Awesome. There's much untapped potential in OAuth Echo beyond just the TwitPic, yFrog, etc. use cases.
This is an area where you're going to have to be very exacting. Have you confirmed that the request you are building would actually execute against Twitter correctly before you've sent it through your process? As in, have you verified that the HTTP Authorization header you've created will work against the end point before you've stuffed it into some other header, processed the request, etc. Can you share the authorization header you are using and how you've defined the OAuth Echo headers? Your signature base string for the same? Taylor On Mon, Jun 21, 2010 at 8:06 AM, Tim Millwood <t...@millwoodonline.co.uk>wrote: > I am trying to do something else. > > I am not trying post to twitpic, I am trying to post to my own web app > (similar to twitpic). > > I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and > HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, > then my web app is renaming the > HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and > POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. > This returns the 401 error. > > > On Jun 21, 3:11 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > Hi Tim, > > > > The call specified in your HTTP_X_* headers is for the OAuth Echo > provider > > to execute against the API. Since they execute the call, it invalidates > the > > oauth_nonce you provided. Really, it's a different API call that your > > application should be executing following an OAuth Echo transaction.. > > > > 1. You've got something to post with TwitPic > > 2. You setup a mock request to Twitter to verify credentials so that > TwitPic > > can identify your user with Twitter > > 3. You send that mock request in HTTP_X_* headers to Twitpic, along with > > your API request to Twitpic with the image > > 4. TwitPic executes the Twitter API call specified in the HTTP_X_* > headers, > > verifying the user > > 5. On success, TwitPic sends you in its response information about the > media > > you just uploaded on behalf of your user > > 6. You take that response and append it to a tweet, or whatever other API > > operation you're doing, and send a brand new request to Twitter > > > > Is this the flow you're following or are you trying to do something else? > > > > Taylor > > > > On Sat, Jun 19, 2010 at 12:40 PM, Tim Millwood < > t...@millwoodonline.co.uk>wrote: > > > > > > > > > So... I now have a test app which is sending oAuth Echo request > > > successfully to Twitpic. > > > > > If I change the URL to my web app I get a 401 error back from Twitter, > > > so there is something I am doing wrong. > > > > > I am getting the HTTP_X_AUTH_SERVICE_PROVIDER and > > > HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION headers from the test app, > > > then my web app is renaming the > > > HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION header to Authorization and > > > POSTing both to the URL in HTTP_X_AUTH_SERVICE_PROVIDER. > > > > > This returns the 401 error. > > > > > On Jun 17, 2:44 pm, Taylor Singletary <taylorsinglet...@twitter.com> > > > wrote: > > > > Hi Tim, > > > > > > I'm not familiar with the Drupal OAuth module, but can help you a > little > > > > bit. > > > > > > Hopefully that module is a bit flexible in the different approaches > you > > > can > > > > use to perform OAuth with it. Essentially, you need to build a "mock > > > > request" that you won't actually execute against an endpoint at > Twitter > > > > using your credentials. The canon for OAuth Echo right now is to > build a > > > GET > > > > request tohttp:// > api.twitter.com/1/account/verify_credentials.json--but > > > > essentially, you can use any resource you want (and the OAuth Echo > proxy > > > > provider could do something with the response in conjunction with > your > > > > request -- TwitPic, yFrog, etc. are only just one possibility of the > > > things > > > > you can do with OAuth Echo. > > > > > > I edited up a good example in simple PHP of using OAuth Echo against > > > TwitPic > > > > the other day:http://pastie.org/pastes/1005387 > > > > > > Taylor > > > > > > On Thu, Jun 17, 2010 at 1:40 AM, Tim Millwood < > t...@millwoodonline.co.uk > > > >wrote: > > > > > > > I'm trying to get oAuth Echo working withhttp://drippic.com > > > > > > > My API url ishttp://drippic.com/drippic2/uploadifyou want to give > > > > > it a try. > > > > > > > Here is my code. > > > > > $sp = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER']; > > > > > $auth_cred = $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION']; > > > > > $response = drupal_http_request($sp, > > > > > array('HTTP_X_AUTH_SERVICE_PROVIDER'=>$sp,'Authorization'=> > > > > > $auth_cred),'POST'); > > > > > watchdog('drippic','</pre>'.print_r($response,true).'</pre>'); > > > > > print(json_encode($response)); > > > > > > > I'm not sure what I need to send it, I copied Twitpic's example and > > > > > used this in terminal > > > > > curl -v -H 'X-Auth-Service-Provider: > > > > >https://api.twitter.com/1/account/verify_credentials.json' > > > > > -H 'X-Verify-Credentials-Authorization: OAuth realm="http:// > > > > > api.twitter.com/", oauth_consumer_key="GDdmIQH6jhtmLUypg82g", > > > > > oauth_signature_method="HMAC-SHA1", oauth_token="819797- > > > > > Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw", > > > > > oauth_timestamp="1272325550", > > > > > oauth_nonce="oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y", > > > > > oauth_version="1.0", > oauth_signature="U1obTfE7Rs9J1kafTGwufLJdspo%3D"' > > > > >http://drippic.com/drippic2/upload > > > > > > > It returns 401, guess it's because the details are wrong, and not > sure > > > > > what I should use. > > > > > > > Can anyone help? > > > > > > > (don't really know enough about oAuth, oAuth on the site is all > > > > > managed by the Drupal oAuth module) >
