Http post and authorization header for twitter

Ruby
1

I am trying to send an authorization header to the twitter api
(https://api.twitter.com/oauth/request_token). What is a good way to
make a post request with a header in this case?

2

See if you can get something like this to work:

require ‘net/http’
require ‘net/https’

http = Net::HTTP.new(‘profil.wp.pl’, 443) #(host, port)
http.use_ssl = true
path = ‘/login.html’

POST request → logging in

data =
‘serwis=wp.pl&url=profil.html&tryLogin=1&countTest=1&logowaniessl=1&login_username=blah&login_password=blah’

headers = {
‘Cookie’ => cookie,
‘Referer’ => ‘Poczta - Najlepsza Poczta, największe załączniki - WP’,
‘Content-Type’ => ‘application/x-www-form-urlencoded’
}

resp = http.post(path, data, headers)

http://snippets.dzone.com/posts/show/788

If you leave out the port, it will default to 80. Read about the post()
method here:

http://www.ruby-doc.org/stdlib/libdoc/net/http/rdoc/index.html

Then read this to determine if net/https is secure enough for you:

http://www.rubyinside.com/how-to-cure-nethttps-risky-default-https-behavior-4010.html

3

Thanks for the reply! So i tried that code and got this error: “Failed
to validate oauth signature and token”. Here is my code:

url = URI.parse(“https://api.twitter.com/oauth/request_token”)
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

resp = http.post(url.path, nil, @headers)

Any ideas??

4

here are my headers. am i doing this correctly?

@headers = { ‘oauth_nonce’ => @current_nonce,
‘oauth_callback’ => @encoded_callback,
‘oauth_signature_method’ => “HMAC-SHA1”,
‘oauth_timestamp’ => @current_timestamp,
‘oauth_consumer_key’ => @oauth_consumer_key,
‘oauth_signature’ => @encoded_oauth_sig,
‘oauth_version’ => “1.0”}

5

boo boo wrote in post #986241:

Thanks for the reply! So i tried that code and got this error: “Failed
to validate oauth signature and token”. Here is my code:

url = URI.parse(“https://api.twitter.com/oauth/request_token”)
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

resp = http.post(url.path, nil, @headers)

Any ideas??

No requires?

6

…and what requires did the code I posted use? Now point to each one
in your code.

7

7stud – wrote in post #986255:

boo boo wrote in post #986241:

Thanks for the reply! So i tried that code and got this error: “Failed
to validate oauth signature and token”. Here is my code:

url = URI.parse(“https://api.twitter.com/oauth/request_token”)
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

resp = http.post(url.path, nil, @headers)

Any ideas??

No requires?

Sorry here is full source in my class:

require “oauth”

require “oauth/client”

require “cgi”

require “addressable/uri”

require ‘base64’
require ‘cgi’
require ‘openssl’

require “net/http”
require "uri

class ProxyController

def initialize

@request_token_url = "https://api.twitter.com/oauth/request_token"
@authorize_url = "https://api.twitter/oauth/authorize_token"
@oauth_consumer_key = "MY KEY"
@oauth_consumer_secret = "MY SECRET"

@params = Addressable::URI.new

@current_nonce = self.nonce
@current_timestamp = self.timestamp.to_s

@params.query_values = {"oauth_callback"=> "my callback url",
                        "oauth_consumer_key" => @oauth_consumer_key,
                        "oauth_nonce" => @current_nonce ,
                        "oauth_signature_method" => "HMAC-SHA1",
                        "oauth_timestamp" => @current_timestamp,
                        "oauth_version" => "1.0"}

@params_string = @params.to_s
@params_string[0] = ""

@encoded_params = CGI::escape(@params_string)

@concatenated_body = "POST&" + CGI::escape(@request_token_url) + "&"

  • @encoded_params

    @oauth_signature =
    Base64.encode64(“#{OpenSSL::HMAC.digest(‘sha1’,@oauth_consumer_key+”&“,
    @concatenated_body)}”)

    @encoded_oauth_sig = CGI::escape(@oauth_signature)

    @encoded_callback = CGI::escape(“My Callback url”)

    @headers = { ‘oauth_nonce’ => @current_nonce,
    ‘oauth_callback’ => @encoded_callback,
    ‘oauth_signature_method’ => “HMAC-SHA1”,
    ‘oauth_timestamp’ => @current_timestamp,
    ‘oauth_consumer_key’ => @oauth_consumer_key,
    ‘oauth_signature’ => @encoded_oauth_sig,
    ‘oauth_version’ => “1.0”}

    url = URI.parse(“https://api.twitter.com/oauth/request_token”)
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true

    @resp = http.post(url.path, nil, @headers)

    end

    def nonce
    (0…43).map{ (‘a’…‘z’).to_a[rand(26)] }.join
    #rand(10 ** 43).to_s.rjust(43,‘0’)
    end

    def timestamp
    t = Time.now
    t.to_i
    end

end

8

7stud – wrote in post #986264:

…and what requires did the code I posted use? Now point to each one
in your code.

I had required net/http but just added net/https as well and I still get
same error

9

boo boo wrote in post #986243:

here are my headers. am i doing this correctly?

@headers = { ‘oauth_nonce’ => @current_nonce,
‘oauth_callback’ => @encoded_callback,
‘oauth_signature_method’ => “HMAC-SHA1”,
‘oauth_timestamp’ => @current_timestamp,
‘oauth_consumer_key’ => @oauth_consumer_key,
‘oauth_signature’ => @encoded_oauth_sig,
‘oauth_version’ => “1.0”}

Those don’t look like http headers. Http headers look like
“Content-Type”, “Cookie”, etc. In addition, headers are strings–in
fact everything you send in a request is a string, so I don’t know what
those arrays are.

You said you need to POST the request. Is that data you are supposed to
send in the body of the request? Once again, it has to be a string, not
a ruby array.

10

7stud – wrote in post #986265:

boo boo wrote in post #986243:

here are my headers. am i doing this correctly?

@headers = { ‘oauth_nonce’ => @current_nonce,
‘oauth_callback’ => @encoded_callback,
‘oauth_signature_method’ => “HMAC-SHA1”,
‘oauth_timestamp’ => @current_timestamp,
‘oauth_consumer_key’ => @oauth_consumer_key,
‘oauth_signature’ => @encoded_oauth_sig,
‘oauth_version’ => “1.0”}

Those don’t look like http headers. Http headers look like
“Content-Type”, “Cookie”, etc. In addition, headers are strings–in
fact everything you send in a request is a string, so I don’t know what
those arrays are.

You said you need to POST the request. Is that data you are supposed to
send in the body of the request? Once again, it has to be a string, not
a ruby array.

On the twitter doc it says:

Now that we have our signature, we have everything we need to make the
request to the endpoint https://api.twitter.com/oauth/request_token. Now
we just generate an HTTP header called “Authorization” with the relevant
OAuth parameters for the request:

OAuth oauth_nonce=“QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk”,
oauth_callback=“http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D11”,
oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1272323042”,
oauth_consumer_key=“GDdmIQH6jhtmLUypg82g”,
oauth_signature=“8wUi7m5HFQy76nowoCThusfgB%2BQ%3D”, oauth_version=“1.0”

Ok ill try passing as string…

11

The http header name is “Authorization”, so you have to write something
like:

headers = {‘Authorization’ => ???}

12

7stud – wrote in post #986269:

The http header name is “Authorization”, so you have to write something
like:

headers = {‘Authorization’ => ???}

Should it be like this (I made the value one giant string)?

I still get the failed to validate error

@headers = {“Authorization” => “oauth_nonce = #{@current_nonce},
oauth_callback = #{@encoded_callback}, oauth_signature_method =
HMAC-SHA1, oauth_timestamp = #{@current_timestamp}, oauth_consumer_key =
#{@oauth_consumer_key}, oauth_signature = #{@encoded_oauth_sig},
oauth_version = 1.0”}

13

Thanks Mike,

This worked great.

14

On Tue, Mar 8, 2011 at 12:53 PM, 7stud – [email protected]
wrote:

The http header name is “Authorization”, so you have to write something
like:

headers = {‘Authorization’ => ???}

FWIW, the headers are the third parameter to Net::HTTP#post and should
be a hash like 7stud shows.

http://ruby-doc.org/stdlib/libdoc/net/http/rdoc/classes/Net/HTTP.html#M001391

boo boo, you seem to be having a difficult time generating a proper
OAuth request, which is why you are getting that error. You are
already requiring the oauth library, I’m curious why you don’t just
use that to calculate the signature and set the Authorization header
for you?

WARNING: Untested code follows

@consumer_key = ‘MY KEY’
@consumer_secret = ‘MY SECRET’
@callback = ‘SITE or oob’

consumer = OAuth::Consumer.new(
@consumer_key, @consumer_secret,
:site => ‘https://api.twitter.com’,
:request_token_path => ‘/oauth/request_token’,
:authorize_path => ‘/oauth/authorize’,
:access_token_path => ‘/oauth/access_token’,
:http_method => :post)

request_token = consumer.get_request_token(
:oauth_callback => @callback)

#request token is request_token.params[:oauth_token]
#request token secret is request_token.params[:oauth_token_secret]

puts request_token.authorize_url

15

ok thanks for your advice i will have to try this

16

Thanks for the save Mike.

boo boo,

The value for the Authorization header is one giant string-- you just
have
to get the syntax correct. Here is an example of the syntax required
for the Authorization header (see the Authorization Header section):

In fact, if you just put quotes around the whole string you got from the
twitter docs, that would be the string you need. The trick is figuring
out to create a string in ruby that has internal double quotes (hint:
try a
HEREDOC).

As an exercise, you might want to see if you can get it to work by hand.