Twitter- Obtaining a request token Response 401 - POST -
i'm trying create app twitter , i'm stuck in first step.
i'm trying post https://api.twitter.com/oauth/request_token , everytime 401.
i'm using varient of apache commns httpclient's post method, specific tool, i'll post highlevel picture.
my header: 'oauth '+ 'oauth_callback="oob",'+ 'oauth_consumer_key="zhad2y6rrqaazqsz21rsha",'+// fake 'oauth_nonce="'+ <random string of 32characters> +'",'+ 'oauth_signature="'+ a.signature +'",'+ 'oauth_signature_method="hmac-sha1",'+ 'oauth_timestamp="'+ <time in seconds since unix epoc> +'"'; i'm generating signature in method:
step1: percentage encoding key-value pairs, , appending them given in twitter's signature page.
step2: appending post , url, after percentage encoding. i'm left with:
post&https%3a%2f%2fapi.twitter.com%2foauth%2frequest_token&oauth_callback%3doob%26oauth_consumer_key%20%3d%20zhad2y6rrqaazqsz21rsha%26oauth_nonce%3dkyjzvbb8y0zfabxswbwovy3uysq2ptgmzenu2vs4%26oauth_signature_method%3dhmac-sha1%26oauth_timestamp%3d1318622958, so far good..
my problem starts here, next step signing key, , needs 2 things :
- consumer secret of application
- the access token ( https://dev.twitter.com/docs/auth/creating-signature page says)
append these two, & , hmac-sha1. how accesstoken?
i'm yet send post twitter right? access token here mean bearer token?
the page doesn't mention how access token(it does, i'm doing post access token right?!)
thanks help!
the first thing understand there several steps oauth 1.0a used twitter:
step 1: request unauthorized request token twitter
step 2: twitter respond request token , request token secret
step 3: send user twitter request token authorization user app
step 4: twitter respond verification code
step 5: send request token , verifcation code twitter obtain access token
step 6: twitter respond access token , access token secret
step 7: use access token , access token secret make requests twitter api
at each stage of process request must signed using consumer key , appropriate token secret. @ step 1 have consumer secret signing key constructed appending ampersand character percent encoded consumer secret. worth noting here signature base string above missing oauth_version parameter , base string should not end comma.
once have obtained request token , request token secret (step 2), can send user twitter authorize url grant authorization app. achieved appending request token authorize url querystring , getting user visit url (step 3). i.e.
https://api.twitter.com/oauth/authorize?request_token=npxxxxy0yu5t3tbzho7icotz3cnetkwctirlx0iwrl0 note request not need signed.
once user has logged in twitter , authorized app, receive verifcation code (oauth_verifier) pass application (step 4).
you make request twitter exchange request token access token. achieved posting signed request includes oauth_verifier code twitter access token url (https://api.twitter.com/oauth/access_token). signing key constructed using percent encoded consumer secret appended percent encoded request token secret using ampersand character (step 5).
if ok, twitter respond access_token , access_token_secret (step 6). can use these tokens make future requests on behalf of user (step 7). signing key these requests constructed using percent encoded consumer secret appended percent encoded access token secret using ampersand character.
on last note, bearer token part of oauth 2 has different authorization flow oauth 1.0a.
if need check oauth signatures can use utility such this one.
Comments
Post a Comment