Hi Taylor, Thank you for your response.
Originally, I did forget to add an oauth_timestamp field. I've since included one, but still have the same problem. I modified my app to dump out the base string. Here's what I got: GET&https%3A%2F%2Fuserstream.twitter.com%2F2%2Fuser.json&delimited%3Dlength%26oauth_nonce%3D05963995484855701581311629784779%26oauth_timestamp%3D1309276024%26oauth_version%3D1.0 Does that look right? Eryn On 2011-06-27, at 08:10, Taylor Singletary wrote: > Hi Eryn, > > I'm not too familiar with the Twisted framework or its implementation > of OAuth, so take what I recommend with a grain of salt. > > * Access tokens generated through the OAuth flow on Twitter, > regardless of the technique used (PIN code, xAuth, vanilla OAuth) are > long-lived and do not expire until the end-user makes an explicit > effort to revoke the access. You store the access token and access > token secret. > > * While OAuth in theory should "just work" when it works in one spot, > there's a great amount of variation in the amount of "wrongness" that > given services will tolerate when evaluating the credentials. Long- > term, we're working to normalize the entire validation procedure > across all of our services, but in reality the streaming API and the > REST API use different OAuth engines to evaluate the validity of the > request -- the streaming API's OAuth verification is considerably > stricter than the REST API's more forgiving implementation. > > * I notice that your authorization header is missing a oauth_timestamp > parameter -- is that a copy and paste error? Do you know how to locate > the OAuth signature base string in the Python library you are using -- > it can often be buried under private or protected methods but the > string is invaluable in debugging issues like this. > > Thanks, > Taylor > > On Jun 24, 7:54 pm, Eryn Wells <e...@3b518c.com> wrote: >> Hello all, >> >> I'm quite new to OAuth and the Twitter API, and this is my first post to >> this list. >> >> I'm working on an app in Python using the Twisted framework. It uses >> brosner's fork of python-oauth2[1] to do the initial authentication and >> subsequent request signing. I'm using the PIN code flow for authentication. >> Do access tokens need to be generated every time you start the app, or can >> they be stored between runs and reused? If so, how long are the valid? Right >> now, my code writes the access token and secret out to a file and recovers >> it the next time it starts. The procedure seems to go just fine – I don't >> get any errors – but I can't really verify that everything is Correct >> because I don't really know what I'm looking for… >> >> Second thing, I'm at the point where I'm trying to do the initial connection >> tohttps://userstream.twitter.com/2/user.json. I'm using SSLConnect and >> web.HTTPClient, if that helps… I write out the command (GET <url>), and the >> headers (a Host and an Authorization header). The OAuth library generates >> the following Authorization header content. I get back a 401 Unauthorized >> error with a WWW-Authenticate: Basic header. I've heard from @twitterapi >> that User Streams require OAuth, so why am I getting a Basic auth response? >> >> OAuth realm="Firehose", oauth_nonce="25622603816219309853125867384777", >> oauth_consumer_key="<cut>", oauth_signature_method="HMAC-SHA1", >> oauth_version="1.0", oauth_token="<cut>", >> oauth_signature="1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D" >> >> Anything obvious there that I'm doing wrong? >> >> Thanks, >> Eryn > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
