Geek Answers Handbook

Tumblr OAuth error message gives me 401 / "Invalid OAuth credentials"

I have an iOS application that sends images to several services, including twitter, and I'm trying to extend this tumblr support. I adapted some open source code for OAuth 1.0a header logic and it works well enough to be successful for twitter + twitpic and for tumblr authentication. However, messages with images in tumblr do not work with status 401 and the string response "Invalid OAuth credentials"

To simplify, my only multi-part sections are message type and image data.

So, my simple POST is http://www.tumblr.com/api/write , the basic signature line (approximately since Ive edited my consumer key and token, and linebreaks are added for readability):

POST&http%3A%2F%2Fwww.tumblr.com%2Fapi%2Fwrite& oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26 oauth_nonce%3D71edd7a1224463a7e1723bb7b568060b4d69deb6%26 oauth_signature_method%3DHMAC-SHA1%26 oauth_timestamp%3D1297678418%26 oauth_token%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26 oauth_version%3D1.0%26 type%3Dphoto

my oauth header (again, lines have been added for readability):

 Authorization: OAuth realm="http://www.tumblr.com/", oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1296445530", oauth_nonce="71edd7a1224463a7e1723bb7b568060b4d69deb6", oauth_version="1.0", oauth_token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", oauth_signature="fWuli4eO3qVehfdeFzZN%2FDNYpFk%3D"

the only other headers that I add are Content-Type (multipart / form-data) and Content-Length, and the message body is simple:

 --my_sorta_unique_boundary_string Content-Disposition: form-data; name="type" photo --my_sorta_unique_boundary_string Content-Disposition: form-data; name="data" Content-Type: image/jpg Content-Transfer-Encoding: binary ... (image data) ... --my_sorta_unique_boundary_string--

Can someone tell me that Ive done something wrong with my base base or auth header, or if there is some trick to make tumblr oauth messages work?

+3
ios iphone oauth tumblr
source share
4 answers

Having exactly the same problem with my OAuth implementation in Silverlight, I implemented the rest of the API without any problems, and this method works if you are not using OAuth and just send email headers and passwords.

The arvin post just showed me the problem, although it included other non-file fields in its OAuth. I just did the same with my message, so they were in a case with several parts, but also added to OAuth sig - and now I upload messages with photos without any problems!

+2
source share

I just dumped the baseline created by my application when you post to Tumblr. Linear abbreviations are added to reduce obscurity. Hope this helps.

 POST&http%3A%2F%2Fwww.tumblr.com%2Fapi%2Fwrite& caption%3D%253Cp%253Etesting%253C%252Fp%253E%26 click-through-url%3D%26 format%3Dhtml%26 generator%3D%253C%2520href%253D%2522http%253A%252F%252Fsudocode.net%252Fprojects%252Fpicasa-2-tumblr%2522%253EPicasa2Tumblr%253C%252Fa%253E%26 group%3Darvn.tumblr.com%26 oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26 oauth_nonce%3Db0f187f5d0781b3d6aea0f192e116524%26 oauth_signature_method%3DHMAC-SHA1%26 oauth_timestamp%3D1296560370%26 oauth_token%3DwkR9Jjtnp0tMPHp3aqcxvRd401cUeVX7PzxUrc0Y8SZZRoLHgs%26 oauth_version%3D1.0%26 private%3D0%26 slug%3D%26 state%3Ddraft%26 tags%3D%26 type%3Dphoto

One thing, you did not notify Tumblr that you were going to publish the photo using the type parameter.

+1
source share

I had the same problem. This was because I turned on Timelr's blank secret.

Here you get it: http://www.tumblr.com/oauth/apps → "Show Private Key"

In addition, I use xAuth stuff with their https://www.tumblr.com/oauth/access_token url.

Hope this helps. I am on Rails with Devise Stone.

0
source share

Had the same problem: it looks like our OAuth library (GTM OAuth) did not use the POST Data fields for signing. After adding the type and caption fields, the OAuth library used them additionally as a query string, and I was able to upload the photo / message / independently.

It seems that every post body field (with the exception of binary data) should be part of the OAuth signature.

0
source share

More articles:


All Articles