Reputation: 213
i'm trying to access twitter using the api i created an app and checked "Allow this application to be used to Sign in with Twitter", then i followed these steps:
https://dev.twitter.com/docs/api/1/post/oauth/request_token
https://dev.twitter.com/docs/auth/authorizing-request
https://dev.twitter.com/docs/auth/creating-signature
but i'm getting
urllib2.HTTPError: HTTP Error 401: Unauthorized
so i must have done something wrong or missed something
can somebody spot my mistake?
import urllib2
import time
import urllib
import hashlib
import hmac
import base64
def escape(s):
return urllib.quote(s, safe='~')
consumer_key = 'yBsHl3G6MqXx9JpnoLoGbA'
consumer_secret = 'JBk5oUDLSuNAXxdBHrDmoUFxemw7IJ1a2yWPmCydX7w'
http_method = 'POST'
base_url = 'https://api.twitter.com/oauth/request_token'
oauth_token_secret = ''
data={'oauth_callback':'http://localhost.de:8000/accounts/callback/twitter'}
header = {
'oauth_consumer_key': consumer_key,
'oauth_timestamp': str(int(time.time())),
'oauth_nonce': hashlib.md5(str(time.clock())).hexdigest(),
'oauth_version': '1.0',
'oauth_signature_method': 'HMAC-SHA1'
}
header.update(data)
paramstr = ''
for k in sorted(header):
paramstr+=escape(k)+'='+escape(header[k])+'&'
paramstr = paramstr[:-1]
print paramstr
sig_base_str = http_method.upper()+'&'+escape(base_url)+'&'+escape(paramstr)
print sig_base_str
key = escape(consumer_secret)+'&'+escape(oauth_token_secret)
signature = base64.b64encode(hmac.new(key, sig_base_str, hashlib.sha1).digest())
header['oauth_signature'] = signature
header_str = 'OAuth '
for k in sorted(header):
header_str+=escape(k)+'="'+escape(header[k])+'", '
header_str = header_str[:-2]
print header_str
req=urllib2.Request(base_url, data=urllib.urlencode(data))
req.add_header('Authorization', header_str)
print urllib2.urlopen(req).read()
i know there are libs for doing this, but i would like to write my own code for testing purposes
Upvotes: 1
Views: 519
Reputation: 213
i solved it myself. the twitter docs are not 100% correct. for example here
https://dev.twitter.com/docs/api/1/post/oauth/request_token
they say that the authorization header should look like this
OAuth oauth_nonce="K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw", oauth_callback="http%3A%2F%2Fmyapp.com%3A3005%2Ftwitter%2Fprocess_callback", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228849", oauth_consumer_key="OqEqJeafRSF11jBMStrZz", oauth_signature="Pc%2BMLdv028fxCErFyi8KXFM%2BddU%3D", oauth_version="1.0"
but this is wrong, you should not add oauth_callback="http%3A%2F%2Fmyapp.com%3A3005%2Ftwitter%2Fprocess_callback"
to the authorization header
Upvotes: 2