mercurysunrise / android-query

Automatically exported from code.google.com/p/android-query
0 stars 0 forks source link

Posting on Twitter with statuses/update_with_media gives 401 Unauthorized #60

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
This is general issue with multipart data where OAuth (header) values are 
expected, but Twitter statuses/update_with_media is concrete example.

When post on twitter with 
https://upload.twitter.com/1/statuses/update_with_media.json, where post data 
contains multipart data (i.e. postData.put("media[]", (File) data)

Instead of posting, we got 401 Unauthorized.

Reason is that "OAuth" part is totaly ignored in current "multipart" 
implementation of posting data, and, for example, twitter api for 
update_with_media expects:

"POST or query string parameters are not used when calculating an OAuth 
signature basestring or signature. Only the oauth_* parameters are used.".

I guess that httpMulti method in AbstractAjaxCallback should be rewritten in 
such way that gives auth handlers chance to calculate signature based on 
url/parameters in the same way as httpPost(..) method does.

I've attached "example" or "proof of concept" of correct implementation, but 
this is not final, since i'm ignoring all post data by providing empty HttpPost 
data to newly introduced method AccountHandle.applyToken( AbstractAjaxCallback, 
HttpRequest, boolean ), where boolean represents "isMultipart" flag (since 
there's two different approach for calculating signautre when request is 
multipart or not).

Original issue reported on code.google.com by Tomislav...@gmail.com on 27 Jun 2012 at 11:11

Attachments:

GoogleCodeExporter commented 8 years ago
You are right. The multipart post method isn't supported by the auth framework.

Ideally it should be rewritten to use the apache http client so all features 
that http request have will work on multipart post.

Will take a look at your code and see what we can do to support this.

Really appreciate your contribution.

Original comment by tinyeeliu@gmail.com on 28 Jun 2012 at 10:53

GoogleCodeExporter commented 8 years ago
0.23.8 released that fix twitter multipart photo upload issue:

http://code.google.com/p/android-query/downloads/list

Example:
    private String UPLOAD_IMAGE = "http://www.vikispot.com/z/images/vikispot/android-w.png"; 
    public void auth_twitter_upload(){

        File file = aq.getCachedFile(UPLOAD_IMAGE);

        if(file == null){
            aq.cache(UPLOAD_IMAGE, 0);
            return;
        }

        AQUtility.debug("upload file:" + file.length());

        TwitterHandle handle = new TwitterHandle(this, CONSUMER_KEY, CONSUMER_SECRET);

        String url = "https://upload.twitter.com/1/statuses/update_with_media.json";

        Map<String, Object> params = new HashMap<String, Object>();
        params.put("status", "Testing Status Update with AndroidQuery");
        params.put("media[]", file);

        aq.auth(handle).progress(R.id.progress).ajax(url, params, JSONObject.class, this, "twitterCb2");

    }

Original comment by tinyeeliu@gmail.com on 18 Aug 2012 at 4:59

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
you can sneak-peek into tinyeeliu implementation, although i havent seen new 
version of aquery, i guess it works.

I can remember that with normal OAuth you should sign all post paremeters, but 
in twitter case, you should watch which parameters are signed. 

At the end, use latest Android Query, and use code written above.

Original comment by Tomislav...@gmail.com on 27 Aug 2012 at 1:05