How to sign an image upload request


#1

0
down vote
favorite
so my app can sign people in to twitter, can send tweets, and suck in followers etc.

However getting stumped with how to upload an image…

so far all my requests are to api.twitter.com

now i build my signature base string with the standard oath parameters

[parameterList addObject:[NSString stringWithFormat:@"%@=%@&",consumerKeyKey,consumerKeyValue]];

[parameterList addObject:[NSString stringWithFormat:@"%@=%@&",nonceKey,nonceValue]];

[parameterList addObject:[NSString stringWithFormat:@"%@=%@&",signatureMethod,signatureMethodValue]];

[parameterList addObject:[NSString stringWithFormat:@"%@=%@&",tokenKey,tokenKeyValue]];

[parameterList addObject:[NSString stringWithFormat:@"%@=%@&",timestampKey,timeStampValue]];

[parameterList addObject:[NSString stringWithFormat:@"%@=%@&",oauthVersionKey,oauthVersionValue]];
Then i construct the base string with the Http method, the url , and then the parameters above, url encode it and hash the lot. Never had any problems

However now i am trying to use upload.twitter.com/1.1/media/upload.json

i am passing a body parameter “media_data” which contains a base64 encoded image

so i tried first using the standard pattern (https method, url , oath parameter list) it failed (401)

then i read this somewhat ambiguous instruction here

https://dev.twitter.com/rest/public/uploading-media

Because the method uses multipart POST, OAuth is handled a little differently. POST or query string parameters are not used when calculating an OAuth signature basestring or signature. Only the oauth_* parameters are used.

so i don’t have query string parameters, so fine, and i can remove the HTTP method

what about the url? this isn’t mentioned anywhere??

suffice to say i tried with no method (so just url, parameters) got a 401

then tried removing the url so just parameters got a 401

does anyone know exactly what values need to go into the base string when calculating the auth header for upload.twitter.com/1.1/media/upload.json" ??


#2

I have the exact same issue as you! Yes, the instructions here:- https://dev.twitter.com/rest/public/uploading-media … i.e. :-

[quote]Because the method uses multipart POST, OAuth is
handled a little differently. POST or query string parameters are not
used when calculating an OAuth signature basestring or signature. Only
the oauth_* parameters are used. [/quote]

…are annoyingly vague.

I keep getting this error:-

They could answer the solution succinctly by simply posting ad-verbatim a Request example. All I see is a Response example at the bottom of the page (https://dev.twitter.com/rest/public/uploading-media).

I have no idea how to authenticate a media/upload call because I can’t use querystring or POST to do it…?!


#3

Further to my previous reply, here’s my authentication header:-

oauth_consumer_key=“xxx”, oauth_nonce=“xxx”, oauth_signature=“xxx”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1426684077”, oauth_token=“xxx”, oauth_version=“1.0”

This looks perfect to me - obviously “xxx” replaces actual codes. Yet I get :-

{“errors”:[{“code”:32,“message”:“Could not authenticate you.”}]}


#4

I am running in to this same issue. Twitter’s documentation for chunked media upload still has the same vague language as it did when this issue was originally posted 9 months ago. Has anyone found the solution?


#5

Answering my own question… the solution here is that the OAuth signature for this case is based on the following:

  • The request URL
  • The HTTP request method
  • The query string parameters from the HTTP request line
  • The oauth_* parameters

No other values are used in the calculation of the OAuth “signature base string” when the content-type of a POST request is anything besides application/x-www-form-urlencoded. Refer to Section 9 of the OAuth 1.0a specification.