http-request bearer token syntax for Twitter v2 api

http-request bearer token syntax for Twitter v2 api

[Mortimer Cladwell]

Hi,
Has anyone successfully submitted a bearer token to Twitter v2 api using
http-request? What syntax did you use? Without success I have tried many
permutations/splellings/capitalizations of:

  (let* (
(uri  "https://api.twitter.com/2/tweets")
(data "{\"text\":\"Hello world!\"}")
(my-token (string-append "bearer " "abcde....myaccesstoken"))
(my-headers `((Content-type . "application/json")(Authorization .
,my-token))  )
)
      (receive (response body)
         (http-request uri #:method 'POST #:body data #:headers my-headers)
(pretty-print response) (pretty-print (utf8->string body))))

the error body:

"{\"errors\":[{\"message\":\"Requests with bodies must have content-type of
application/json.\"}],\"title\":\"Invalid Request\",\"detail\":\"One or
more parameters to your request was invalid.\",\"type\":\"
https://api.twitter.com/2/problems/invalid-request\"}"

I am not sure the "Requests with bodies must have content-type of
application/json." is the real error. I think it is "Authorization: bearer
abcde....".  Can http-request handle a bearer token?

I know my tokens are valid because I can successfully submit them using
curl.
Thanks
Mortimer

Re: http-request bearer token syntax for Twitter v2 api

[Olivier Dion via General Guile related discussions]

On Wed, 12 Oct 2022, Mortimer Cladwell <mbcladwell@gmail.com> wrote:
> Hi,
> Has anyone successfully submitted a bearer token to Twitter v2 api using
> http-request? What syntax did you use? Without success I have tried many
> permutations/splellings/capitalizations of:

No but I managed with sourcehut.
--8<---------------cut here---------------start------------->8---
(http-post
  uri
  #:body body
  #:streaming? #t
  #:headers (append
             headers
             `((Authorization .  ,(string-append "Bearer " oauth))
               (Content-Type . "application/json"))))
--8<---------------cut here---------------end--------------->8---

-- 
Olivier Dion
oldiob.dev

Re: http-request bearer token syntax for Twitter v2 api

[Mortimer Cladwell]

Thanks Olivier.
Those spellings did not work with https://api.twitter.com/2/tweets and/or
Guile http-request.

On Wed, Oct 12, 2022 at 7:06 AM Olivier Dion <olivier.dion@polymtl.ca>
wrote:

> On Wed, 12 Oct 2022, Mortimer Cladwell <mbcladwell@gmail.com> wrote:
> > Hi,
> > Has anyone successfully submitted a bearer token to Twitter v2 api using
> > http-request? What syntax did you use? Without success I have tried many
> > permutations/splellings/capitalizations of:
>
> No but I managed with sourcehut.
> --8<---------------cut here---------------start------------->8---
> (http-post
>   uri
>   #:body body
>   #:streaming? #t
>   #:headers (append
>              headers
>              `((Authorization .  ,(string-append "Bearer " oauth))
>                (Content-Type . "application/json"))))
> --8<---------------cut here---------------end--------------->8---
>
> --
> Olivier Dion
> oldiob.dev
>

Re: http-request bearer token syntax for Twitter v2 api

[James Crake-Merani]

On 22/10/12 06:30am, Mortimer Cladwell wrote:
> Hi,
> Has anyone successfully submitted a bearer token to Twitter v2 api using
> http-request? What syntax did you use? Without success I have tried many
> permutations/splellings/capitalizations of:
> 
>   (let* (
> (uri  "https://api.twitter.com/2/tweets")
> (data "{\"text\":\"Hello world!\"}")
> (my-token (string-append "bearer " "abcde....myaccesstoken"))
> (my-headers `((Content-type . "application/json")(Authorization .
> ,my-token))  )
> )
>       (receive (response body)
>          (http-request uri #:method 'POST #:body data #:headers my-headers)
> (pretty-print response) (pretty-print (utf8->string body))))
> 
> the error body:
> 
> "{\"errors\":[{\"message\":\"Requests with bodies must have content-type of
> application/json.\"}],\"title\":\"Invalid Request\",\"detail\":\"One or
> more parameters to your request was invalid.\",\"type\":\"
> https://api.twitter.com/2/problems/invalid-request\"}"
> 
> I am not sure the "Requests with bodies must have content-type of
> application/json." is the real error. I think it is "Authorization: bearer
> abcde....".  Can http-request handle a bearer token?
> 
> I know my tokens are valid because I can successfully submit them using
> curl.
> Thanks
> Mortimer

Hello,

I'm not sure about the Twitter API but I've had problems using other APIs with the web module. I normally get 400 errors from the API's load balancer, or Cloudflare with no further information about what the error actually is. Under these conditions, I found it near impossible to work out what was causing the problem without trail, and error which wasn't getting me anyway. Eventually, and after much frustration, I started using the guile Curl bindings, and eventually managed to get it to work. I think Curl must be doing something behind the scenes that satisfies these APIs that the web module's http-request doesn't do.

I would much rather use Guile's built-in libraries because they are much more functional whereas Curl uses lots of procedures with side-effects to configure its requests but I just could not get it to work. APIs seem to work in mysterious ways.

Hope that was helpful,
James Crake-Merani.

Re: http-request bearer token syntax for Twitter v2 api

[Maxime Devos]

[-- Attachment #1.1.1: Type: text/plain, Size: 811 bytes --]



On 12-10-2022 12:30, Mortimer Cladwell wrote:
> Hi,
> Has anyone successfully submitted a bearer token to Twitter v2 api using
> http-request? What syntax did you use? Without success I have tried many
> permutations/splellings/capitalizations of:

Note that Guile sometimes sends uncapitalised headers (as allowed by the 
relevant RFCs), but some implementations are stricter than permitted by 
the standard and expect capitalisation.  See '[PATCH] web: send 
capitalized authorization scheme':

* https://lists.gnu.org/archive/html/guile-devel/2022-06/msg00020.html
* https://lists.gnu.org/archive/html/guile-devel/2022-06/msg00008.html

Perhaps the same thing is happening here.

It appears that the patch was applied, but I don't know if it's in a 
release yet.

Greetings,
Maxime.

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 929 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

Re: http-request bearer token syntax for Twitter v2 api

[Ricardo Wurmus]

Hi Mortimer,

> Has anyone successfully submitted a bearer token to Twitter v2 api using
> http-request? What syntax did you use?

The validator for the Authorization header does not permit the “bearer”
method with a single string.  It expects that authentication methods
other than Basic always provide key=value arguments.

So we have to overwrite things:

--8<---------------cut here---------------start------------->8---
(import (ice-9 pretty-print)
        (ice-9 match)
        (json)
        (rnrs bytevectors)
        (web client)
        (web http)
        (web request)
        (web response))

(define* (parse-credentials str #:optional (val-parser (@@ (web http) default-val-parser))
                            (start 0) (end (string-length str)))
  (let* ((start ((@@ (web http) skip-whitespace) str start end))
         (delim (or (string-index str char-set:whitespace start end) end)))
    (when (= start end)
      ((@@ (web http) bad-header-component) 'authorization str))
    (let ((scheme (string->symbol
                   (string-downcase (substring str start (or delim end))))))
      (case scheme
        ((bearer)
         (let* ((start ((@@ (web http) skip-whitespace) str delim end)))
           (unless (< start end) (pk 'oh start end str)
                   ((@@ (web http) bad-header-component) 'token str))
           (cons scheme (substring str start end))))
        (else
         ((@@ (web http) parse-credentials)
          str val-parser start end))))))

(define (validate-credentials val)
  (match val
    (((or 'basic 'bearer) . (? string?)) #t)
    (((? symbol?) . (? (@@ (web http) key-value-list?))) #t)
    (_ #f)))

(define put-string (@@ (web http) put-string))
(define (write-credentials val port)
  (match val
    (('bearer . cred)
     (put-string port "bearer ")
     (put-string port cred))
    (_ ((@@ (web http) write-credentials) val port))))
(declare-header! "authorization"
                 parse-credentials
                 validate-credentials
                 write-credentials)

(let* ((uri "https://api.twitter.com/2/users/2244994945/tweets?tweet.fields=created_at&expansions=author_id&user.fields=created_at&max_results=5")
       (my-token "AAA...")
       (my-headers `((Content-type . "application/json")
                     (authorization . (bearer . ,my-token)))))
  (call-with-values (lambda () (http-get uri #:headers my-headers))
    (lambda (response body)
      (pretty-print response)
      (pretty-print (json-string->scm (utf8->string body))))))
--8<---------------cut here---------------end--------------->8---

Note that the POST endpoint for submitting tweets does not allow bearer
token authentication.

-- 
Ricardo

Re: http-request bearer token syntax for Twitter v2 api

[Mortimer Cladwell]

Thanks Ricardo.

I used your over-writes and modified my code below:

  (let* (
(uri  "https://api.twitter.com/2/tweets")
(data "{\"text\":\"Hello world!\"}")
(access-token "abcde....myaccesstoken")
(my-headers `((Content-type . "application/json")(authorization . (bearer .
,access-token))  ))
)
  (call-with-values (lambda () (http-request uri #:method 'POST #:body data
#:headers my-headers))
              (lambda (response body)
     (pretty-print response)
     (pretty-print (json-string->scm (utf8->string body)))))
)

the error body:

(("type"
  .
  "https://api.twitter.com/2/problems/invalid-request")
 ("detail"
  .
  "One or more parameters to your request was invalid.")
 ("title" . "Invalid Request")
 ("errors"
  .
  #((("message"
      .
      "Requests with bodies must have content-type of
application/json.")))))

>>Note that the POST endpoint for submitting tweets does not allow bearer
token authentication.

I am using Oauth2 with PKCE. I submit an authorization token to obtain and
access-token and refresh token. I can then successfully tweet with the
guile/curl code:

  (let* ((access-token "abcde....myaccesstoken")
(a "--header")
(b "Content-type: application/json")
(c (string-append "Authorization: Bearer " access-token))
(d "{\"text\":\"Yay! I’m Tweeting from the API!\"}")
)
    (system* "curl" "--cacert" "./ca/cacert.pem"  "-X" "POST" "
https://api.twitter.com/2/tweets" a b a c "-d" d)
    ))

Note I am using an access token with "...Bearer...". A twitter bug? or I am
confused by the terminology. In any case works with curl but not guile
http-request.
Thanks
Mortimer