An invalid delimited parameter is ignored, and won't cause a 401. On Sat, Jun 26, 2010 at 2:04 AM, Wil <willi...@gmail.com> wrote:
> Hi, > > @John: I removed the delimited=1 parameter and it still gave me 401's. > > @Taylor: I checked my system clock and does not differ from the server > time by more than 5 minutes. > The code works with the following which I've used: > 1) OAuth authentication methods > 2) statuses/user_timeline > 3) 1/favorites/create > > (3) is a bit wierd since TweetSharp sends favorite requests in this > form: > http://api.twitter.com/1/favorites/create/######.json > > and the POST body contains this: > source=Wildfire%20by%20Implication > > Yet it still works. I haven't tried other things in TweetSharp that > does POST though. > I thought that it was probably the read/write permissions that's > causing the problem because I initially set the App as read-only (I > changed it to write-access when I implemented the favorite). I then > recreated the client information with read&write access. So I guess > permissions weren't the problem. > > I did some packet sniffing to be extra sure that it's sending the data > as POST... and I got this: (using Microsoft NetMon 3.3) > - Http: Request, POST /1/statuses/filter.json , Using OAuth > Authorization > Command: POST > + URI: /1/statuses/filter.json > ProtocolVersion: HTTP/1.1 > - Authorization: OAuth > - Authorization: OAuth > oauth_consumer_key="######",oauth_token="34216267- > > BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC- > SHA1",oauth_signature="PeKBoS3uYgL9p7oJ%2 > WhiteSpace: > AuthorizationData: OAuth > oauth_consumer_key="#######",oauth_token="34216267- > > BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",oauth_timestamp="1277542341",oauth_signature_method="HMAC- > SHA1",oauth_signature="PeKBoS3uYgL9p7o > + ContentType: application/x-www-form-urlencoded > Host: stream.twitter.com > ContentLength: 51 > Connection: Keep-Alive > HeaderEnd: CRLF > > > The next frame was the HTTP payload > - Http: HTTP Payload, URL: /1/statuses/filter.json > - payload: HttpContentType = application/x-www-form-urlencoded > source: softwarename > follow: ########### > > On Jun 26, 5:50 am, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > Wil, > > > > Does your OAuth code work against other aspects of the Twitter API? Can > you > > verify if your system's clock is within 5 minutes or so of the times > > returned by our system? (You can see the current server time in an HTTP > > header of any of our responses). > > > > Are you sure that your code is actually POSTing the POST body along with > the > > request? > > > > Seems like you are really close. > > > > > > > > On Fri, Jun 25, 2010 at 10:10 AM, Wil <willi...@gmail.com> wrote: > > > Hi John, > > > > > Uhh, care to elaborate? I don't quite get what you meant... > > > > > Thanks, > > > Wil > > > > > On Jun 24, 11:17 pm, John Kalucki <j...@twitter.com> wrote: > > > > Aside from the oAuth issue, which others can address, the only valid > > > > delimited value is length. > > > > > > -John > > > > > > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote: > > > > > I'm getting this response: > > > > > > > HTTP/1.1 401 Unauthorized > > > > > Content-Length: 1296 > > > > > Cache-Control: must-revalidate,no-cache,no-store > > > > > Content-Type: text/html; charset=iso-8859-1 > > > > > Server: Jetty(6.1.17) > > > > > WWW-Authenticate: Basic realm="Firehose" > > > > > > > <html> > > > > > <head> > > > > > <meta http-equiv="Content-Type" content="text/html; > > > > > charset=ISO-8859-1"/> > > > > > <title>Error 401 UNAUTHORIZED</title> > > > > > </head> > > > > > <body> > > > > > <h2>HTTP ERROR: 401</h2> > > > > > <p>Problem accessing /1/statuses/filter.json. Reason: > > > > > <pre> UNAUTHORIZED</pre></p> > > > > > <hr /><i><small>Powered by Jetty://</small></i> > > > > > > > Here's what I POSTed(oauth tokens are filtered out): > > > > > > > REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json > > > > > Authorization: OAuth > > > > > > oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth > > > _timestamp="#####",oauth_signature_method="HMAC- > > > > > SHA1",oauth_signature="########",oauth_version="1.0", > > > > > Content-Type: application/x-www-form-urlencoded > > > > > Vary: Accept-Encoding > > > > > Connection: close > > > > > > > source=softwarename&delimited=1&follow=156934710 > > > > > > > On Jun 23, 1:33 am, John Kalucki <j...@twitter.com> wrote: > > > > > > OAuthshould work fine onstream.twitter.com > > > > > > > > -John Kaluckihttp://twitter.com/jkalucki > > > > > > Infrastructure, Twitter Inc. > > > > > > > > On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> > wrote: > > > > > > > I'm a bit dumbfounded here... > > > > > > > > > I've been trying to login tostream.twitter.com usingOAuth > > > > > > > (particularly, I've been trying to access > > > > > > >http://stream.twitter.com/1/statuses/filter.json?follow=####). > I > > > used > > > > > > > the access keys obtained fromhttps:// > > > > > api.twitter.com/oauth/access_token > > > > > > > however, I've been getting 401 errors. I've tried basic > > > authentication > > > > > > > and it works fine. > > > > > > > > > Does that mean thatstream:statuses/filter is still can only > accept > > > > > > > basic authentication? > > > > > > > > > Regards, > > > > > > > Wil > > > > > > > > > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote: > > > > > > >> We haven't announced our plans for streaming andoAuth, beyond > > > stating > > > > > that > > > > > > >> User Streams will only be onoAuth. > > > > > > > > >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> > wrote: > > > > > > >> > Does this mean that the streaming API will also make the > switch > > > from > > > > > > >> > basic authentication toOAuthat the end of June? > > > > > > > > >> > On Mon, May 24, 2010 at 4:50 PM, Mark McBride < > > > mmcbr...@twitter.com > > > > > > > > >> > wrote: > > > > > > >> > >OAuthis now enabled onstream.twitter.com. I'll also send > a > > > note > > > > > out > > > > > > >> > > to the announce list > > > > > > > > >> > > ---Mark > > > > > > > > >> > >http://twitter.com/mccv > > > > > > > > >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin < > > > aran...@gmail.com > > > > > > > > >> > wrote: > > > > > > >> > >> Hi, > > > > > > > > >> > >> Is there an ETA for enablingoauthonstream.twitter.com? > > > > > > > > >> > >> Thanks, > > > > > > >> > >> Aaron > > > > > > > > >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> > wrote: > > > > > > >> > >>> OAuthis not enabled onstream.twitter.com. You can try > on > > > > > > >> > >>> chirpstream.twitter.com. > > > > > > > > >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers < > > > > > > >> > lucasvick...@gmail.com> wrote: > > > > > > >> > >>> > I am writing my own c++ basedOAuthlibrary. I know > there > > > is > > > > > liboauth > > > > > > >> > >>> > but I like to do things myself to learn. > > > > > > > > >> > >>> > Anyhow I am trying to accesshttp:// > > > > > > >> >stream.twitter.com/1/statuses/sample.xml > > > > > > >> > >>> > and I keep getting 401. > > > > > > > > >> > >>> > I have verified pretty much every parameter, and used > the > > > tool > > > > > on > > > > > > > > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin. > > > .. > > > > > > >> > >>> > to verify my signature is correct. I used twurl to > obtain > > > the > > > > > user > > > > > > >> > >>> > access tokens to my account. > > > > > > > > >> > >>> > After doing some reading I'm no longer convinced that > > > > > thestreaming > > > > > > >> > >>> > server even supportsoauth. > > > > > > > > >> > >>> > can you fill me in on the current status > > > ofstream.twitter.comand > > > > > > >> > >>> >oauth? > > > > > > > > >> > >>> > thanks! > > > > > > >> > >>> > Lucas > > > > > > > > >> > >>> > On Apr 20, 11:02 pm, Jonathon Hill < > jhill9...@gmail.com> > > > > > wrote: > > > > > > >> > >>> >> Thanks Taylor for the very detailed and helpful > response! > > > > > > > > >> > >>> >> Jonathon > > > > > > > > >> > >>> >> On Apr 20, 1:17 pm, Taylor Singletary < > > > > > taylorsinglet...@twitter.com > > > > > > > > >> > >>> >> wrote: > > > > > > > > >> > >>> >> > Hi Jonathon, > > > > > > > > >> > >>> >> > ForStreamingAPI access that isn't from the > perspective > > > of a > > > > > user's > > > > > > >> > >>> >> > account, you would use two-leggedOAuthto establish > > > > > authentication > > > > > > >> > instead > > > > > > >> > >>> >> > of basic auth. > > > > > > > > >> > >>> >> > A two-leggedOAuthrequest is very similar to > > > > > otherOAuthrequests: > > > > > > >> > you have > > > > > > >> > >>> >> > a specific resource you are trying to access, you > have > > > some > > > > > > >> > parameters you > > > > > > >> > >>> >> > want to pass to that resource, and you have > > > anOAuthconsumer > > > > > key > > > > > > >> > andOAuth > > > > > > >> > >>> >> > consumer secret. Which is unlike > three-leggedOAuthwhere > > > you > > > > > also > > > > > > >> > have > > > > > > >> > >>> >> > oauth_tokens representing either a > user/access_token or > > > a > > > > > request > > > > > > >> > token in > > > > > > >> > >>> >> > addition to the rest. > > > > > > > > >> > >>> >> > But the rules remain the same. You take all > > > > > theOAuthparameters and > > > > > > >> > the > > > > > > >> > >>> >> > parameters you are sending to the resource, > organize > > > them, > > > > > build a > > > > > > >> > signature > > > > > > >> > >>> >> > base string, then sign that with your consumer > secret > > > and > > > > > send the > > > > > > >> > request > > > > > > >> > >>> >> > on to Twitter properly signed. The only difference > is > > > that > > > > > there > > > > > > >> > is no > > > > > > >> > >>> >> > oauth_token and oauth_token_secret getting involved > in > > > the > > > > > mix. > > > > > > > > >> > >>> >> > This is essentially what a two-legged request to > > > > > thestreamingAPI > > > > > > >> > would > > > > > > >> > >>> >> > look like: > > > > > > > > >> > >>> >> > Signature Base String > > > > > > >> > >>> >> > GET&http%3A%2F%2Fstream.twitter.com > > > > > > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%2 > > > > > > 6oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signatu > > > > > > re_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 > > > > > > > > >> > >>> >> > Signature > > > > > > >> > >>> >> > Xi5jfuw2XqtU5KpNX9ZCtTptJS0= > > > > > > > > >> > >>> >> > Authorization Header > > > > > > > >OAuthoauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8", > > > > > > >> > >>> >> > oauth_signature_method="HMAC-SHA1", > > > > > oauth_timestamp="1271783743", > > > > > > >> > >>> >> > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ", > > > > > > >> > >>> >> > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", > > > > > > >> > oauth_version="1.0" > > > > > > > > >> > >>> >> > Taylor Singletary > > > > > > >> > >>> >> > Developer Advocate, Twitterhttp:// > twitter.com/episod > > > > > > > > >> > >>> >> > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill < > > > > > > >> > jhill9...@gmail.com> wrote: > > > > > > >> > >>> >> > > One thing I meant to find out @chirp last > week--what > > > > > > >> > willoauthlook > > > > > > >> > >>> >> > > like for theStreamingAPI? I'm having a hard time > > > > > visualizing how > > > > > > >> > >>> >> > > that will work. > > > > > > > > >> > >>> >> > > Thanks, > > > > > > > > >> > >>> >> > > Jonathon Hill > > > > > > >> > >>> >> > > @compwright > > > > > > >> > >>> >> > > Company52 > > > > > > >> > >>> >> > >http://company52.com > > > > > > > > >> > >>> >> > > -- > > > > > > >> > >>> >> > > Subscription settings: > > > > > > > > http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >