Hi Taylor, Now I have the Access Token and I use the explanations in http://dev.twitter.com/pages/auth to make a request on users behalf, I get a response from twitter:
Twitter Response= {"errors":[{"code":53,"message":"Basic authentication is not supported"}]} Status= 401 StatusTxt= Unauthorized I am using the same procedure just changing the paramaters to follow the example in http://dev.twitter.com/pages/auth and signing the request with oauth_consumer_secret + "&" + oauth_token_secret tied to my access token... Posting to: http://api.twitter.com/1/statuses/update.json Authorization header parameters: OAuth oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ", oauth_nonce="M2XTcq44gwlMHw9VbP98FQkB7TRSc1iIX0IOiAA500B", oauth_signature="f6Xz1tSwO8FCvkIJu4mgXYfNvUM%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288703533", oauth_token="46989789-6NoccKZ1NVN3wdtlRGyhQrUG3b9RcU9Tkn372uIg3", oauth_version="1.0", status="PostingthroughMicrosoftXMLHTTP" Any suggestions ? Martin Hannah wrote: > Hi Taylor, > > Success, the missing peice of the puzzle was that we needed to send > the post Body, which although it was explained in documentation, we > thought it was there for explanation of how the values are accumulated > for the base string.. seems obvious now, but when your trying to do > this for 1st time, it wasnt obvious then. > > So the find part of the send is: > objHTTP:send("x_auth_username=oauth_test_exec&x_auth_password=twitter- > xauth&x_auth_mode=client_auth"). > > So my last question is, should this be url encoded, because when we > URL encoded (as the doco suggests) it did NOT work. > > Martin Hannah wrote: > > Hi Taylor, > > In order to test your 1st suggestion "do you know if your HTTP > > transport method munges any HTTP headers or adds its own HTTP headers > > in any way?" we created a simple test procedure on our public web > > server, to simulate the google end point > > https://api.twitter.com/oauth/access_token. > > So with our test program pointing to another end point we could > > capture the values that googles end point might receive. > > The values received by our web service end point (simulator) (along > > with other CGI values) are: > > > > HTTP_AUTHORIZATION= OAuth oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ", > > oauth_nonce="jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF", > > oauth_signature="%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D", > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288666484", > > oauth_version="1.0" > > REQUEST_METHOD=POST > > > > So I presume this is indicating the post request is not munged/altered > > in any way by the Microsoft XMLHTTP OCX when it sends the request > > using: > > > > Create "Microsoft.XMLHTTP" objHTTP . > > > > objHTTP:open("POST",api-atokin, false, p-username, p-password). > > > > objHTTP:setRequestHeader('Authorization', v-params). > > > > objHTTP:SetRequestHeader("Content-Type","application/x-www-form- > > > > urlencoded"). > > > > objHTTP:send(). > > > > Note: The syntax of the Progress code (above) that uses objHTTP is > > very similiar to Visual basic. In fact we used the syntax for > > objHTTP:open and setRequestHeader("Authorization" that you see above, > > in the same way as it is used in the googe examples in > > http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html > > (open this Google example page and view HTML source from lines 32 to > > 53..) > > > > We are checking the 2nd and 3rd suggestions now... and hope to have > > further test results posted in next few hours.. > > > > Taylor Singletary wrote: > > > Hi Martin, > > > > > > Thanks for your patience in working through xAuth with the issues you're > > > facing. Given the information you've provided, it's difficult to determine > > > exactly what might be amiss here. > > > > > > I'm unfamiliar with the programming environment you are using -- do you > > > know > > > if your HTTP transport method munges any HTTP headers or adds its own HTTP > > > headers in any way? If you utilize an access token obtained through other > > > means (such as by the procedure outlined in http://bit.ly/1token ) are you > > > able to get any other kind of OAuth-based requests functional with your > > > OAuth library? > > > > > > You mentioned that you successfully recreated the examples at > > > http://dev.twitter.com/pages/xauth -- acknowledging that those values > > > would > > > also return a 401 from our API but provide a "safe" login & password you > > > can > > > share on a public forum, is there any way you can perform an HTTP capture > > > of > > > the entire request cycle using those static values? This would allow us to > > > see the entire HTTP request, including headers sent/received, the raw POST > > > body, etc -- which may yield an obvious answer as to why your > > > implementation > > > is not working. > > > > > > Hang in there! > > > Taylor > > > > > > > > > On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah > > > <mhan...@coresoft.com.au>wrote: > > > > > > > We had an application successfully talking to twitter for a few years > > > > prior to oAuth, and now converting this application to xAuth and cant > > > > get past the first step. > > > > > > > > The application gets a 401 "Unauthorized" response when attempting to > > > > get the access token. > > > > > > > > Have confirmed our program when provided with the same consumer_key > > > > and Secret key as on twitter documentation page > > > > http://dev.twitter.com/pages/xauth > > > > produces exactly the same Singature, parameters, base string as on > > > > http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed > > > > string comparisons of output at each step to the twitter documentation > > > > http://dev.twitter.com/pages/xauth by placing the twitter values in a > > > > string variable and comparing to the values produced by our program, > > > > so confident these are the same) . > > > > > > > > Using our consumer and secret keys in the test site > > > > > > > > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests > > > > and compared the base string and signature results to our program and > > > > again they are exactly the same. > > > > > > > > Have checked the time stamp is producing correct time (based on enoch > > > > time) by comparing against against http://unixtimestamp.com/index.php > > > > > > > > Passing my consumer_secret with & at end into signature generator > > > > (which as I said above seems to be producing correct results because > > > > we used values in http://dev.twitter.com/pages/xauth and it generated > > > > the same oauth_signature value) > > > > > > > > Base string: > > > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth > > > > %2Faccess_token&oauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ > > > > %26oauth_nonce > > > > %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method > > > > %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version > > > > %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dxxxxxxxx > > > > %26x_auth_username%3Dxxxxxxxx > > > > > > > > Authorization header parameters: > > > > OAuth oauth_nonce="uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8", > > > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288131701", > > > > oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ", > > > > oauth_signature="VQYSXdvrEtlvugqUpTXbCjYTNa0%3D", oauth_version="1.0" > > > > > > > > Twitter response: > > > > Status= 401 > > > > StatusTxt= Unauthorized > > > > Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT > > > > Server: hi > > > > Status: 401 Unauthorized > > > > X-Transaction: 1288128121-92836-33309 > > > > Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT > > > > X-Runtime: 0.00473 > > > > Content-Type: text/html; charset=utf-8 > > > > Pragma: no-cache > > > > X-Revision: DEV > > > > Expires: Tue, 31 Mar 1981 05:00:00 GMT > > > > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- > > > > check=0 > > > > Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa > > > > %252BorASIKZmxhc2hJQzonQWN0aW9uQ29u > > > > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl > > > > %250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw-- > > > > f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/ > > > > Connection: close > > > > > > > > The actual Send procedure is: (tried procedure using both both blank > > > > and valid p-username and p-password) > > > > define var objHTTP as com-handle. > > > > Create "Microsoft.XMLHTTP" objHTTP . > > > > objHTTP:open("POST",api-atokin, false, p-username, p-password). > > > > objHTTP:setRequestHeader('Authorization', v-params). > > > > objHTTP:SetRequestHeader("Content-Type","application/x-www-form- > > > > urlencoded"). > > > > objHTTP:send(). > > > > > > > > v-response = 'Response= ' + objHTTP:responseText + chr(10) > > > > + 'Status= ' + objHTTP:status + chr(10) > > > > + 'StatusTxt= ' + objHTTP:statusText + chr(10) > > > > + 'Headers= ' + objHTTP:getAllResponseHeaders() + > > > > chr(10) . > > > > > > > > I have emailed api.twitter.com and asked for them to check that I have > > > > xAuth enabled and they responded: > > > > "I can confirm that your application, client ID xxxxxxx, has xAuth > > > > access and I just refreshed its permissions and consumer keys for good > > > > measure. If you still get 401 errors when trying to use xAuth with > > > > these new keys, please post about it in our Developer Talk Group: > > > > http://groups.google.com/group/twitter-development-talk . Our > > > > developer advocates have been tracking some issues like these and will > > > > be happy to help you out there, as well as use any information you > > > > provide to debug any possible related issues on our side. I apologize > > > > for the inconvenience." > > > > > > > > I am stumped, and my team has been on this for 3 weeks > > > > > > > > -- > > > > Twitter developer documentation and resources: > > > > http://dev.twitter.com/doc > > > > API updates via Twitter: http://twitter.com/twitterapi > > > > Issues/Enhancements Tracker: > > > > http://code.google.com/p/twitter-api/issues/list > > > > Change your membership to this group: > > > > http://groups.google.com/group/twitter-development-talk > > > > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk