How can I get all followers(friends) of a user who is authenticated by my twitter app. I had tried below one as per twitter docs
https://api.twitter.com/1.1/friends/ids.json?cursor=-1&screen_name=<user_screen_name>
But the result was:
{"errors":[{"message":"Bad Authentication data","code":215}]}
Your call needs to be made with oAuth, a plain URL call won't work, even if the screen name has authorised your Twitter app.
You need to construct an HTTP GET to the URL you have shown, but with a properly formed authorisation header (oAuth).
It is effectively a web request header with a key of "Authorization" and a generated value which looks like this:
OAuth realm="<name of realm, e.g. Twitter API>",
oauth_consumer_key="<your app key, you'll know this already from your twitter app>",
oauth_nonce="<this is basically a random alphanumeric string which your app should generate>",
oauth_timestamp="<number of seconds since 1/1/1970 00:00:00",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0",
oauth_signature="<this is the trickiest part, you basically have to hash the request + two secret params through a signing algorithm using the signature method above>"
See here for more info:
https://dev.twitter.com/docs/auth/authorizing-request
Related
I am trying to Authorize via OAuth with Trello and I can't seem to get it right, even in postman.
I have followed their API docs and have got myself a developer key and I have used a little link they have in this article to get a valid auth token.
I tried including the API key and Auth token in the header and (in a separate test) in the body, as per their documentation.
Everything I try results in "unauthorized permission requested".
What am I doing wrong?
Ok so I had obviously made a mistake when trying the Header route.
It works now if I provide a header key called Authorization and the API key and Auth Token in the following format OAuth oauth_consumer_key="{{apiKey}}", oauth_token="{{apiToken}}".
I have successfully implemented the Twitter Authentication in my .net core project. in the ExternalLoginCallback (Account Controller), I am receiving the access_token and access_token_secret after successful authentication with twitter.
How am I meant to use those to call the twitter REST API in order to receive further information about the user?
It looks like the API needs different keys for the authorisation.. See here:
Authorization:
OAuth oauth_consumer_key="xxxxxxxxxxx",
oauth_signature_method="HMAC-SHA1",oauth_timestamp="xxxxxxxxxxx",
oauth_nonce="xxxxxxxxxxx",
oauth_version="1.0",oauth_token="xxxxxxxxxxx-xxxxxxxxxxx",
oauth_signature="xxxxxxxxxxx"
I have replaced all values with xxxx..
Hope you can provide me with the missing puzzle piece!
Thanks, Nik
It looks like you're building the autorization string property.
The last step is to send the request to the Twitter endpoint, setting the value of the header to your authorization string.
https://dev.twitter.com/oauth/overview/authorizing-requests
I am writing PHP API for Bit.ly using oauth2 for authentication. Their docs say that in order to retrieve access token with username and password we have 2 ways of achieving that:
Resource Owner Credentials Grants
HTTP Basic Authentication
I was successful only with the basic authentication method, the first method does not work for some reason.
What I did was using PHP cURL methods I appended to header authorization method which was following the docs:
Authorization: "Basic " + base64encode(client_id + ":" + client_secret)
And I also changed content type to:
Content-Type: application/x-www-form-urlencoded
After that I added parameters:
grant_type=password&username=bitlyuser&password=bitlypassword
And I am submiting the post request and I get:
INVALID_LOGIN
That error means the Bitly user name is incorrect. If you are positive it's correct, can you email me at api#bitly.com with the client ID and the user name?
Sometimes the actual user name may differ from what's displayed, if you signed up via Facebook or Twitter. You can find the actual login by going to your settings and clicking "Show Legacy API Key". (I'll file an issue to move that data outside the API key location.)
I followed the tutorial on https://dev.twitter.com/docs/auth/implementing-sign-twitter to use OAuth on my homepage. Everything worked and after the last step I have an oauth_token (after converting it to an access token) and an oauth_token_secret. Now I want to post a new status on twitter. So I did everything on this page https://dev.twitter.com/docs/auth/authorizing-request which is just a post request to /1/statuses/update.json. On that page nothing is said about the oauth_token_secret, so I haven't used it in my request and just have put the oauth_token in it. After submitting the post request twitter gives me the status code 401 Unauthorized. Why that? Do I have to use the oauth_token_secret somewhere?
The token secret is used to hash the signature base. Something like a password. You don't send the password, you use it to compute a secure hash of the thing the service sent to you. You send that secure hash, then the service checks that secure hash against the request you sent. If they match, you're authorized.
The gory details are described in the OAuth spec, RFC 5849.
Twitter uses OAuth1.0a, but is mostly consistent with that spec.
here's the relevant bit:
https://www.rfc-editor.org/rfc/rfc5849#section-3.4.2
Hoping someone can help me out here. I'm using Google Contacts API to fetch a list of contacts. To my understanding, this is done by sending a GET request:
https://www.google.com/m8/feeds/contacts/default/full?alt=json&max-results=9999&oauth_token=OATH_TOKEN_HERE
However, this is wildly insecure as any intruder can gain access to the oauth_token in the URL. To combat this, I'm trying to send this as a POST request with my parameters (alt, max-results, oauth_token) as the data. However, I simply get an error that "Authorization is required". I've tried adding "Authorization: OAuth" to my headers but to no avail (get an error that authorization type is not recognized).
Any advice? I need a secure way to send the oauth token to Google such that my security software won't complain about a security hole in my program ...
Thanks!
To answer your question directly, even though security is irrelevant as you are using HTTPS, you cannot POST to Google to get a list of contacts. Google requires you use Get.
The proper formatting for authorization (Because you can still use a Get and not pass the oauth_token as a query string is to use an HTTP Header formatted:
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
Using OAuth 2.0 to Access Google APIs