I generated my OAuth signature using twitter's own tool at https://dev.twitter.com/docs/api/1/post/statuses/update How do I use the "signature base string" and "authorization header" with CFHTTP to post a new status on my own twitter account. I'm not trying to access anyone else's account, just need to be able to post status updates to my own account. Your help is really appreciated.
Don't bother writing it yourself, use this: http://monkehtweet.riaforge.org/ its great I have used it many times for twitter integration.
If you want to write it yourself, you'll have to follow the instructions documented on https://dev.twitter.com/docs.
A signature is a serialization and encoding of all your request values in combination with a signing key. It's all very well documented at https://dev.twitter.com/docs/auth/creating-signature
You'll need the hmac-sha1 encoding to create a valid signature. If you're not using coldfusion 10, you'll need something like this: HMAC SHA1 ColdFusion
Related
In the link below is explained how to generate JWT token with header and payload to access the Apple API
However I don't see how to combine header and payload.
Can someone make an example in ruby
https://developer.apple.com/documentation/appstoreserverapi/generating_tokens_for_api_requests
Just use the jwt gem. It's a well-maintained library with regular updates. It's probably possible to do it without a gem too, but anything having to do with security should be air-tight in production, so I would just go with the gem.
Look for the correct encryption algorithm (Apple seems to be using ES256) and find it in the documentation to see an example of how to create a token with that.
The format for creating a basic JWT token with the gem (custom header fields are optional) is this:
JWT.encode your_payload, your_private_key, encryption_algorithm, custom_header_fields
I am trying to do a request my Netsuite RESTlet using Alamofire (SWIFT) but I meet several difficulties:
In the documentation it's specify the different parameters needed (see below).
DOCUMENTATION:
An OAuth 1.0 RESTlet authorization header requires the data described in the following table. Some of these values can be obtained from the NetSuite UI. Other values must be calculated. Typically, your integration should include logic to identify these values and generate the finished header. Follow the OAuth 1.0 protocol to create the authorization header.
However in postman I am using extra parameters (consumer Secret and the Token Secret) and it's works if I remove them it doesn't works
To finish when i check the Authorization header generated by postman, I see only the specify parameters in the documentation :
OAuth realm="my realm",oauth_consumer_key="myConsumerKey",oauth_token="myAccessToken",
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1543488570",
oauth_nonce="ERxdLbUfkeh",oauth_version="1.0",oauth_signature="UeqmxAyeUqtPoICLo%2FARsQE8B1E%3D"
If someone can explain me this, I could implement TBA authentification in my Application but for now I need to understand better this authentification.
I also spend a few hours trying to make it work. In my case I wasn't adding the account ID to the realm param. Here a picture of what I ended with:
Here where you can get the account ID:
I hope it helps
The explanation of why the consumer secret and the token secret are needed by Postman to generate the token is shown in SuiteAnswer 42019 - as referenced in the Notes section beside oauth_signature in your screenshot above. From that page:
Sign the result string from step 5 using the consumer secret and token secret concatenated using '&' (For this case, HMAC-SHA1 or HMAC-256).
In other words, Postman uses the secrets to generate the output which authenticates your credentials - you cannot generate the oauth_signature correctly without them.
I ran into a lot of issues with NetSuite broken RESTlet/TBA connections as well. I did build this out in our software to help out customers. You can see the methods I used in the article below.
Using NetSuite TBA by Calling a RESTlet from an HTTP Source or Target
I am trying to connect React app and Rails app using Auth0. It used to be super simple since tokens were signed with HS256. But since auth.js v8 jwt tokens signed with RS256. I don't have problems with frontend but can't make RoR (I use Knock) work with new signing algorithm. I've added
config.token_signature_algorithm = 'RS256'
and
config.token_public_key = key.public_key
into Knock initializer but still no luck.
Key seems to be correct, at least it works in jwt.io or pure ruby-jwt (at least I was able to read information from token).
I am no expert working with asymmetric algorithms so any help would be appreciated. What I am trying to do right now is to get "access_token" from frontend and to send it in "authorization" header to the backend. I know I need to add "Bearer" into header but is there is any other operation I need to do with token first?
Best, Iurii
Just in case anyone interested here is short discussion on GitHub here is a link
I used to do the following to get user timelines:
https://api.twitter.com/1/statuses/user_timeline.json?screen_name=twitterapi&count=2
Now that I'm switching to Twitter API 1.1, I thought all I would have to do is this:
https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=twitterapi&count=2
but I'm getting the bad authentication data error from Twitter. I had no authentication setup previously with twitter, does API version 1.1 require authentication?
I guess I can use the Twitter gem, looks like it makes things pretty simple. But I just want to know whether I can use the above URL like I used to!
Take a read of this. Your initial assumption is correct, authentication is now required for all endpoints in v1.1. So to answer your question your request is correct you just need to pass an OAuth token or use application-only authentication.
This is a repost from the vimeo forum, but since nobody is answering over there, I try my luck here:
I have been trying for some hours now to get my head around the whole oAuth thing, but I don't seem to get it working. I want to retrieve thumbnails for private videos, using the advanced vimeo api. This is what I have right now:
$vimeo = new phpVimeo($consumer_key, $consumer_secret, $access_token, $access_token_secret);
$result = $vimeo->call('vimeo.videos.getThumbnailUrls', array('video_id ' => $video_id));
When I try it like this, I keep getting the error
"Fatal error: Uncaught exception 'VimeoAPIException' with message 'Invalid signature' ".
I'm absolutely positive that the keys and secrets are correct. Do I have to do more to make this thing work? Of course, it would be amazing to have an example where I just have to put in all my key data in and it works.
thanks in advance!
There are a couple of ways to help troubleshoot your signature errors. First I want to explain some terminology.
Api Endpoint - The api url you are requesting.
Client ID / Client Secret - A pair of tokens given to you when you create your Api Application
Request Token - A token generated while authorizing a user. This token can not be used to make api calls.
OAuth Token / Token Secret - A pair of tokens given to you when you send a user through your authorization workflow
Base String - A specifically formatted string that contains all the information relating to your API request.
OAuth Signature - A hashed token that represents the request you are making. This is generated using a base string, your client id and secret, and an optional oauth token and secret.
Troubleshooting
Try using the latest version of the official PHP library : https://github.com/vimeo/vimeo-php-lib.
If this works, there is an issue in your code. Continue to step 2.
If this does not work let Vimeo know. You do not need to continue these steps.
Use the Hueniverse interactive guide : http://hueniverse.com/oauth/guide/authentication/
Make a request and log every URL, header and parameter. Also include the Base String.
Click all the plus signs to expand the input forms and then fill in all of the appropriate data.
Ensure that the Hueniverse Base String matches your own generated Base String
If this matches, and the signature is still incorrect you are likely performing the hmac signature incorrectly. Check all of your tokens, feel free to contact Vimeo.
If the Base String does not match, make sure you are following the spec : https://www.rfc-editor.org/rfc/rfc5849#section-3.4.1
If all else fails, your best option is to contact Vimeo directly. They can look up your authentication tokens and expected signatures.