Ah wait, I ran a couple more tests just to be sure and the signatures match the sent sniffed one.... guess I missed something previously...
Base: POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses %2Ffilter.json&follow%3D156934710%26oauth_consumer_key %3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce%3Deodjuo8ystdcyl3f %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1277736634%26oauth_token%3D156934710- J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source %3DWildfire%2520by%2520Implication Signature: nt%2F5itdHGoVr8gRloaBOakSmUbM%3D Sent: oauth_consumer_key="rHYIlqotmSfiGc6OfFtw" oauth_token="156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E" oauth_nonce="eodjuo8ystdcyl3f" oauth_timestamp="1277736634" oauth_signature_method="HMAC-SHA1" oauth_signature="nt%2F5itdHGoVr8gRloaBOakSmUbM%3D" oauth_version="1.0" On Jun 28, 10:35 pm, Wil <willi...@gmail.com> wrote: > Hi Taylor, > > Ok. Here's the entire thing: > > Generated base string: > POST&http%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses > %2Ffilter.json&follow%3D156934710%26oauth_consumer_key > %3DrHYIlqotmSfiGc6OfFtw%26oauth_nonce > %3Dmvzi5szav5dciif4%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1277735188%26oauth_token%3D156934710- > J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E%26oauth_version%3D1.0%26source > %3DWildfire%2520by%2520Implication > > calculated signature: %2FgqbnKcwmnpFMGnqNUK3kr6waI0%3D > > Sniffed authorization header: > oauth_consumer_key="rHYIlqotmSfiGc6OfFtw" > oauth_token="156934710-J4HkTzZOaHk7ZBnXPzmqopoQS9pm2NjDJmMDEw4E" > oauth_nonce="6qzbdouhrz40dqs4" > oauth_timestamp="1277735291" > oauth_signature_method="HMAC-SHA1" > oauth_signature="2yRkYN7j8YpS0%2FgrFSNKnoCrk7Y%3D" > oauth_version="1.0" > > You're right, something seems to be wrong with the signature. I'll > continue to investigate this.... > > Regards, > Wil > On Jun 28, 10:23 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > > > > Wil: Can you retrieve the signature base string (again, from your current > > work) from your library when attempting the call that returns 401? There > > must be something minor going amiss there with this parameter for some > > reason. > > > Thanks, > > Taylor > > > On Sat, Jun 26, 2010 at 12:08 PM, John Kalucki <j...@twitter.com> wrote: > > > An invalid delimited parameter is ignored, and won't cause a 401. > > > > On Sat, Jun 26, 2010 at 2:04 AM, Wil <willi...@gmail.com> wrote: > > > >> Hi, > > > >> @John: I removed the delimited=1 parameter and it still gave me 401's. > > > >> @Taylor: I checked my system clock and does not differ from the server > > >> time by more than 5 minutes. > > >> The code works with the following which I've used: > > >> 1)OAuthauthentication methods > > >> 2) statuses/user_timeline > > >> 3) 1/favorites/create > > > >> (3) is a bit wierd since TweetSharp sends favorite requests in this > > >> form: > > >>http://api.twitter.com/1/favorites/create/######.json > > > >> and the POST body contains this: > > >> source=Wildfire%20by%20Implication > > > >> Yet it still works. I haven't tried other things in TweetSharp that > > >> does POST though. > > >> I thought that it was probably the read/write permissions that's > > >> causing the problem because I initially set the App as read-only (I > > >> changed it to write-access when I implemented the favorite). I then > > >> recreated the client information with read&write access. So I guess > > >> permissions weren't the problem. > > > >> I did some packet sniffing to be extra sure that it's sending the data > > >> as POST... and I got this: (using Microsoft NetMon 3.3) > > >> - Http: Request, POST /1/statuses/filter.json , UsingOAuth > > >> Authorization > > >> Command: POST > > >> + URI: /1/statuses/filter.json > > >> ProtocolVersion: HTTP/1.1 > > >> - Authorization:OAuth > > >> - Authorization: OAuth > > >> oauth_consumer_key="######",oauth_token="34216267- > > > >> BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",o > > >> auth_timestamp="1277542341",oauth_signature_method="HMAC- > > >> SHA1",oauth_signature="PeKBoS3uYgL9p7oJ%2 > > >> WhiteSpace: > > >> AuthorizationData:OAuth > > >> oauth_consumer_key="#######",oauth_token="34216267- > > > >> BDNO9E9Ayd3IDnzRsDgU0wwwcuxO3trNecmblpNQo",oauth_nonce="d8qtvqz2sefipbsu",o > > >> auth_timestamp="1277542341",oauth_signature_method="HMAC- > > >> SHA1",oauth_signature="PeKBoS3uYgL9p7o > > >> + ContentType: application/x-www-form-urlencoded > > >> Host: stream.twitter.com > > >> ContentLength: 51 > > >> Connection: Keep-Alive > > >> HeaderEnd: CRLF > > > >> The next frame was the HTTP payload > > >> - Http: HTTP Payload, URL: /1/statuses/filter.json > > >> - payload: HttpContentType = application/x-www-form-urlencoded > > >> source: softwarename > > >> follow: ########### > > > >> On Jun 26, 5:50 am, Taylor Singletary <taylorsinglet...@twitter.com> > > >> wrote: > > >> > Wil, > > > >> > Does yourOAuthcode work against other aspects of the Twitter API? Can > > >> you > > >> > verify if your system's clock is within 5 minutes or so of the times > > >> > returned by our system? (You can see the current server time in an HTTP > > >> > header of any of our responses). > > > >> > Are you sure that your code is actually POSTing the POST body along > > >> > with > > >> the > > >> > request? > > > >> > Seems like you are really close. > > > >> > On Fri, Jun 25, 2010 at 10:10 AM, Wil <willi...@gmail.com> wrote: > > >> > > Hi John, > > > >> > > Uhh, care to elaborate? I don't quite get what you meant... > > > >> > > Thanks, > > >> > > Wil > > > >> > > On Jun 24, 11:17 pm, John Kalucki <j...@twitter.com> wrote: > > >> > > > Aside from theoAuthissue, which others can address, the only valid > > >> > > > delimited value is length. > > > >> > > > -John > > > >> > > > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote: > > >> > > > > I'm getting this response: > > > >> > > > > HTTP/1.1 401 Unauthorized > > >> > > > > Content-Length: 1296 > > >> > > > > Cache-Control: must-revalidate,no-cache,no-store > > >> > > > > Content-Type: text/html; charset=iso-8859-1 > > >> > > > > Server: Jetty(6.1.17) > > >> > > > > WWW-Authenticate: Basic realm="Firehose" > > > >> > > > > <html> > > >> > > > > <head> > > >> > > > > <meta http-equiv="Content-Type" content="text/html; > > >> > > > > charset=ISO-8859-1"/> > > >> > > > > <title>Error 401 UNAUTHORIZED</title> > > >> > > > > </head> > > >> > > > > <body> > > >> > > > > <h2>HTTP ERROR: 401</h2> > > >> > > > > <p>Problem accessing /1/statuses/filter.json. Reason: > > >> > > > > <pre> UNAUTHORIZED</pre></p> > > >> > > > > <hr /><i><small>Powered by Jetty://</small></i> > > > >> > > > > Here's what I POSTed(oauthtokens are filtered out): > > > >> > > > > REQUEST: POSThttp://stream.twitter.com/1/statuses/filter.json > > >> > > > > Authorization:OAuth > > > >> oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth > > >> > > _timestamp="#####",oauth_signature_method="HMAC- > > >> > > > > SHA1",oauth_signature="########",oauth_version="1.0", > > >> > > > > Content-Type: application/x-www-form-urlencoded > > >> > > > > Vary: Accept-Encoding > > >> > > > > Connection: close > > > >> > > > > source=softwarename&delimited=1&follow=156934710 > > > >> > > > > On Jun 23, 1:33 am, John Kalucki <j...@twitter.com> wrote: > > >> > > > > > OAuthshould work fine onstream.twitter.com > > > >> > > > > > -John Kaluckihttp://twitter.com/jkalucki > > >> > > > > > Infrastructure, Twitter Inc. > > > >> > > > > > On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> > > >> wrote: > > >> > > > > > > I'm a bit dumbfounded here... > > > >> > > > > > > I've been trying to login tostream.twitter.com usingOAuth > > >> > > > > > > (particularly, I've been trying to access > > >> > > > > > >http://stream.twitter.com/1/statuses/filter.json?follow=####). > > >> I > > >> > > used > > >> > > > > > > the access keys obtained fromhttps:// > > >> > > > > api.twitter.com/oauth/access_token > > >> > > > > > > however, I've been getting 401 errors. I've tried basic > > >> > > authentication > > >> > > > > > > and it works fine. > > > >> > > > > > > Does that mean thatstream:statuses/filter is still can only > > >> accept > > >> > > > > > > basic authentication? > > > >> > > > > > > Regards, > > >> > > > > > > Wil > > > >> > > > > > > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote: > > >> > > > > > >> We haven't announced our plans for streaming andoAuth, > > >> > > > > > >> beyond > > >> > > stating > > >> > > > > that > > >> > > > > > >> User Streams will only be onoAuth. > > > >> > > > > > >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> > > >> wrote: > > >> > > > > > >> > Does this mean that the streaming API will also make the > > >> switch > > >> > > from > > >> > > > > > >> > basic authentication toOAuthat the end of June? > > > >> > > > > > >> > On Mon, May 24, 2010 at 4:50 PM, Mark McBride < > > >> > > mmcbr...@twitter.com > > > >> > > > > > >> > wrote: > > >> > > > > > >> > >OAuthis now enabled onstream.twitter.com. I'll also send > > >> a > > >> > > note > > >> > > > > out > > >> > > > > > >> > > to the announce list > > > >> > > > > > >> > > ---Mark > > > >> > > > > > >> > >http://twitter.com/mccv > > > >> > > > > > >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin < > > >> > > aran...@gmail.com > > > >> > > > > > >> > wrote: > > >> > > > > > >> > >> Hi, > > > >> > > > > > >> > >> Is there an ETA for enablingoauthonstream.twitter.com? > > > >> > > > > > >> > >> Thanks, > > >> > > > > > >> > >> Aaron > > > >> > > > > > >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> > > >> wrote: > > >> > > > > > >> > >>> OAuthis not enabled onstream.twitter.com. You can try > > >> on > > >> > > > > > >> > >>> chirpstream.twitter.com. > > > >> > > > > > >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers < > > >> > > > > > >> > lucasvick...@gmail.com> wrote: > > >> > > > > > >> > >>> > I am writing my own c++ basedOAuthlibrary. I know > > >> there > > >> > > is > > >> > > > > liboauth > > >> > > > > > >> > >>> > but I like to do things myself to learn. > > > >> > > > > > >> > >>> > Anyhow I am trying to accesshttp:// > > >> > > > > > >> >stream.twitter.com/1/statuses/sample.xml > > >> > > > > > >> > >>> > and I keep getting 401. > > > >> > > > > > >> > >>> > I have verified pretty much every parameter, and > > >> > > > > > >> > >>> > used > > >> the > > >> > > tool > > >> > > > > on > > > >>http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin. > > >> > > .. > > >> > > > > > >> > >>> > to verify my signature is correct. I used twurl to > > >> obtain > > >> > > the > > >> > > > > user > > >> > > > > > >> > >>> > access tokens to my account. > > > >> > > > > > >> > >>> > After doing some reading I'm no longer convinced > > >> > > > > > >> > >>> > that > > >> > > > > thestreaming > > >> > > > > > >> > >>> > server even supportsoauth. > > > >> > > > > > >> > >>> > can you fill me in on the current status... > > read more »