I figured it out. Here's my tip for anyone struggling with xAuth for Twitter without the help of a library: The Hueniverse Interactive Walkthrough
This lets you test your values to see if they're valid. Just choose the "Create Your Own" option, plug in your variables and see what it spits out for base signature, signature, timestamp etc. This would have cut many hours off of my debug time. Hope it helps you! <http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv- signing-requests/> -ZPC On May 12, 1:11 pm, Peter Cross <zanbi...@gmail.com> wrote: > Greetings, > > Can anyone spot what I'm doing wrong here? I've been busting my head > on it for way too many hours. Any help much appreciated! > > -ZPC > > =========================================================================== > ========== > HTTP Requirements: > > * You are using POST > > * You are using SSL > > * Your xAuth parameters are the ONLY parameters in your POST body > > * You're setting a Content-Type header of "application/x-www-form- > urlencoded" > > * You're using HTTP header-based OAuth -- not attaching OAuth > parameters to the URL or POST body > > * You're HTTP Authorization header should only have oauth parameters > in it, not any of the xauth parameters > > =========================================================================== > ========== > My Pseudo Code: > > Dim objRequest as new chilkatHttpRequest > Dim objResponse as chilkatHttpResponse > > Dim sUrl as string > Dim sPost as string > Dim sAuthorize as string > > sUrl =https://api.twitter.com/oauth/access_token > > sAuthorize = OAuth oauth_consumer_key="WITNI0aegpKoIYX7altq3A", > oauth_nonce="TCHRFIGDJS403105000810185", oauth_signature_method="HMAC- > SHA1", oauth_timestamp="1273680007", > > oauth_version="1.0", oauth_signature="rY9qTi1o4Ew+/6rS4248VY81i9M=" > > objRequest.UsePost > objRequest.AddHeader "Authorization", sAuthorize > > sPost = > x_auth_mode=client_auth&x_auth_password=XXXXXXX&x_auth_username=XXXXXXX > objRequest.LoadBodyFromString sPost, "utf-8" > > TRIED BOTH OF THESE: > > > > Set objResponse = m_objHttp.PostUrlEncoded(sUrl, objRequest) > > > > sDomain = m_objHttp.GetDomain(sUrl) > objRequest.Path = m_objHttp.GetUrlPath(sUrl) > Set objResponse = m_objHttp.SynchronousRequest(sDomain, 443, 1, > objRequest) > > =========================================================================== > ========== > This is what I get back from the Chilkat HTTP Event Log: > > SocketConnect = api.twitter.com:443 > HostnameResolve = api.twitter.com > ResolvedToIp = 168.143.161.29 > SocketConnected = api.twitter.com:443 > SslHandshake = Starting > SslHandshake = Finished > HttpRequestBegin = POST,api.twitter.com:443/oauth/access_token > RequestHeader = POST /oauth/access_token HTTP/1.1 > Authorization: OAuth oauth_consumer_key="WITNI0aegpKoIYX7altq3A", > oauth_nonce="TCHRFIGDJS403105000810185", oauth_signature_method="HMAC- > SHA1", oauth_timestamp="1273680007", > > oauth_version="1.0", oauth_signature="rY9qTi1o4Ew+/6rS4248VY81i9M=" > Host: api.twitter.com > Content-Type: application/x-www-form-urlencoded > Content-Length: 0 > StartSendingRequest = 370 > PercentDone = 100 > HttpInfo = Begin reading response > ResponseHeader = HTTP/1.1 500 Internal Server Error > Date: Wed, 12 May 2010 16:29:06 GMT > Server: hi > Status: 500 Internal Server Error > X-Transaction: 1273681746-82104-13101 > Last-Modified: Wed, 12 May 2010 16:29:06 GMT > Content-Type: text/html; charset="utf-8" > Content-Length: 4659 > Pragma: no-cache > X-Revision: DEV > Expires: Tue, 31 Mar 1981 05:00:00 GMT > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- > check=0 > Set-Cookie: k=76.109.171.34.1273681744410025; > path="/"; expires="Wed, 19-May-10 16:29:04 GMT"; > domain=".twitter.com" > Set-Cookie: guest_id=127368174665612036; > path="/"; expires="Fri, 11 Jun 2010 16:29:06 GMT" > Set-Cookie: > _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCOAaWY0oAToRdHJhbnNfcHJvbXB0MDoHaWQi > %250AJTA1NWE5MjEzZDQyODNmMWIyZDkwYTA2ZmM2ZWU5OGVhIgpmbGFzaElDOidB > > %250AY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--32c34802 > 010f03dfd32dafd5977de62874d7b166; > domain=".twitter.com"; path="/" > Vary: Accept-Encoding > Connection: close > HttpStatusCode = 500 > ResponseContentLength = 4659 > ResponseContentLength = 4659 > PercentDone = 42 > HttpInfo = Connection:close header is present > HttpInfo = Finished reading response > PercentDone = 100 > > ###
