OAuth and the YouTube API

I am trying to use the YouTube services with OAuth. I have been able to obtain request tokens, authorize them and transform them into access tokens.

Now I am trying to use those tokens to actually do requests to the YouTube services. For instance I am trying to add a video to a playlist. Hence I am making a POST request to

https://gdata.youtube.com/feeds/api/playlists/XXXXXXXXXXXX

sending a body of

<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns="http://www.w3.org/2005/Atom"
    xmlns:yt="http://gdata.youtube.com/schemas/2007">
  <id>XXXXXXXXX</id>
</entry>

and with the headers

Gdata-version: 2
Content-type: application/a开发者_如何学运维tom+xml
Authorization: OAuth oauth_consumer_key="www.xxxxx.xx",
                                oauth_nonce="xxxxxxxxxxxxxxxxxxxxxxxxx",
                                oauth_signature="XXXXXXXXXXXXXXXXXXX",
                                oauth_signature_method="HMAC-SHA1",
                                oauth_timestamp="1310985770",
                                oauth_token="1%2FXXXXXXXXXXXXXXXXXXXX",
                                oauth_version="1.0"
X-gdata-key: key="XXXXXXXXXXXXXXXXXXXXXXXXX"

plus some standard headers (Host and Content-Length) which are added by urllib2 (I am using Python) at the moment of the request.

Unfortunately, I get an Error 401: Unknown authorization header, and the headers of the response are

X-GData-User-Country: IT
WWW-Authenticate: GoogleLogin service="youtube",realm="https://www.google.com/youtube/accounts/ClientLogin"
Content-Type: text/html; charset=UTF-8
Content-Length: 179
Date: Mon, 18 Jul 2011 10:42:50 GMT
Expires: Mon, 18 Jul 2011 10:42:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

In particular I do not know how to interpret the WWW-Authenticate header, whose realm hints to ClientLogin.

I have also tried to play with the OAuth Playground and the Authorization header sent by that site looks exactly like mine, except for the order of the fields. Still, on the plyaground everything works. Well, almost: I get an error telling that a Developer key is missing, but that is reasonable since there is no way to add one on the playground. Still, I go past the Error 401.

I have also tried to manually copy the Authorization header from there, and I got an Error 400: Bad request.

What am I doing wrong?

Turns out the problem was the newline before xmlns:yt. I was able to debug this using ncat, as suggeested here, and inspecting the full response.

i would suggest using the oauth python module, because it much more simple and takes care of the auth headers :) https://github.com/simplegeo/python-oauth2, as a solution i suggest you encode your parameters with 'utf-8' , i had a similar problem, and the solution was that google was expecting utf-8 encoded strings