[twitter-dev] Failed to validate oauth signature and token in xauth
Yes, I know there're already plenty of questions with this same topic, but I cannot really find out the one suite for me. I use C++ and libcurl to make a HTTP POST request, and here are some ingredients that I used for POST requests. Signature base string POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DMYCONSUMERKEY%26oauth_nonce %3DXZZJd88qUu25L8wpylQ6%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1285924211%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3DMYPASSWORD%26x_auth_username %3Dxoancer%40seed9.com POST Body x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth HTTP Header Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 I believe signature generating is not the problem since my program makes the proper one when it runs with the example at http://dev.twitter.com/pages/xauth. But without the signature parameter, I cannot found out what's wrong since every other parameters are just a given constants(except nonce, but he doesn't really matter I think.). Maybe I missed something in using libcurl, since it's first time for me to use this library, especially in setting HTTP Header. Follows are my source codes for libcurl parts. curl_global_init(CURL_GLOBAL_ALL); CURL *curl; curl = curl_easy_init(); curl_easy_reset(curl); curl_easy_setopt(curl, CURLOPT_URL, baseUrl.c_str()); // baseUrl == https://api.twitter.com/oauth/access_token curl_easy_setopt(curl, CURLOPT_POST, true); string postbody; for(int i=7;i=5;i--) postbody += + params[i].first + = + urlenc(params[i].second); postbody = postbody.substr(1); // postbody == x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postbody.c_str()); string header = Authorization: OAuth + params[1].first + =\ + params[1].second + \, + params[2].first + =\ + params[2].second + \, + params[3].first + =\ + params[3].second + \, + params[0].first + =\ + params[0].second + \, oauth_signature=\; header += urlenc(base64encoded); header += \, oauth_version=\1.0\; // header == Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 curl_slist* responseHeaders = NULL ; responseHeaders = curl_slist_append( responseHeaders , header.c_str() ) ; curl_easy_setopt( curl , CURLOPT_HTTPHEADER , responseHeaders ) ; string res; curl_easy_setopt( curl, CURLOPT_WRITEFUNCTION, write_callback ); curl_easy_setopt( curl, CURLOPT_WRITEDATA, res ); curl_easy_setopt(curl, CURLOPT_HEADER, true); curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, false); CURLcode rc = curl_easy_perform(curl); If you find some mistakes, please tell me. Thanks. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Failed to validate oauth signature and token in xauth
Using the Base String validator at http://quonos.nl/oauthTester/, I got this : Bad URL encoding! Both key and value in the POST body need to be URL encoded. In this case: xoan...@seed9.com is bad Tom On 10/1/10 11:34 AM, Hyeonjong Ryu wrote: Yes, I know there're already plenty of questions with this same topic, but I cannot really find out the one suite for me. I use C++ and libcurl to make a HTTP POST request, and here are some ingredients that I used for POST requests. Signature base string POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DMYCONSUMERKEY%26oauth_nonce %3DXZZJd88qUu25L8wpylQ6%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1285924211%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3DMYPASSWORD%26x_auth_username %3Dxoancer%40seed9.com POST Body x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth HTTP Header Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 I believe signature generating is not the problem since my program makes the proper one when it runs with the example at http://dev.twitter.com/pages/xauth. But without the signature parameter, I cannot found out what's wrong since every other parameters are just a given constants(except nonce, but he doesn't really matter I think.). Maybe I missed something in using libcurl, since it's first time for me to use this library, especially in setting HTTP Header. Follows are my source codes for libcurl parts. curl_global_init(CURL_GLOBAL_ALL); CURL *curl; curl = curl_easy_init(); curl_easy_reset(curl); curl_easy_setopt(curl, CURLOPT_URL, baseUrl.c_str()); // baseUrl == https://api.twitter.com/oauth/access_token curl_easy_setopt(curl, CURLOPT_POST, true); string postbody; for(int i=7;i=5;i--) postbody += + params[i].first + = + urlenc(params[i].second); postbody = postbody.substr(1); // postbody == x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postbody.c_str()); string header = Authorization: OAuth + params[1].first + =\ + params[1].second + \, + params[2].first + =\ + params[2].second + \, + params[3].first + =\ + params[3].second + \, + params[0].first + =\ + params[0].second + \, oauth_signature=\; header += urlenc(base64encoded); header += \, oauth_version=\1.0\; // header == Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 curl_slist* responseHeaders = NULL ; responseHeaders = curl_slist_append( responseHeaders , header.c_str() ) ; curl_easy_setopt( curl , CURLOPT_HTTPHEADER , responseHeaders ) ; string res; curl_easy_setopt( curl, CURLOPT_WRITEFUNCTION, write_callback ); curl_easy_setopt( curl, CURLOPT_WRITEDATA, res ); curl_easy_setopt(curl, CURLOPT_HEADER, true); curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, false); CURLcode rc = curl_easy_perform(curl); If you find some mistakes, please tell me. Thanks. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Failed to validate oauth signature and token with xAuth
Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Base String looks fine. What's the complete request you are making? (the POST /oauth/access_token HTTP/1.1 part) Tom On 9/17/10 10:04 AM, mlowicki wrote: Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Hey Michal Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris On Sep 17, 2010, at 1:04, mlowicki mlowi...@gmail.com wrote: 1284633641688 -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Ok no idea what happened with my previous email. Anyway your timestamp is in milliseconds when it should be in seconds. Give that a go and let us know what happens. Matt On Sep 17, 2010, at 1:04, mlowicki mlowi...@gmail.com wrote: Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Hi Matt! Even with: var timestamp = Math.round(new Date().getTime() / 1000); still the same problem. 2010/9/17 Matt Harris mhar...@twitter.com Ok no idea what happened with my previous email. Anyway your timestamp is in milliseconds when it should be in seconds. Give that a go and let us know what happens. Matt On Sep 17, 2010, at 1:04, mlowicki mlowi...@gmail.com wrote: Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Pozdrawiam, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xauth
Hi there,
Are you still having this issue?
In the past when I've seen other developers having issues accomplishing this
in Javascript, it's come down to an issue in the library used for HMAC-SHA1
and Base64 encoding. While it works in most conditions, there are apparently
some edge cases where it does the wrong thing. I generally don't advocate
using Javascript and OAuth together for a variety of reasons. Have you tried
tracing the request to see exactly the HTTP request being sent to the
server?
Are you writing a browser extension or WebOS app? If the former, how are you
keeping your consumer secret at least somewhat secured?
Have you tried other requests using an access token obtained through other
means?
Taylor
On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo ntortar...@gmail.com wrote:
Hi, i have problem requesting an access_token, i think my source is
right, i dont know where is the problem, i have maken some test with
base_string, oauth_consumer_key and oauth_consumer_secret shown on
http://dev.twitter.com/pages/xauth and i get the same oauth_signature
shown there so i think problem is not there when i use the real
base_string, my oauth_consumer_key and oauth_consumer_secret.
My source is this, i hope someone can help me (to preserve my secret
and key i will put the same as the ones used on
http://dev.twitter.com/pages/xauth)
xauth: function xauth()
{
var username = encodeURIComponent(),
password = encodeURIComponent(),
url= https://api.twitter.com/oauth/access_token;,
key = sGNxxnqgZRHUt6NunK3uw,
timestamp = (new Date()).getTime(),
nonce = Math.random();
var access_token = oauth_consumer_key= + key +
oauth_nonce= + nonce +
oauth_signature_method=HMAC-SHA1 +
oauth_timestamp= + timestamp +
oauth_version=1.0 +
x_auth_mode=client_auth +
x_auth_password= + password +
x_auth_username= + username;
var base_string = POST + encodeURIComponent(url) + +
encodeURIComponent(access_token);
var oauth_signature =
b64_hmac_sha1(5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk,
base_string);
oauth_signature = encodeURIComponent(oauth_signature+=);
var auth_header = 'OAuth oauth_nonce=' + nonce + '' +
', oauth_signature_method=HMAC-SHA1' +
', oauth_timestamp=' + timestamp + '' +
', oauth_consumer_key=' + key + '' +
', oauth_signature=' + oauth_signature + '' +
', oauth_version=1.0';
$.ajax({
url:url,
method: POST,
data: {
x_auth_username: username,
x_auth_password: password,
x_auth_mode: client_auth
},
beforeSend: function(xhr){
xhr.setRequestHeader(Authorization, auth_header);
},
success: function(data){
alert(data);
},
error: function(xhr){
alert(xhr.responseText);
}
}) ;
* What language or library are you using? What versions?
i'm using it on javascript
* What oauth application is this for?
http://twitter.com/apps/edit/181924
[twitter-dev] Failed to validate oauth signature and token with xauth
Hi, i have problem requesting an access_token, i think my source is
right, i dont know where is the problem, i have maken some test with
base_string, oauth_consumer_key and oauth_consumer_secret shown on
http://dev.twitter.com/pages/xauth and i get the same oauth_signature
shown there so i think problem is not there when i use the real
base_string, my oauth_consumer_key and oauth_consumer_secret.
My source is this, i hope someone can help me (to preserve my secret
and key i will put the same as the ones used on
http://dev.twitter.com/pages/xauth)
xauth: function xauth()
{
var username = encodeURIComponent(),
password = encodeURIComponent(),
url= https://api.twitter.com/oauth/access_token;,
key = sGNxxnqgZRHUt6NunK3uw,
timestamp = (new Date()).getTime(),
nonce = Math.random();
var access_token = oauth_consumer_key= + key +
oauth_nonce= + nonce +
oauth_signature_method=HMAC-SHA1 +
oauth_timestamp= + timestamp +
oauth_version=1.0 +
x_auth_mode=client_auth +
x_auth_password= + password +
x_auth_username= + username;
var base_string = POST + encodeURIComponent(url) + +
encodeURIComponent(access_token);
var oauth_signature =
b64_hmac_sha1(5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk,
base_string);
oauth_signature = encodeURIComponent(oauth_signature+=);
var auth_header = 'OAuth oauth_nonce=' + nonce + '' +
', oauth_signature_method=HMAC-SHA1' +
', oauth_timestamp=' + timestamp + '' +
', oauth_consumer_key=' + key + '' +
', oauth_signature=' + oauth_signature + '' +
', oauth_version=1.0';
$.ajax({
url:url,
method: POST,
data: {
x_auth_username: username,
x_auth_password: password,
x_auth_mode: client_auth
},
beforeSend: function(xhr){
xhr.setRequestHeader(Authorization, auth_header);
},
success: function(data){
alert(data);
},
error: function(xhr){
alert(xhr.responseText);
}
}) ;
* What language or library are you using? What versions?
i'm using it on javascript
* What oauth application is this for?
http://twitter.com/apps/edit/181924
