Error 401 in update status api with specific words

status
oauth
api

#1

hello devlopers,

i’m trying to update status using https://api.twitter.com/1.1/statuses/update.json i’m pretty sure my code is good because i can update the status using any status i want except this:

#عربي 12:23:04

or:

#عربي
12:32:04

or even:

عربي
12:32:06

and anything similar

here is my auth header:

Authorization: OAuth oauth_consumer_key="[my consumer key]", oauth_nonce=“WWVYJT65JRK0GZ8”, oauth_signature=“1NZvukA0BV%2Fq%2FDtVZv%2FZNKvniiY%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1453679593”, oauth_token="[my access token]", oauth_version=“1.0”, status="%25D8%25B9%25D8%25B1%25D8%25A8%25D9%258A%250D%250A12%253A55%253A06"

Content-Type: application/x-www-form-urlencoded;charset=utf-8

signature string somthing like:

POST&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fstatuses%2Fupdate.json&oauth_consumer_key%3D[my consumer]%26oauth_nonce%3DJT6RXEYYSJCH796%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1453679875%26oauth_token%3D[my access token]%26oauth_version%3D1.0%26status%3D%25D8%25B9%25D8%25B1%25D8%25A8%25D9%258A%250D%250A12%253A55%253A06

respone:

status:401
{“errors”:[{“code”:32,“message”:“Could not authenticate you.”}]}

thanks in advance


#3

after some tests i realized that it happens only if the status started with Arabic char followed by ‘:’ or ‘*’


#4

anyone? i really tried every thing i know and searched all over the web but i can’t find anything for this!


#5

Hi, I just tried to post a status like that and it works fine, so I suspect your calculation of the oauth verification is not correctly working for those characters, I can’t imagine any other problem. Which library are you using that handles that?


#6

hello @ePirat, and thank you for your replay.

i’m using a library i made in order to learn Oauth and twitter verification process.
i don’t really understand what is going on i can send any type of status update with arabic language and also those who has the character “:” or “*” but once i’m combine them together i receive the 401 error.

here is my implementation of Oauth signature Generator in c#:

protected string GenerateSignture(Method method, IDictionary<string, string> prms)
{
StringBuilder baseStrBu = new StringBuilder();

        baseStrBu.Append(method.ToString().ToUpper() + "&");
        baseStrBu.Append(Uri.EscapeDataString(URLResource) + "&");
        foreach (var item in prms)
        {
            if (string.IsNullOrEmpty(item.Value.Trim())) continue;
            baseStrBu.Append(Uri.EscapeDataString(item.Key + "=" + item.Value + "&"));
        }
        string baseStr = baseStrBu.ToString().Substring(0, baseStrBu.Length - 3);
        HMACSHA1 hasher = new HMACSHA1(new UTF8Encoding().GetBytes(
            Uri.EscapeDataString(auth.OauthConsumerSecret) + "&" +
            Uri.EscapeDataString(auth.AccessToken.OauthTokenSecret)));
        string signatureString = Convert.ToBase64String(
            hasher.ComputeHash(new UTF8Encoding().GetBytes(baseStr)));
        return signatureString;
    }

#7

I would suggest you try it with some popular oAuth library you find. If it works with that you can be sure its something wrong in your code. If it doesn’t work with another library, it would be great if you can report that here, so we can investigate further.


#8

hello @ePirat

i tested with API Console Tool and i can confirm that it can’t update status with arabic char followed by"*" but it can update if followed by “:”.

by the way is there is something wrong in the Oauth header or the signture i provided in the topic?

thanks,


#9

I have no way to test that as it’s time-based and all tools I have here will use the current time for the calculation, sorry. I just tested that I can post this combination of characters. Please provide me with a copy pasteable version of the combination that doesn’t work for me, as I already tested all your mentioned combinations and all work fine for me.


#10

Thanks you very much I will try to find a way
But can I ask you for a complete header of the request with status update of ع:* so I can test against it

Thanks in advance


#11

I just checked, and I do get Status = "403 Forbidden";
but you completely forgot to check the actual return message:

This request looks like it might be automated. To protect our users from spam and other malicious activity, we can't complete this action right now. Please try again later.

So the reason why you can’t post that is that it triggers the spam filter of Twitter.