This is different OAuth >> >>> >> implementation than we use on twitter.com, so if you find any rough >> >>> >> edges please let us know quick like. >> >> >>> >> The changes to make direct messages more distinguishable from tweets >> >>> >> has also been pushed. This will probably require some changes in >> >>> >> parsing logic when dealing with DMs. >> >> >>> >> ---Mark >> >> >>> >>http://twitter.com/mccv >
