I'm building a single-user application that uses OAuth, using the
access tokens found on my application's dashboard, building my http
headers like so:
POST /1/statuses/update.json HTTP/1.1
Authorization: OAuth oauth_nonce=
\"zlMped4OwDfPLqsqm61qdc2LoCSTTnERcEGb5clE\", oauth_signature_method=
\"HMAC-SHA1\", oauth_timestamp=\"1274718143\", oauth_consumer_key=
\"uT8vfUWpS2PDzBigVs1w\", oauth_token=\"28235672-
ZPzOO2RLL0ITE5JdfIaOtNHbSA0JhapEH8KG39ib1\", oauth_signature=
\"IRS9fjaA6Tj1pXHQBtILjcSRaMc%3D\", oauth_version=\"1.0\"
Which works fine over the api console, but when trying the same over
an HTTP debugger client (HTTP Client for Mac OS X), or over the
browser, it asks always for authentication over HTTP (username and
password).
Any pointers on where I'm mistaken? I build the signature like so (in
PHP):
$signature = $MyConsumerSecret.'&'.$MyAccessTokenSecret;
$composite = "POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.json&oauth_consumer_key%3DuT8vfUWpS2PDzBigVs1w%26oauth_nonce
%3DzlMped4OwDfPLqsqm61qdc2LoCSTTnERcEGb5clE%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1274718143%26oauth_token%3D28235672-
ZPzOO2RLL0ITE5JdfIaOtNHbSA0JhapEH8KG39ib1%26oauth_version
%3D1.0%26status%3Dtestie+test"
$oauth_signature = base64_encode(hash_hmac('sha1',$signature,
$composite, true));
Thanks for helping me out!
r
