Unauthorized POST to statuses/update_with_media


#1

One of my users reported that she wasn’t able to post a new status with an attached image. After testing it, I found that any requests to statuses/update_with_media are not authorized. Every other API calls are fine. Anyone experiencing this?

I’m using the official twitter gem (not latest version, but I tried upgrading it to latest and got the same result).


#2

Hello Rodrigo,

What is the error code that you are receiving when trying to perform the calls on [node:9708]? Are you sure that your Twitter app asks for both Read+Write access in order to be allowed to post Tweets?

Thanks,
Romain


#3

Yes, we ask for both Read+Write. If I POST to just statuses/update.json, it works. The error I’m getting is the following:

Twitter::Error::Unauthorized: Could not authenticate you

Thanks!


#4

Hi Rodrigo, thanks for the note. Any chance you got retrieve more details on the complete request and response so we can help troubleshoot? Thank you!


#5

Hi Romain, I’m a colleague of Rodrigo’s and have been digging into this since it’s my issue for the week. I tried to inspect the request inside of the twitter gem using pry, and compiled my steps/notes into this gist: https://gist.github.com/JanKoszewski/61b3ae97772591f7b028. That request/all requests generated with the update_with_media on the twitter gem return the “Twitter::Error::Unauthorized: Could not authenticate you” error Rodrigo mentioned above.

I also went a step further and tried to replicate the request using curl to see if I could pinpoint the error and demonstrate to you what we’re trying to do - I was pointed to this discussion by another colleague to do so: https://dev.twitter.com/discussions/10422. Here are my results, using the oauth tokens generated by the request generated from the gem which I inspected using the technique above in the gist I posted. This and similar attempts also return an ‘unauthorized’ error:

○ → curl --request ‘POST’ ‘https://upload.twitter.com/1.1/statuses/update_with_media.json’ --header ‘Authorization: OAuth oauth_consumer_key=“e0BXaCbzc3GrPABMCj2w”, oauth_nonce=“4aa3d970395e954ce75832be55e0fd83”, oauth_signature=“Pwblc4xSF9Wtj3hopJZS1McjGMc%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1393448069”, oauth_token=“608424371-Ei6vojEXe1rfkAigLVkXF0eQaWoRRhEv4UdUgOrW”, oauth_version=“1.0”’ --verbose -F “media[]=@Downloads/mjJq45c.jpg” -F “status=Test from cURL”

  • Adding handle: conn: 0x7f8699803a00
  • Adding handle: send: 0
  • Adding handle: recv: 0
  • Curl_addHandleToPipeline: length: 1
    • Conn 0 (0x7f8699803a00) send_pipe: 1, recv_pipe: 0
  • About to connect() to upload.twitter.com port 443 (#0)
  • Trying 199.16.156.117…
  • Connected to upload.twitter.com (199.16.156.117) port 443 (#0)
  • TLS 1.2 connection using TLS_ECDHE_RSA_WITH_RC4_128_SHA
  • Server certificate: upload.twitter.com
  • Server certificate: VeriSign Class 3 Secure Server CA - G3
  • Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5

POST /1.1/statuses/update_with_media.json HTTP/1.1
User-Agent: curl/7.30.0
Host: upload.twitter.com
Accept: /
Authorization: OAuth oauth_consumer_key=“e0BXaCbzc3GrPABMCj2w”, oauth_nonce=“4aa3d970395e954ce75832be55e0fd83”, oauth_signature=“Pwblc4xSF9Wtj3hopJZS1McjGMc%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1393448069”, oauth_token=“608424371-Ei6vojEXe1rfkAigLVkXF0eQaWoRRhEv4UdUgOrW”, oauth_version="1.0"
Content-Length: 226083
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------05a93c21df85

< HTTP/1.1 100 Continue
< HTTP/1.1 401 Unauthorized
< content-length: 63
< content-type: application/json; charset=utf-8
< date: Wed, 26 Feb 2014 21:06:25 UTC

  • Server tfe is not blacklisted
    < server: tfe
    < set-cookie: guest_id=v1%3A139344878528182722; Domain=.twitter.com; Path=/; Expires=Fri, 26-Feb-2016 21:06:25 UTC
    < strict-transport-security: max-age=631138519
    < Connection: close
    <
  • Closing connection 0
    {“errors”:[{“message”:“Could not authenticate you”,“code”:32}]}

I’m not sure how much this helps, but this is what I’ve attempted so far. If you have any suggestions about how to further inspect this error or retrieve the information you need in order to best troubleshoot this, please let me know and I’ll get to it asap. Thank you very much either way for your time!


#6

Hi Romain; it looks like my previous attempt at a response was or is up for moderation, and that it might not have been accepted so I’m putting my attempts into gist format this time around. I’m a colleague of Rodrigo’s and I’ve been working on this issue this week since I’m on call.

Here’s my attempt at inspecting the request being issued inside of the twitter client gem using pry: https://gist.github.com/JanKoszewski/61b3ae97772591f7b028

Here’s my attempt at issuing the same request being made in the twitter client gem using curl: https://gist.github.com/JanKoszewski/c5d898350c1645c1d647 (I used this discussion as a guide: https://dev.twitter.com/discussions/10422). The oauth params in this curl request were retrieved from the method I used to inspect the request in the gist above that.

As you can see from the curl request, both of these techniques still yield the “Twitter::Error::Unauthorized: Could not authenticate you” error Rodrigo talked about above. If you have any ideas about how best to investigate this further, or if there’s any specific information that you’d like to see that I haven’t included here, please let me know and I’ll work on getting it to you asap.

Thank you very much either way for your time.


#7

Any update here? I’m interested in this as well.


#8

@romainhuet I work with Rodrigo and Jan and am picking this up. Any status on this?


#9

Out of curiosity, have you tried uploading this via twurl? (http://github.com/twitter/twurl, gem install twurl). Twurl tends to be the de facto standard for establishing if the issue is with your OAuth lib or with Twitter. twurl was recently extended to allow file uploads.


#10

Have you reviewed our guide on uploading media that outlines some of the common issues around properly getting images uploaded?

https://dev.twitter.com/docs/uploading-media