Upload chunked video with Oauth Echo

baileyspace · 2016-03-09T03:15:31.334Z

I have a media API and I’m attempting to allow users of third party applications to tweet video via my API, so I’m implementing Oauth Echo. I am able to complete the first step, verifying the user’s credentials; however, when I go to initialize the upload I get a “Could not authenticate you” error. In the chunked media upload docs, I noticed this section, but it’s unclear to me how this applies to performing chunked media upload via Oauth Echo:

“Because the method uses multipart POST, OAuth is handled a little differently. POST or query string parameters are not used when calculating an OAuth signature basestring or signature. Only the oauth_* parameters are used.”

Here’s my trace:

opening connection to upload.twitter.com:443…
opened
starting SSL for upload.twitter.com:443…
SSL established
<- “POST /1.1/media/upload.json?command=INIT&media_type=video%2Fmp4&total_bytes=2000 HTTP/1.1\r\nAuthorization: OAuth oauth_consumer_key=“XXXXXXXXXXXXXXXXX”, oauth_nonce=“XXXXXXXXXXXXXXXXX”, oauth_signature=“XXXXXXXXXXXXXXXXX”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1457492349”, oauth_token=“XXXXXXXXXXXXXXXXX”, oauth_version=“1.0”\r\nConnection: close\r\nHost: upload.twitter.com\r\nContent-Length: 0\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n”
<- “”
-> “HTTP/1.1 401 Authorization Required\r\n”
-> “connection: close\r\n”
-> “content-length: 64\r\n”
-> “content-type: application/json; charset=utf-8\r\n”
-> “date: Wed, 09 Mar 2016 03:10:23 GMT\r\n”
-> “server: tsa_a\r\n”
-> “set-cookie: guest_id=v1%3A145749302339262531; Domain=.twitter.com; Path=/; Expires=Fri, 09-Mar-2018 03:10:23 UTC\r\n”
-> “strict-transport-security: max-age=631138519\r\n”
-> “vary: Origin\r\n”
-> “x-connection-hash: 6a4b3c223cca493550d30c3fed750df1\r\n”
-> “x-frame-options: SAMEORIGIN\r\n”
-> “x-response-time: 7\r\n”
-> “x-xss-protection: 1; mode=block\r\n”
-> "\r\n"
reading 64 bytes…
-> “”
-> "{“errors”:[{“code”:32,“message”:“Could not authenticate you.”}]}"
read 64 bytes
Conn close
=> #<HTTParty::Response:0x7ffec2e900e8 parsed_response={“errors”=>[{“code”=>32, “message”=>“Could not authenticate you.”}]}, @response=#<Net::HTTPUnauthorized 401 Authorization Required readbody=true>, @headers={“connection”=>[“close”], “content-length”=>[“64”], “content-type”=>[“application/json; charset=utf-8”], “date”=>[“Wed, 09 Mar 2016 03:10:23 GMT”], “server”=>[“tsa_a”], “set-cookie”=>[“guest_id=v1%3A145749302339262531; Domain=.twitter.com; Path=/; Expires=Fri, 09-Mar-2018 03:10:23 UTC”], “strict-transport-security”=>[“max-age=631138519”], “vary”=>[“Origin”], “x-connection-hash”=>[“6a4b3c223cca493550d30c3fed750df1”], “x-frame-options”=>[“SAMEORIGIN”], “x-response-time”=>[“7”], “x-xss-protection”=>[“1; mode=block”]}>

Yamachia · 2016-03-10T05:00:09.582Z

The header and everything looks ok as far as I can tell. Chances are, you could be creating the signature wrong. How are you creating it? Are you including both the body params and oauth params in the signature creation and calculation?

btw, check out my small github project to compare notes. It does everything related to a video tweet, creating nonces, calculating signatures and creating oauth headers:

GitHub

Godzilogg/twitter-video-tweet

twitter-video-tweet - Tweet a video to Twitter!!

baileyspace · 2016-03-10T18:28:25.314Z

Thanks @Yamachia for getting back to me! I’m using HTTParty to make my requests. I’ve tried a lot of different variations, but this is what I think is closest to correct:

#IRL I'm getting the following two vars from the user, but for sake of demonstration this is more or less what they'll be
x_auth_service_provider = 'https://api.twitter.com/1.1/account/verify_credentials.json'
x_verify_credentials_authorization = 'OAuth oauth_consumer_key="XXXX", oauth_nonce="XXXX", oauth_signature="XXXX", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1457473883", oauth_token="XXXX", oauth_version="1.0"'

response = HTTParty.get(x_auth_service_provider, 
  :headers => {"Authorization" => x_verify_credentials_authorization})

if response.code == 200
  init = HTTParty.post('https://upload.twitter.com/1.1/media/upload.json',
    :headers => {"Authorization" => x_verify_credentials_authorization},
    :body => {'command' => 'INIT', 'media_type'=> 'video/mp4', 'total_bytes' => '2000'},
    :debug_output => $stdout)
end

In the meantime, I’ll take a look at your project.

Llg · 2016-04-06T17:06:57.319Z

Hello,
Can you please give me the same example but in java? I’m working on it but I face some troubles.
Thanks,