Hello Taylor, Dana,
Thanks to both of you for the reply, after this change, my twitter
client is working with OAuth.
It might be good to update the oauth guide on the twitter site
with this information, I tried for a few hours before I gave up and
posted here, and it might save others the pain.
Miguel.
On May 21, 1:16 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi Miguel,
Your signature base string is off by just a little bit here -- you're
globbing the query parameter count on to the original URL when it should
be separated out.. the query string part of the URL should be represented
only as key/value pairs, sorted with the other OAuth parameters. Your
sorting here is correct, it's just that you're including the encoded ?
mark here. Had this been a parameter that would have started with a p, for
example, you'd have that parameter following the oauth_* parameters.
Here's an example of a signature base string with this encoded correctly
(though using different keys):
GEThttp%3A%2F%2Fapi.twitter.com
%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3Dri8
JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DcafnvEsPqnuVgXbqDqaw1X2SFvTSd9wYjpF5ZtH
ruFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274462075%26
oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_vers
ion%3D1.0
Hope this helps!
Taylor Singletary
Developer Advocate, Twitterhttp://twitter.com/episod
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.comwrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_
method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?