0

This is a follow up to a previous question I had posted here.

Basically I've been trying to implement a way to send request to twitter oauth resources via javascript. I have a server running a Django application which uses Django-social-auth to register users to Tiwtter. After I've obtained authorisation I get a users access_token and oauth_token_secret.

On the client side I have a javascript application which calls my server to compute the appropriate headers, which I do by using python oauth2. The piece of code doing this is as follows:

url = request.POST['url']

params = {
    'oauth_version': "1.0",
    'oauth_nonce': oauth.generate_nonce(),
    'oauth_timestamp': int(time.time()),
    }

at = social.extra_data['access_token'].split('&oauth_token=')[1]
ats = social.extra_data['access_token'].split('&oauth_token=')[0].split('oauth_token_secret=')[1]

token = oauth.Token(key=at, secret=ats)
consumer = oauth.Consumer(key=settings.TWITTER_CONSUMER_KEY, secret=settings.TWITTER_CONSUMER_SECRET)

params['oauth_token'] = token.key
params['oauth_consumer_key'] = consumer.key

req = oauth.Request(method="GET", url=url, parameters=params)

signature_method = oauth.SignatureMethod_HMAC_SHA1()
req.sign_request(signature_method, consumer, token)

This request parameters are then sent to the client which does the call to Twitter using these parameters:

$.ajax({
    url: "https://api.twitter.com/1/statuses/home_timeline.json",
    data: parameters,
    dataType: 'jsonp',
    success: function(twitter_data) {
    console.log('twitter_data = ', twdata);
    },
    error: function(jqXHR, textStatus, errorThrown) {
    console.log('err = ', textStatus);
    console.log('err = ', errorThrown);
    }
});

which generates a request for a resource like: 

https://api.twitter.com/1/statuses/home_timeline.json?callback=jQuery17107030615725088865_1341786299930&oauth_nonce=15094349&oauth_timestamp=1341785696&oauth_consumer_key=[OAUTH_CONSUMER_KEY HERE]&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=[OAUTH_TOKEN HERE]0&oauth_signature=pQwHlKmepgtym%2Ffj%2BupCGP8mv3s%3D&page=2&include_entities=true&_=1341786306712

Still I get a 401 Unauthorized error. I checked the code three times so am wondering if I missing something???

Thanks.

Community
  • 1
  • 1
ip.
  • 3,306
  • 6
  • 32
  • 42

1 Answers1

0

For requests which requires an authentication, you have to put the authentication parameters in a HTTP header called Authorization, not in the POST parameters. It is explained in the Twitter API documentation here : https://dev.twitter.com/docs/auth/authorizing-request.

air-dex
  • 4,130
  • 2
  • 25
  • 25
  • I can't do that because I'm using JSONP to get around the cross-domain issue, and with using JSONP you can't add an HTTP header. I'm sure twitter allows sending parameters in other ways so calls can be made cross-domain from the browser – ip. Jul 09 '12 at 07:01
  • No. This is written in the Twitter API documentation on the link I gave you : "Twitter's implementation [of OAuth 1.0a] requires that requests needing authorization contain an additional HTTP Authorization header". – air-dex Jul 09 '12 at 13:17