Hi Taylor,
Now I have the Access Token and I use the explanations in
http://dev.twitter.com/pages/auth to make a request on users behalf, I
get a response from twitter:
Twitter Response= {"errors":[{"code":53,"message":"Basic
authentication is not supported"}]}
Status= 401
StatusTxt= Unauthorized
I am using the same procedure just changing the paramaters to follow
the example in http://dev.twitter.com/pages/auth and signing the
request with oauth_consumer_secret + "&" + oauth_token_secret tied to
my access token...
Posting to: http://api.twitter.com/1/statuses/update.json
Authorization header parameters:
OAuth oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ",
oauth_nonce="M2XTcq44gwlMHw9VbP98FQkB7TRSc1iIX0IOiAA500B",
oauth_signature="f6Xz1tSwO8FCvkIJu4mgXYfNvUM%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1288703533",
oauth_token="46989789-6NoccKZ1NVN3wdtlRGyhQrUG3b9RcU9Tkn372uIg3",
oauth_version="1.0", status="PostingthroughMicrosoftXMLHTTP"
Any suggestions ?
Martin Hannah wrote:
> Hi Taylor,
>
> Success, the missing peice of the puzzle was that we needed to send
> the post Body, which although it was explained in documentation, we
> thought it was there for explanation of how the values are accumulated
> for the base string.. seems obvious now, but when your trying to do
> this for 1st time, it wasnt obvious then.
>
> So the find part of the send is:
> objHTTP:send("x_auth_username=oauth_test_exec&x_auth_password=twitter-
> xauth&x_auth_mode=client_auth").
>
> So my last question is, should this be url encoded, because when we
> URL encoded (as the doco suggests) it did NOT work.
>
> Martin Hannah wrote:
> > Hi Taylor,
> > In order to test your 1st suggestion "do you know if your HTTP
> > transport method munges any HTTP headers or adds its own HTTP headers
> > in any way?" we created a simple test procedure on our public web
> > server, to simulate the google end point
> > https://api.twitter.com/oauth/access_token.
> > So with our test program pointing to another end point we could
> > capture the values that googles end point might receive.
> > The values received by our web service end point (simulator) (along
> > with other CGI values) are:
> >
> > HTTP_AUTHORIZATION= OAuth oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ",
> > oauth_nonce="jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF",
> > oauth_signature="%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D",
> > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288666484",
> > oauth_version="1.0"
> > REQUEST_METHOD=POST
> >
> > So I presume this is indicating the post request is not munged/altered
> > in any way by the Microsoft XMLHTTP OCX when it sends the request
> > using:
> > > > Create "Microsoft.XMLHTTP" objHTTP .
> > > > objHTTP:open("POST",api-atokin, false, p-username, p-password).
> > > > objHTTP:setRequestHeader('Authorization', v-params).
> > > > objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
> > > > urlencoded").
> > > > objHTTP:send().
> >
> > Note: The syntax of the Progress code (above) that uses objHTTP is
> > very similiar to Visual basic. In fact we used the syntax for
> > objHTTP:open and setRequestHeader("Authorization" that you see above,
> > in the same way as it is used in the googe examples in
> > http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
> > (open this Google example page and view HTML source from lines 32 to
> > 53..)
> >
> > We are checking the 2nd and 3rd suggestions now... and hope to have
> > further test results posted in next few hours..
> >
> > Taylor Singletary wrote:
> > > Hi Martin,
> > >
> > > Thanks for your patience in working through xAuth with the issues you're
> > > facing. Given the information you've provided, it's difficult to determine
> > > exactly what might be amiss here.
> > >
> > > I'm unfamiliar with the programming environment you are using -- do you
> > > know
> > > if your HTTP transport method munges any HTTP headers or adds its own HTTP
> > > headers in any way? If you utilize an access token obtained through other
> > > means (such as by the procedure outlined in http://bit.ly/1token ) are you
> > > able to get any other kind of OAuth-based requests functional with your
> > > OAuth library?
> > >
> > > You mentioned that you successfully recreated the examples at
> > > http://dev.twitter.com/pages/xauth -- acknowledging that those values
> > > would
> > > also return a 401 from our API but provide a "safe" login & password you
> > > can
> > > share on a public forum, is there any way you can perform an HTTP capture
> > > of
> > > the entire request cycle using those static values? This would allow us to
> > > see the entire HTTP request, including headers sent/received, the raw POST
> > > body, etc -- which may yield an obvious answer as to why your
> > > implementation
> > > is not working.
> > >
> > > Hang in there!
> > > Taylor
> > >
> > >
> > > On Tue, Oct 26, 2010 at 3:20 PM, Martin Hannah
> > > <mhan...@coresoft.com.au>wrote:
> > >
> > > > We had an application successfully talking to twitter for a few years
> > > > prior to oAuth, and now converting this application to xAuth and cant
> > > > get past the first step.
> > > >
> > > > The application gets a 401 "Unauthorized" response when attempting to
> > > > get the access token.
> > > >
> > > > Have confirmed our program when provided with the same consumer_key
> > > > and Secret key as on twitter documentation page
> > > > http://dev.twitter.com/pages/xauth
> > > > produces exactly the same Singature, parameters, base string as on
> > > > http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed
> > > > string comparisons of output at each step to the twitter documentation
> > > > http://dev.twitter.com/pages/xauth by placing the twitter values in a
> > > > string variable and comparing to the values produced by our program,
> > > > so confident these are the same) .
> > > >
> > > > Using our consumer and secret keys in the test site
> > > >
> > > > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests
> > > > and compared the base string and signature results to our program and
> > > > again they are exactly the same.
> > > >
> > > > Have checked the time stamp is producing correct time (based on enoch
> > > > time) by comparing against against http://unixtimestamp.com/index.php
> > > >
> > > > Passing my consumer_secret with & at end into signature generator
> > > > (which as I said above seems to be producing correct results because
> > > > we used values in http://dev.twitter.com/pages/xauth and it generated
> > > > the same oauth_signature value)
> > > >
> > > > Base string:
> > > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > > %2Faccess_token&oauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
> > > > %26oauth_nonce
> > > > %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
> > > > %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
> > > > %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dxxxxxxxx
> > > > %26x_auth_username%3Dxxxxxxxx
> > > >
> > > > Authorization header parameters:
> > > > OAuth oauth_nonce="uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8",
> > > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288131701",
> > > > oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ",
> > > > oauth_signature="VQYSXdvrEtlvugqUpTXbCjYTNa0%3D", oauth_version="1.0"
> > > >
> > > > Twitter response:
> > > > Status= 401
> > > > StatusTxt= Unauthorized
> > > > Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
> > > > Server: hi
> > > > Status: 401 Unauthorized
> > > > X-Transaction: 1288128121-92836-33309
> > > > Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
> > > > X-Runtime: 0.00473
> > > > Content-Type: text/html; charset=utf-8
> > > > Pragma: no-cache
> > > > X-Revision: DEV
> > > > Expires: Tue, 31 Mar 1981 05:00:00 GMT
> > > > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> > > > check=0
> > > > Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
> > > > %252BorASIKZmxhc2hJQzonQWN0aW9uQ29u
> > > > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl
> > > > %250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw--
> > > > f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
> > > > Connection: close
> > > >
> > > > The actual Send procedure is: (tried procedure using both both blank
> > > > and valid p-username and p-password)
> > > > define var objHTTP as com-handle.
> > > > Create "Microsoft.XMLHTTP" objHTTP .
> > > > objHTTP:open("POST",api-atokin, false, p-username, p-password).
> > > > objHTTP:setRequestHeader('Authorization', v-params).
> > > > objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
> > > > urlencoded").
> > > > objHTTP:send().
> > > >
> > > > v-response = 'Response= ' + objHTTP:responseText + chr(10)
> > > > + 'Status= ' + objHTTP:status + chr(10)
> > > > + 'StatusTxt= ' + objHTTP:statusText + chr(10)
> > > > + 'Headers= ' + objHTTP:getAllResponseHeaders() +
> > > > chr(10) .
> > > >
> > > > I have emailed api.twitter.com and asked for them to check that I have
> > > > xAuth enabled and they responded:
> > > > "I can confirm that your application, client ID xxxxxxx, has xAuth
> > > > access and I just refreshed its permissions and consumer keys for good
> > > > measure. If you still get 401 errors when trying to use xAuth with
> > > > these new keys, please post about it in our Developer Talk Group:
> > > > http://groups.google.com/group/twitter-development-talk . Our
> > > > developer advocates have been tracking some issues like these and will
> > > > be happy to help you out there, as well as use any information you
> > > > provide to debug any possible related issues on our side. I apologize
> > > > for the inconvenience."
> > > >
> > > > I am stumped, and my team has been on this for 3 weeks
> > > >
> > > > --
> > > > Twitter developer documentation and resources:
> > > > http://dev.twitter.com/doc
> > > > API updates via Twitter: http://twitter.com/twitterapi
> > > > Issues/Enhancements Tracker:
> > > > http://code.google.com/p/twitter-api/issues/list
> > > > Change your membership to this group:
> > > > http://groups.google.com/group/twitter-development-talk
> > > >
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
