Hi Rahul,
When you are POSTing to statuses/update.xml -- are you including the status
that you are posting in your signature base string? As a URL-encoded
parameter, it should be included in both your POST body and the signature
base string (but not in the HTTP authorization header).
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
On Thu, Apr 29, 2010 at 9:35 AM, Rahul wrote:
> Folks,
>
> I have been trying this and have already spent lot of time on this but
> what i don't understand is how is getting the access token working and
> post to update is not working when i am using the same signature
> generation method for both the requests.
>
> Here is my complete scenario.
> 1. fetch the request token
> 2. redirect the user to the authurize page
> 3. get the verifier from the new called back url
> 4. getting the access token by passing oauth_token and auth_verifier
> 5. create a new post request for update and sign the request with
> HMAC.sign(toSign, consumerSecret + '&' + tokenSecret)
> Note: toSign is the request with the following headers :
> oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce,
> oauth_consumer_key
> 6. Send the request.
>
> Also if helpfull, i am using following values
> oauth_nonce=MD5.hexHash(getTimestampInSeconds())
> oauth_signature_method=HMAC-SHA1
> oauth_version=1.0
>
> I have verified most of the things and looks good to me, also there is
> very less possibility of generating wrong signature as I have used the
> same signature to get the access token and was able to successfully
> receive it.
>
> Any pointers highly appreciated.
>
> Thanks,
> Rahul
>