Hi all, I've been trying to write a JavaScript OAuth module in order to write my own twitter client (I know there are libraries out there, but it's for my education as well as fun).
I'm stumped, unfortunately, right at the beginning -- trying to get a request token. I've tried GETting and POSTing to http://twitter.com/oauth/request_token to no avail -- it always returns "Failed to validate oauth signature and token". I'm passing, hopefully, the correct parameters. A typical query string looks like this: http://twitter.com/oauth/request_token?oauth_consumer_key=9CCTnLpstYI8RIxGE7yhQ&oauth_token=&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1244001043&oauth_nonce=401a5dc6-8750-4e60-890e-7ec30cdcf6a3&oauth_version=1.0&oauth_signature=badstdQUfnlCweKJMoIohTnfKxw My signature base string for that looked like: GET%26http%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token%26GET%26http%3A %2F%2Ftwitter.com%2Foauth%2Frequest_token%26oauth_consumer_key %3D9CCTnLpstYI8RIxGE7yhQ%26oauth_nonce %3Db52968e8-7145-4c91-8066-563d37a1107f%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1244001043%26oauth_token%3D %26oauth_version%3D1.0 I'm fairly sure that the signature is being encoded correctly, as the HMAC-SHA1 algorithm returns the same in my library and in the javax.crypto libraries. I'm encoding using the key "<my_consumer_secret>&" since I don't have a token secret yet. My question is twofold. 1) does something look amiss with this? 2) if nothing's obvious, is there any sort of debug mode for the APIs where we can get some more detailed error messages? Thanks! Josh
