Discussion:
Twitter authorization failing
Arun Gupta
2012-01-14 00:27:45 UTC
Permalink
I'm using OAuthFilter to communicate with Twitter. request_token,
authorize, access_token, callback etc all seem to happen correctly. But
sending an authorized request to twitter servers is failing. The twitter
team seems to think the signatures generated in the OAuthFilter may not
be correct. More details about this at:

https://dev.twitter.com/discussions/4865

Couple of questions ...

Is Jersey using OAuth 1.0 or OAuth 1.0a ?

Can I dump the base string that is used for generating the signature ?

Twitter's method of signature generation is document at:

https://dev.twitter.com/docs/auth/creating-signature

The complete code is at:

http://java.net/projects/weblogic-examples/sources/weblogic-12c-user-examples/content/arun.gupta/javaee6/twitter/src/main/java/org/javaee6/samples/twitter/TwitterClient.java?rev=36

I tried the oauth-twitter-client and that seem to work fine. But could
not understand how to change the sample to use web-based authentication
instead of OOB.

Any thoughts ?

Thanks,
-Arun
--
http://twitter.com/arungupta
http://blogs.oracle.com/arungupta
Martin Matula
2012-01-16 16:26:34 UTC
Permalink
Hi Arun,
I checked your code briefly and it seems you are not adding consumer
secret to the secrets in getOAuthFilter() method.
Also, please don't call nonce() and timestamp() methods on
OAuthParameters - both are generated automatically - calling these
methods explicitly will disable the automated generation for every new
request so if you make several request using the same filter, they will
have the same timestamp and nonce, which will also be an issue.
Hope this helps.
Martin
Post by Arun Gupta
I'm using OAuthFilter to communicate with Twitter. request_token,
authorize, access_token, callback etc all seem to happen correctly.
But sending an authorized request to twitter servers is failing. The
twitter team seems to think the signatures generated in the
https://dev.twitter.com/discussions/4865
Couple of questions ...
Is Jersey using OAuth 1.0 or OAuth 1.0a ?
Can I dump the base string that is used for generating the signature ?
https://dev.twitter.com/docs/auth/creating-signature
http://java.net/projects/weblogic-examples/sources/weblogic-12c-user-examples/content/arun.gupta/javaee6/twitter/src/main/java/org/javaee6/samples/twitter/TwitterClient.java?rev=36
I tried the oauth-twitter-client and that seem to work fine. But could
not understand how to change the sample to use web-based
authentication instead of OOB.
Any thoughts ?
Thanks,
-Arun
Arun Gupta
2012-01-17 21:51:17 UTC
Permalink
Hi Martin,

Silly error, thanks for pointing out!

It's rolling now :-)

-Arun
Post by Martin Matula
Hi Arun,
I checked your code briefly and it seems you are not adding consumer
secret to the secrets in getOAuthFilter() method.
Also, please don't call nonce() and timestamp() methods on
OAuthParameters - both are generated automatically - calling these
methods explicitly will disable the automated generation for every new
request so if you make several request using the same filter, they
will have the same timestamp and nonce, which will also be an issue.
Hope this helps.
Martin
Post by Arun Gupta
I'm using OAuthFilter to communicate with Twitter. request_token,
authorize, access_token, callback etc all seem to happen correctly.
But sending an authorized request to twitter servers is failing. The
twitter team seems to think the signatures generated in the
https://dev.twitter.com/discussions/4865
Couple of questions ...
Is Jersey using OAuth 1.0 or OAuth 1.0a ?
Can I dump the base string that is used for generating the signature ?
https://dev.twitter.com/docs/auth/creating-signature
http://java.net/projects/weblogic-examples/sources/weblogic-12c-user-examples/content/arun.gupta/javaee6/twitter/src/main/java/org/javaee6/samples/twitter/TwitterClient.java?rev=36
I tried the oauth-twitter-client and that seem to work fine. But
could not understand how to change the sample to use web-based
authentication instead of OOB.
Any thoughts ?
Thanks,
-Arun
--
http://twitter.com/arungupta
http://blogs.oracle.com/arungupta
Loading...