Troubleshooting OAuth 1.0A

quenotacom · 2012-12-09T02:06:32.000Z

Hi I dont know if it is the right place, but, I am having big problems to resolve one issue with the oauth verification of my application (it was running for more than a year), the point is since 1 week ago, i am having big problems to get the request token, i checked and after some 401 errors generated by some changes from your side, the process is getting a 200 code (ok) but instead of receiving the request token, i receive an strange string (i havent deciphered!), My app is ASP classic,i checked it with http (original) and (https the same result), GET and POST the same.
Attached the log of the run : (Because no percentage permited here I replace it with X)

MSL in use Msxml2.ServerXMLHTTP.6.0
Host https://api.twitter.com
Authorization OAuth oauth_callback=“httpX3AX2FX2Fwww.quenota.comX2FauthX2Ftwitterqueno.asp”, oauth_consumer_key=“xxxxxx”, oauth_nonce=“hola251574”, oauth_signature=“yyyyyyyyyyy”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1355017844”, oauth_token="", oauth_version=“1.0”

Status 200

EncodeUri of ResponseText is X1FXEFXBFXBFX08X00X00X00X00X00X00X03EXEFXBFXBFX0EXEFXBFXBFX20X00X00XD0XBFXEFXBFXBF3X0FX1EZXEFXBFXBFFXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFQX22X08XC3XA0XEFXBFXBFXEFXBFXBFgXEFXBFXBFXEFXBFXBFXEFXBFXBFXDCX97XC9XA6XEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFFUX20XEFXBFXBFXEFXBFXBFIXEFXBFXBFXEFXBFXBFXEFXBFXBF6X07TgXEFXBFXBFXEFXBFXBFlXEFXBFXBF_XEFXBFXBFXEFXBFXBFXEFXBFXBF)XCFX9D_4X60XEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFwX3DXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFX2FXC3X9BXEFXBFXBFXEFXBFXBFXEFXBFXBF)XEFXBFXBFXEFXBFXBFX60*ZXEFXBFXBFXD5X83XEFXBFXBFX03XEFXBFXBFXEFXBFXBFtXEFXBFXBFX2CX0FXEFXBFXBFXEFXBFXBFX00X00X00

if you want to watch the string just replace X by percentage and urldecode it.

THANKS for any help !!!

mnirmala777 · 2013-01-04T21:24:02.000Z

Hometimeline.json for version 1.0 with OAuth worked fine. But when I change to version 1.1 it does not work. Why?

SeekVest · 2013-01-11T16:40:16.000Z

I don’t know where to ask this, so I thought this thread will be most appropriate.

I’m using the API to create an alternate form of creating user accounts for my website. I basically just need the API to convert a twitter user into a user on my website. That is all I require (apart from them interacting on my website once they are converted, but they will still always have to login using their twitter account). I’ve managed to create the application, got my consumer key, consumer secret, loaded it onto my site and when I click on the sign-in with twitter button, everything works (or so I assume). What I’m confused about is the need for an “access token” and “access token secret” , I don’t understand what I need that for?

If somebody could explain it in layman’s terms, because the documentation is very vague to me and I don’t get what I need an access token and access token secret for.

Thanks

jessethegame · 2013-01-14T04:22:05.000Z

+1 This fixed my issues too!

potarbas · 2013-01-30T08:52:00.000Z

Hi, I´m working with VB.NET and I want to make authorized calls to Twitter’s APIs. I obtained my access token like this https://dev.twitter.com/docs/auth/tokens-devtwittercom, because I just want to access the API from my own account. I allways obtain the same response, 401 error, not authorized. Can somebody help me?.
This is my code:


        ServicePointManager.Expect100Continue = False
    Dim oauth_consumer_key As String = System.Configuration.ConfigurationSettings.AppSettings("ConsumerKey")
    Dim oauth_consumer_secret As String = System.Configuration.ConfigurationSettings.AppSettings("ConsumerSecret")
    Dim oauth_token As String = System.Configuration.ConfigurationSettings.AppSettings("token")
    Dim oauth_token_secret As String = System.Configuration.ConfigurationSettings.AppSettings("tokenSecret")
    Dim oauth_version As String = "1.0"
    Dim oauth_signature_method = "HMAC-SHA1"

    Dim miOAuth As New OAuth.OAuthBase

    Dim oauth_nonce As String = miOAuth.GenerateNonce() 'create a nonce string
    Dim oauth_timestamp As String = miOAuth.GenerateTimeStamp() 'create the time in seconds

    Dim apiurl As New Uri("https://api.twitter.com/1.1/trends/place.json?id=1")

'generate my signature

Dim oauth_signature As String = miOAuth.GenerateSignature(apiurl, _

oauth_consumer_key, _

oauth_consumer_secret, _

oauth_token, _

oauth_token_secret, _

“GET”, _

oauth_timestamp, _

oauth_nonce, _

"", “”)
    'configuro propiedades del objeto request
    request = CType(WebRequest.Create("https://api.twitter.com/1.1/trends/place.json?id=1"), HttpWebRequest)
    Dim headerFormat = "OAuth oauth_nonce=""{0}"", oauth_signature_method=""{1}"", oauth_timestamp=""{2}"", oauth_consumer_key=""{3}"", oauth_token=""{4}"", oauth_signature=""{5}"", oauth_version=""{6}"""

    Dim authHeader = String.Format(headerFormat,
                                    Uri.EscapeDataString(oauth_nonce),
                                    Uri.EscapeDataString(oauth_signature_method),
                                    Uri.EscapeDataString(oauth_timestamp),
                                    Uri.EscapeDataString(oauth_consumer_key),
                                    Uri.EscapeDataString(oauth_token),
                                    Uri.EscapeDataString(oauth_signature),
                                    Uri.EscapeDataString(oauth_version)
        )

    request.Headers.Add("Authorization", authHeader)
    request.Method = "GET"
    request.ContentType = "application/x-www-form-urlencoded"

    Try
        resp = CType(request.GetResponse, HttpWebResponse)
        txtRespuesta.Text = resp.StatusCode
    Catch ex As Exception
        txtRespuesta.Text = ex.Message
    End Try

And this is my request header:
Authorization: OAuth oauth_nonce=“5552950”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1359535898”, oauth_consumer_key=“xxxxxxxxxxxxxxxxxxxxx”, oauth_token=“xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx”, oauth_signature=“0uKDNswlUfs42XnUjxLuwkkmAW8%3D”, oauth_version="1.0"
Content-Type: application/x-www-form-urlencoded

Thanks

selah404 · 2013-02-06T07:12:36.000Z

التفويض: بروتوكول OAuth oauth_nonce = “5552950”، oauth_signature_method = “HMAC-SHA1”، oauth_timestamp = “1359535898”، oauth_consumer_key = “XXXXXXXXXXXXXXXXXXXXX”، oauth_token = “XXXXXXXXX-xxxxxxxxxxxxxxxxxxxxxxxx”، oauth_signature = "3D 0uKDNswlUfs42XnUjxLuwkkmAW8٪ “، oauth_version =” 1.0 "
نوع المحتوى: تطبيق / س-WWW-شكل urlencoded

شكرا

dskanth · 2013-03-02T07:42:25.000Z

I keep getting the “Something wrong happened” message, when i login with Twitter. This is because the time on server, where my application is running has a past time. (approx. 1 hour less than the usual timezone time).
Is there a way to overcome this issue? I don’t have privileges to change time on server.

karlschipul_it · 2013-03-05T00:02:00.000Z

This works for a profile image:
http://api.twitter.com/1/users/profile_image/408669110?size=normal

This does not:
http://api.twitter.com/1.1/users/profile_image/408669110?size=normal

I am confused. Does this mean that someone did not yet turn it on yet for 1.1? Or does it mean http://api.twitter.com/1/users/profile_image/USERID?size=normal will continue to work?

Or does it mean that there is an entirely different URL for this?

episod · 2013-03-05T14:23:41.000Z

There’s no direct 1.1 equivalent of that method. You’ll need to request the user object using user/show or users/lookup to obtain a profile image URL for a user.

quenotacom · 2013-03-30T22:05:00.000Z

Hi,

Today i noticed this is having a strange behavior :

https://api.twitter.com/oauth/authenticate?oauth_token=xxxxx

And, in the screen it says i will have access to Direct Messages, and i understood it is the same as
authorize except the access to DM, could your clarify pls.

And another question:

I changed all my stuff to 1.1, and all the REST to https, but i dont use https in my site, so the questions is, currently everything is working with https (twitter resources), except when it return to my app after oauth authorize where i have a normal callback http://my site, is it going to work after your turn on the switch in the near future ?

episod · 2013-04-01T14:43:05.000Z

Make sure you aren’t being redirected to oauth/authorize from oauth/authenticate (which will happen if you haven’t enabled the use sign in with Twitter checkbox on your application record).

You aren’t required to use SSL on your own site – just make sure that all your requests to 1.1 paths and the /oauth/* steps are using SSL.

quenotacom · 2013-04-01T15:29:54.000Z

@episod Thank you !

GrooveboyIRL · 2013-04-07T09:22:25.000Z

Hi,

I use a twitter widget on my wordpress theme and up until a week ago it was working fine, now all of a sudden im getting this error message : ERROR 32: Could not authenticate you

Can you please advise?

MalibuMarathon · 2013-04-20T19:34:02.000Z

@episod, can you please clarify the method of “URL encode the parameters and values separately while building the basestring”.

Do you mean to Uri.EscapeDataString(“key=value&”) and concatenate
or Uri.EscapeDataString(“key=value”) + “&” and concatenate?

Thank you.

theochry · 2013-07-03T09:55:34.000Z

Hello.
I was working with a project and I was using Streaming API (especially GET statuses/sample) but after the changes on API v1.1 i have difficulties to make the oAuth 1.0a.

I create the signature with oAuth tool but I have no idea on where and how to use it.
I am using the Phirehose library and the enqueueStatus method to collect public statuses.
The call on the API was: $sc = new SampleConsumer(‘theochry’, ‘myCode’, Phirehose::METHOD_SAMPLE);
But i don’t know what to do now.

Any ideas?
thanks

Nirmalse7en · 2013-07-04T07:52:20.000Z

Hi @episod im struggling in that error can yo help me how to fix this error:
The remote server returned an error: (401) Unauthorized.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.WebException: The remote server returned an error: (401) Unauthorized.

Source Error:

Line 294: finally
Line 295: {
Line 296: webRequest.GetResponse().GetResponseStream().Close();
Line 297: responseReader.Close();
Line 298: responseReader = null;

perlkonig · 2013-07-13T23:20:19.000Z

So I’m trying to implement “Sign in via Twitter” functionality. I’m using the OAuth tool and I’ve confirmed that my base signing strings are identical, yet I’m still getting a signature mismatch. I’m a bit lost. I’m using an established library and it appears, at least, to be following the spec. Again, the base strings of Twitter’s OAuth tool and my library are identical. Below is Python3.3. Any ideas?

def sign_hmac_sha1(base_string, client_secret, resource_owner_secret): """**HMAC-SHA1**

The "HMAC-SHA1" signature method uses the HMAC-SHA1 signature
algorithm as defined in `RFC2104`_::

    digest = HMAC-SHA1 (key, text)

Per `section 3.4.2`_ of the spec.

.. _`RFC2104`: http://tools.ietf.org/html/rfc2104
.. _`section 3.4.2`: http://tools.ietf.org/html/rfc5849#section-3.4.2
"""

# The HMAC-SHA1 function variables are used in following way:

# text is set to the value of the signature base string from
# `Section 3.4.1.1`_.
#
# .. _`Section 3.4.1.1`: http://tools.ietf.org/html/rfc5849#section-3.4.1.1
text = base_string

# key is set to the concatenated values of:
# 1.  The client shared-secret, after being encoded (`Section 3.6`_).
#
# .. _`Section 3.6`: http://tools.ietf.org/html/rfc5849#section-3.6
key = utils.escape(client_secret or '')

# 2.  An "&" character (ASCII code 38), which MUST be included
#     even when either secret is empty.
key += '&'

# 3.  The token shared-secret, after being encoded (`Section 3.6`_).
#
# .. _`Section 3.6`: http://tools.ietf.org/html/rfc5849#section-3.6
key += utils.escape(resource_owner_secret or '')

# FIXME: HMAC does not support unicode!
key_utf8 = key.encode('utf-8')
text_utf8 = text.encode('utf-8')
signature = hmac.new(key_utf8, text_utf8, hashlib.sha1)

# digest  is used to set the value of the "oauth_signature" protocol
#         parameter, after the result octet string is base64-encoded
#         per `RFC2045, Section 6.8`.
#
# .. _`RFC2045, Section 6.8`: http://tools.ietf.org/html/rfc2045#section-6.8
return binascii.b2a_base64(signature.digest())[:-1].decode('utf-8')

perlkonig · 2013-07-14T01:00:06.000Z

I also did the following to the base string the OAuth tool gave me. It matched my library results but did not match the signature OAuth tool generates.

echo -n “BASESTR” | openssl sha1 -hmac “KEY” -binary | base64

perlkonig · 2013-07-14T02:02:18.000Z

OK. So I append my Access Secret to the key and the signatures match, but I’m confused. I’m at the “request a token” stage. Do I just use my app’s access token and secret as the request token and just jump directly to the “redirecting the user” step?

perlkonig · 2013-07-14T02:15:49.000Z

My understanding is I just need to send the callback URI and my consumer key (along with the obligatory nonce, timestamp, sig method, and oauth version) signed by my consumer secret alone.