Hi Tim, The call specified in your HTTP_X_* headers is for the OAuth Echo provider to execute against the API. Since they execute the call, it invalidates the oauth_nonce you provided. Really, it's a different API call that your application should be executing following an OAuth Echo transaction..
1. You've got something to post with TwitPic 2. You setup a mock request to Twitter to verify credentials so that TwitPic can identify your user with Twitter 3. You send that mock request in HTTP_X_* headers to Twitpic, along with your API request to Twitpic with the image 4. TwitPic executes the Twitter API call specified in the HTTP_X_* headers, verifying the user 5. On success, TwitPic sends you in its response information about the media you just uploaded on behalf of your user 6. You take that response and append it to a tweet, or whatever other API operation you're doing, and send a brand new request to Twitter Is this the flow you're following or are you trying to do something else? Taylor On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood <t...@millwoodonline.co.uk>wrote: > So... I now have a test app which is sending oAuth Echo request > successfully to Twitpic. > > If I change the URL to my web app I get a 401 error back from Twitter, > so there is something I am doing wrong. > > I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and > HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, > then my web app is renaming the > HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and > POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. > > This returns the 401 error. > > On Jun 17, 2:44 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > Hi Tim, > > > > I'm not familiar with the Drupal OAuth module, but can help you a little > > bit. > > > > Hopefully that module is a bit flexible in the different approaches you > can > > use to perform OAuth with it. Essentially, you need to build a "mock > > request" that you won't actually execute against an endpoint at Twitter > > using your credentials. The canon for OAuth Echo right now is to build a > GET > > request tohttp://api.twitter.com/1/account/verify_credentials.json-- but > > essentially, you can use any resource you want (and the OAuth Echo proxy > > provider could do something with the response in conjunction with your > > request -- TwitPic, yFrog, etc. are only just one possibility of the > things > > you can do with OAuth Echo. > > > > I edited up a good example in simple PHP of using OAuth Echo against > TwitPic > > the other day:http://pastie.org/pastes/1005387 > > > > Taylor > > > > On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood <t...@millwoodonline.co.uk > >wrote: > > > > > > > > > I'm trying to get oAuth Echo working withhttp://drippic.com > > > > > My API url ishttp://drippic.com/drippic2/uploadif you want to give > > > it a try. > > > > > Here is my code. > > > $sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER']; > > > $auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION']; > > > $response = drupal_http_request($sp, > > > array('HTTP_X_AUTH_SERVICE_PROVIDER'=>$sp,'Authorization'=> > > > $auth_cred),'POST'); > > > watchdog('drippic','</pre>'.print_r($response,true).'</pre>'); > > > print(json_encode($response)); > > > > > I'm not sure what I need to send it, I copied Twitpic's example and > > > used this in terminal > > > curl -v -H 'X-Auth-Service-Provider: > > >https://api.twitter.com/1/account/verify_credentials.json' > > > -H 'X-Verify-Credentials-Authorization: OAuth realm="http:// > > > api.twitter.com/", oauth_consumer_key="GDdmIQH6jhtmLUypg82g", > > > oauth_signature_method="HMAC-SHA1", oauth_token="819797- > > > Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw", > > > oauth_timestamp="1272325550", > > > oauth_nonce="oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y", > > > oauth_version="1.0", oauth_signature="U1obTfE7Rs9J1kafTGwufLJdspo%3D"' > > >http://drippic.com/drippic2/upload > > > > > It returns 401, guess it's because the details are wrong, and not sure > > > what I should use. > > > > > Can anyone help? > > > > > (don't really know enough about oAuth, oAuth on the site is all > > > managed by the Drupal oAuth module) >
