My first app

andyrwaters · 2016-10-21T14:52:01.669Z

Hi all

I’m after a bit of guidance.

First of all in my app when I click “Test OAuth” is comes up with “Access denied - You are not authorized to access this page” when loading https://dev.twitter.com/oauth/tools/signature-generator/12993938. Is this an issue that needs resolving before going any further?

I need my application to be authorized to tweet from several different accounts. Which method of authentication should I use?

Thanks in advance, Andy

I have used Postman to get a

andypiper · 2016-10-21T16:06:06.853Z

We’ve got login issues on dev.twitter.com right now.

In the meantime, I would recommend that you look at using twurl to test any requests you need rather than attempting to use the OAuth Generator tool. There’s a tutorial available if you’re not familiar with that tool.

Access and signins to apps.twitter.com should be unaffected.

If you need the app to Tweet as different accounts, you’ll need the user to sign-in with Twitter, which is the so-called 3-legged OAuth flow.

andyrwaters · 2016-10-22T06:04:20.000Z

Hi Andy

Thanks replying, I’m pretty sure I can all the code I need in VB.NET as
I’ve already done it for Facebook.

A couple of questions about the 3 legged authentication method.

What or where do I find the “oauth_token” used in “GET oauth/authorize”?

Once I have an “access_token” for a particular account, does this expire?

I have a vb.net service which consumes data from my application and pushes
new properties to an property estate agents accounts. So I want to
authorise the application via their account once then store the
access_token so I can use it repeatedly without reauthorising.

I hope that makes sense.

Thanks, Andy

andyrwaters · 2016-10-22T06:12:35.000Z

Just to clarify, there is a vb.net service doing the posts but I
authenticate the accounts using asp.net which are all part of the same
solution.

Andy

andypiper · 2016-10-22T12:00:29.366Z

andyrwaters:

A couple of questions about the 3 legged authentication method.

What or where do I find the “oauth_token” used in “GET oauth/authorize”?

Once I have an “access_token” for a particular account, does this expire?

You create an app at apps.twitter.com which then gives you a consumer key and secret. You pass those in to the endpoint and during the sign-in with Twitter flow you get back the user’s access token and secret. You can then store the latter. It does not expire, unless the user revokes your application’s access to their account.

OAuth is not particularly easy to hand code so I’d generally recommend looking around at existing libraries which implement the steps for you. One .NET library I’m aware of is Tweetinvi, but there are several others.

andyrwaters · 2016-10-24T10:19:14.200Z

Hi Andy

I have successfully used the oauth/request_token in Postman then used the values with oauth/authorize.

I replicated this in VB.NET with the headers produced by Postman which worked, however when I try to create my own header is fails.

I believe this is down to the signature I’m creating as the time stamp and nonce are pretty straight forward. The response I’m getting is:

The remote server returned an error: (401) Unauthorized.

I’m creating the signature from this string (params in same order as authorization header):
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3D##my_consumer_key##%26oauth_token%3D##my_access_token##%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1477303297%26oauth_nonce%3DNjM2MTI5MDM2OTcxNDc0MDYz%26oauth_version%3D1.0

Any ideas?

Thanks, Andy