5

I'm trying to post a tweet to Twitter with the following code, but keep getting the error "Could not authenticate you","code":32": 

 curl_global_init(CURL_GLOBAL_ALL);
 CURL *curl = curl_easy_init();

 char *signedurl = malloc(sizeof(char) * 1024); /* Not how it will be, but works in this example. */

 char *url = "https://api.twitter.com/1.1/statuses/update.json";
 signedurl = oauth_sign_url2(url, NULL, OA_HMAC, "POST", consumer_key, consumer_secret, user_token, user_secret);
 char *status = "status=test";

 curl_easy_setopt(curl, CURLOPT_URL, signedurl); /* URL we're connecting to, after being signed by oauthlib */
 curl_easy_setopt(curl, CURLOPT_USERAGENT, "dummy-string"); /* Not the actual string, just a dummy for this example */
 curl_easy_setopt(curl, CURLOPT_POST, 1);
 curl_easy_setopt(curl, CURLOPT_POSTFIELDS, status);
 //curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);

 int curlstatus = curl_easy_perform(curl); /* Execute the request! */

 curl_easy_cleanup(curl);
 free(signedurl);

Now, I looked at Twitter's documentation and the discussion on their website, and they recommend three things:

  1. Regenerate your access tokens. I've done this, and tried to post to Twitter via them using the developers console in the Twitter desktop program I have, and that works. This makes me think that the problem is elsewhere.
  2. Include Content-Type: application/x-www-form-urlencoded in the header of the request. My understanding is that this is default for how I'm using cURL, and indeed, when I use the VERBOSE option, I can see that it is in the header.
  3. Properly encode the url. I know that oauth_sign_url2 does this correctly when fetching things from Twitter, and I've tried using oauth_url_escape("status=test") on the status (even though I don't think I'm supposed to do that). That doesn't work either.

I have a feeling it's something completely obvious, but I am stumped.

Tripp Kinetics
  • 5,178
  • 2
  • 23
  • 37
ccc
  • 83
  • 6
  • Does your request work if you make it via the `curl` command-line tool? – ams Jul 02 '14 at 21:58
  • @ ams That was a very good question. I used the tool Twitter provides to generate the command for me, just to be sure that it would work, and incidentally, I get the same error message. Surely this means that the problem is at their end? – ccc Jul 02 '14 at 22:07
  • I tried again, and it went through, unfortunately, I want to say. I have no idea what was different that time around. – ccc Jul 02 '14 at 22:14
  • Who knows, maybe there's some kind of anti-abuse lockout going on? Anyway, if the problem has gone away all is good. :-) – ams Jul 03 '14 at 11:30
  • Well, the code still doesn't work. It only works when I use the command-line tool. – ccc Jul 03 '14 at 12:33
  • Not sure if it means anything, but `signedurl` has memory allocated, and then gets overwritten. – ams Jul 03 '14 at 12:48
  • You mean it should be `char *signedurl = oauth_sign_url2(url, NULL, OA_HMAC, "POST", consumer_key, consumer_secret, user_token, user_secret);`, without the `malloc()`? In any case, it doesn't make a difference. – ccc Jul 03 '14 at 13:05
  • I mean it's wrong. I don't know what right looks like, in this case. – ams Jul 03 '14 at 14:59
  • In both cases it returns the string you would expect, so I don't think that's the problem. – ccc Jul 03 '14 at 15:14
  • The code *looks* fine to me. You'll have to compare the verbose output and see what's different. – ams Jul 03 '14 at 15:19
  • Another excellent suggestion, and that does indeed reveal differences. I see that I need to put the OAUTH authorization in the header, rather than having it in the url as I do, and works for GET. Thanks! – ccc Jul 04 '14 at 05:39
  • Don't forget to post your solution as an answer when you've got it right. – ams Jul 04 '14 at 08:34

1 Answers1

1

What was missing from my original code was to properly build the header. The following code works.

 char *ttwytter_request(char *http_method, char *url, char *url_enc_args)
 {
  struct curl_slist * slist = NULL;
  char * ser_url, **argv, *auth_params, auth_header[1024], *non_auth_params, *final_url, *temp_url;
  int argc;

  ser_url = (char *) malloc(strlen(url) + strlen(url_enc_args) + 2);
  sprintf(ser_url, "%s?%s", url, url_enc_args);

  argv = malloc(0);
  argc = oauth_split_url_parameters(ser_url, &argv);
  free(ser_url);

  temp_url = oauth_sign_array2(&argc, &argv, NULL, OA_HMAC, http_method, consumer_key, consumer_secret, user_token, user_secret);
  free(temp_url);

  auth_params = oauth_serialize_url_sep(argc, 1, argv, ", ", 6);
  sprintf( auth_header, "Authorization: OAuth %s", auth_params );
  slist = curl_slist_append(slist, auth_header);
  free(auth_params);

  non_auth_params = oauth_serialize_url_sep(argc, 1, argv, "", 1 );

  final_url = (char *) malloc( strlen(url) + strlen(non_auth_params) );

  strcpy(final_url, url);
  postdata = non_auth_params;

  for (int i = 0; i < argc; i++ )
  {
    free(argv[i]);   
  }
  free(argv);

  curl_easy_setopt(curl, CURLOPT_URL, url);
  curl_easy_setopt(curl, CURLOPT_USERAGENT, "dummy-string");
  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist);
  curl_easy_setopt(curl, CURLOPT_POST, 1);
  curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postdata);

 int curlstatus = curl_easy_perform(curl); /* Execute the request! */

 curl_easy_cleanup(curl);
}
ccc
  • 83
  • 6