401 Error when requesting friends for a protected user


#1

Hello, I am experiencing error 401 when trying to retrieve the friends of a user (i.e. 435088442) whose tweets are protected. I am just using the OAuth tool,
I can retrieve correctly the user’s info but not the list of friends.
What could be the reason? The user has authorized the application to retrieve information and I could retrieve the users correctly.

To avoid issues with any library and I get the following results (sorry for verbosity), (the example query was generated with OAuth tool https://dev.twitter.com/apps/1223725/oauth?nid=22)
Thanks in advance,
Pablo

curl --get ‘https://api.twitter.com/1/friends/ids.json’ --data ‘id=435088442’ --header ‘Authorization: OAuth oauth_consumer_key=“eqCpP9x4JNv8oYxqiyCFdQ”, oauth_nonce=“001a46040b20532d36b7e058376b5f40”, oauth_signature=“yHVnW5SsPnRZw%2BWTxq%2Bmrt7NbhY%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1323871672”, oauth_token=“368593161-7yrNuB5XjS2f6r4pY7ISMn7nVpDrRu7NGKBt6qA2”, oauth_version=“1.0”’ --verbose

  • About to connect() to api.twitter.com port 443 (#0)
  • Trying 199.59.149.200… connected
  • Connected to api.twitter.com (199.59.149.200) port 443 (#0)
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using RC4-SHA
  • Server certificate:
  • subject: C=US; ST=California; L=San Francisco; O=Twitter, Inc.; OU=Twitter Platform; CN=api.twitter.com
  • start date: 2010-05-18 00:00:00 GMT
  • expire date: 2012-05-17 23:59:59 GMT
  • common name: api.twitter.com (matched)
  • issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa ©09; CN=VeriSign Class 3 Secure Server CA - G2
  • SSL certificate verify ok.

GET /1/friends/ids.json?id=435088442 HTTP/1.1
User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8r zlib/1.2.3
Host: api.twitter.com
Accept: /
Authorization: OAuth oauth_consumer_key=“eqCpP9x4JNv8oYxqiyCFdQ”, oauth_nonce=“001a46040b20532d36b7e058376b5f40”, oauth_signature=“yHVnW5SsPnRZw%2BWTxq%2Bmrt7NbhY%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1323871672”, oauth_token=“368593161-7yrNuB5XjS2f6r4pY7ISMn7nVpDrRu7NGKBt6qA2”, oauth_version=“1.0”

< HTTP/1.1 401 Unauthorized
< Date: Wed, 14 Dec 2011 14:16:46 GMT
< Status: 401 Unauthorized
< WWW-Authenticate: OAuth realm=“https://api.twitter.com
< X-Warning: Invalid OAuth credentials detected
< X-Transaction: 2c00c1a0229fc92c
< X-RateLimit-Limit: 150
< X-Frame-Options: SAMEORIGIN
< Last-Modified: Wed, 14 Dec 2011 14:16:46 GMT
< X-RateLimit-Remaining: 143
< Content-Type: application/json; charset=utf-8
< Content-Length: 74
< Pragma: no-cache
< X-RateLimit-Class: api
< X-Revision: DEV
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< X-MID: e292d6a8834cac4cba14fb4717ed16c68b2ead4e
< X-RateLimit-Reset: 1323872441
< Set-Cookie: k=10.34.249.113.1323872204340090; path=/; expires=Wed, 21-Dec-11 14:16:44 GMT; domain=.twitter.com
< Set-Cookie: guest_id=v1%3A132387220608815798; domain=.twitter.com; path=/; expires=Sat, 14-Dec-2013 02:16:46 GMT
< Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCA697jw0AToHaWQiJWU1Mzk0MWFlOWMwNGM5%250AMmZiMWZkZGRjNTQ1MTQ0OTk4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–addbe31fb523a8a4b161284cc775465a2a6999af; domain=.twitter.com; path=/; HttpOnly
< Vary: Accept-Encoding
< Server: tfe
<

  • Connection #0 to host api.twitter.com left intact
  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1):
    {“error”:“Not authorized”,“request”:"/1/friends/ids.json?id=435088442"}

#2

Is the access token you’re making the call on behalf of an approved follower of the account you’re querying? In other words, is the user_id “368593161” following the user “435088442” ?


#3

Hi, thanks for the advice, indeed, I put the wrong access token, user “435088442” was not following "368593161"thus the not Auth.
Now if I request the friends of a friend of the protected user it works.
Thanks again,


#4

9784230388


#5

i AM IN TROUBLE IN GETTING ACCESS TOKEN

oauth_consumer_key = 'WPFBOytKuGKptnQ'
oauth_consumer_secret = '0Sp5GnCbuCbJWY4ukU&'


oauth_nonce = Time.now.to_i
oauth_signature_method = 'HMAC-SHA1'
oauth_timestamp = Time.now.to_i

get = "GET&"
cal_back_url = 'http%3A%2F%2F127.0.0.0%3A3000%2Ftwitter2'
base_url = "http://twitter.com/oauth/request_token"
base_url2 = "oauth_consumer_key=#{oauth_consumer_key}&oauth_nonce=#{oauth_nonce}&oauth_signature_method=HMAC-SHA1&oauth_timestamp=#{oauth_timestamp}&oauth_token=&oauth_version=1.0"



new_key = "#{get}#{Rho::RhoSupport.url_encode(base_url)}&#{Rho::RhoSupport.url_encode(base_url2)}"


p "New key "+new_key.to_s
p "Consumer Secret "+oauth_consumer_secret
hmac = HMAC::SHA1.new(oauth_consumer_secret)
hmac.update(new_key)
new_sig =  Rho::RhoSupport.url_encode(Base64.encode64("#{hmac.digest}"))

base_url1 = "http://twitter.com/oauth/request_token?oauth_consumer_key=#{oauth_consumer_key}&oauth_token=&oauth_nonce=#{oauth_nonce}&oauth_signature_method=HMAC-SHA1&oauth_timestamp=#{oauth_timestamp}&oauth_version=1.0"
              

p "oauth_signature= "+new_sig.to_s
p  "final_url"
#final_url = "http://twitter.com/oauth/request_token?oauth_consumer_key=s25BYXWV66QXCKS3WpPKg&oauth_token=&oauth_nonce=1318425726&oauth_timestamp=1318425726&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=#{new_sig}"
final_url = "#{base_url1}&oauth_signature=#{new_sig}"
p final_url



token_result = Rho::AsyncHttp.get(
  :url => final_url
)

p "token_result output--------"
p token_result
p "token_result--------"
data = token_result['body']
  
  puts "------------------------------request token---------------------#{data}"

data = data.split("&")
p @oauth_token = data[0].split("=")[1]
p @oauth_token_secret = data[1].split("=")[1]

call_back_url = “http://redirectme.to/127.0.0.1:#{System.get_property(‘rhodes_port’)}#{url_for(:action => :fb_initiate_callback)}”

first = "https://twitter.com/oauth/authorize?oauth_token=#{@oauth_token}"

WebView.navigate(first)

end

THIS HELPS TO GET THE TOKEN VERIFIER.
i DONO HOW TO GET THE ACCESS TOKEN, SOMEBODY HELP ME