Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...
On Thu, Sep 02, 2010 at 10:37:03PM +0200, Tom van der Woerdt wrote: > On 9/2/10 6:46 PM, Ryan wrote: > > any ideas? > > > > Multiple. > > 1. PHP has the hash_hmac function which can do hmac-sha1 for you. hash_hamc is not always available. You could check with: if (extension_loaded ('hash')) { hash_hmac ('sha1', $str, $key, true); } else { //use hand_crafted_version } > 2. Timestamp should be time(), not some date() combination > 3. This doesn't look like the normal OAuth stuff, but like OAuth Echo > 4. "TWITTER_PUBLIC_TIMELINE_API" and "TWITTER_UPDATE_STATUS_API" point > to non-existent pages (missing the version part). > 5. I'd recommend using uniqid() for generating a nonce instead of > md5'ing the microtime. It won't cause trouble, but uniqid() is more unique. > 6. rawurlencode() isn't the proper function for URL encoding, but I > can't give you a better one right now. I believe it is if you are on PHP 5.3 or later. Before that, this should do it: function oauth_encode ($str) { return str_replace ('%E7', '~', rawurlencode ($str)); } -- Martin Dapas -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Oauth "Incorrect signature" Error
On Wed, Aug 18, 2010 at 10:40:11AM -0700, Olu wrote: > Hi, I've been able to get a token and secret for an user but however, > I'm getting an error while trying to use the status/update call. I've > googled the problem and tried several solutions but none seems to > work. I'm not sure what the problem is and I've been looking at this > for hours. I would appreciate another pair of eyes on this. Any help > would be greatly appreciated. PHP code below. > > > > $ch = curl_init("http://api.twitter.com/1/statuses/update.json";); > > curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); > curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); > curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect: ", "Authorization: > $auth")); > > $b = curl_exec($ch); > > var_dump($b); > > curl_close($ch); curl defaults to GET, so you're signing a POST for the auth, but doing a GET. Also, you're not sending the actual status you want to update, just signing it. -- Martin Dapas @mahrteen