Geek Answers Handbook

Receive 401 requests on Twitter OAuth POST

I am trying to use Twitter OAuth and my POST requests fail with error 401 ( Invalid OAuth Request ).

For example, if I want to publish a new status update, I send an HTTP POST request to https://twitter.com/statuses/update.json with the following parameters -

 status=Testing&oauth_version=1.0&oauth_token=xxx& oauth_nonce=xxx&oauth_timestamp=xxx&oauth_signature=xxx& oauth_consumer_key=xxx&in_reply_to=xxx&oauth_signature_method=HMAC-SHA1`

My GET requests are working fine. I see on the mailing lists that many people had the same problems, but I couldn’t find a solution anywhere.

I am using the oauth.py Python library.

+6
python rest web-services oauth twitter
source share
6 answers

Most likely, the signature is not valid. You must follow the OAuth specification on how to generate a signature (normalized parameters, URL encoding and cosumerSecret & oauthScret. More on this later ......

-8
source share

I just finished implementing the twitter OAuth API from scratch using Java. Receive and send requests work fine. You can use this page http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html to verify HTTP signatures and headers. Just enter your keys and tokens and check the output. Twitter seems to work exactly as described in this post. Be careful with spaces and UTF-8 characters, for example, Java encodes the space as "+", but OAuth requires% 20

+4
source share

Make sure that the type of access to your application is read and written. On the settings page of your application (for example, http://twitter.com/apps/edit/12345 ) there is a radio button field similar to this:

Default Access Type: Read and Write / Read Only

If you select the Read Only checkbox, then the status update API will return 401.

+3
source share

I am the second answer from Jrgns. I have exactly the same problem. When you read the Twitter example, it’s actually understandable. However, their pseudo-code is misleading. In Python, this worked for me:

 def encodekeyval(key, val): key = urllib.quote(key, '') val = urllib.quote(val, '') return urllib.quote(key + '=' + val, '') def signature_base_string(urlstr, oauthdata): sigstr = 'POST&' + urllib.quote(urlstr,'') + '&' # retrieve "post" data as dictionary of name value pairs pdata = oauthdata.getpdata() # need to sort parameters pstr = '%26'.join([encodekeyval(key, pdata[key]) for key in sorted(pdata.keys())]) return sigstr + pstr
+3
source share

I had the same problems until I realized that the parameters should be double-encoded for the base line. My GET requests work fine, but my POSTs, especially status updates, have failed. On suspicion, I tried POST without spaces in the status parameter, and it worked.

In PHP:

 function encode($input) { return str_replace('+', ' ', str_replace('%7E', '~', rawurlencode($input))); } $query = array(); foreach($parameters as $name => $value) { $query[] = encode($name) . '=' .encode($value); } $base = encode(strtoupper($method)) . '&' .encode($norm_url) . '&' . encode(implode('&', $query));

Notice the encode function around the parameter names and values, and then around the entire query string. Space should end as %2520 , not just %20 .

+2
source share

I found a solution and it works for me. You should add the following parameters to the request header, and it should look like this (C # code), use and subscribe to use, and instead select parameters by a comma (,). and you should add the word "OAuth" first.

httpWebRequest.Headers [System.Net.HttpRequestHeader.Authorization] = "OAuth oauth_consumer_key = \" hAnZFaPKxXnJqdfLhDikdw \ ", oauth_nonce = \" 4729687 \ ", oauth_signh_hm_ht_t_time_meht_time_meht_time_meht_time_time_meht_time_meht_time_meht_time_time_meht_time_time_meht_time_meht_time_meht_time_meht_time_meht_time_time_meht_time_time_time_meht_time_time_time_meht_time_meht_time_meg_high_time_time_time_time_time_meg_high_time_time_time_time_mem_html_time_time_time_time_time_time_time_time_time_time_time_time_time_time_main_time_time_time_main = \ "17596307-KH9iUzqTxaoa5576VjILkERgUxcqExRyXkfb8AsXy \", oauth_version = \ "1.0 \", oauth_signature = \ "p8f5WTObefG1N9% 2b8AlBji1pg18A% 3d \" ";

and other parameters, such as "status", should be written in the request body.

0
source share

More articles:


All Articles