Hello everyone,
I have problems to use xAuth in a own Twitter application. I have
register an Application and was activated for xauth. I have develop an
Adobe AIR Application which used ActionScript 3.0. In addition, I use
the ActionScript 3 library for oAuth, which is refer in the Twitter
docomentation for ActionScript developers. (http://code.google.com/p/
oauth-as3/)
Unfortunately I can not get a successful response from the twitter
server. I would describe you to my approach and I hope that everyone
can give me a help.
At first time, I create my parameters. For this I used the
"OAuthRequestClass" from the oauth-as3 library. This class, I have
added the xauth parameter. In the following a Code-snipped:
var curDate:Date = new Date();
var uuid:String = UIDUtil.getUID(curDate);
_requestParams["oauth_consumer_key"] = _consumer.key;
_requestParams["oauth_consumer_secret"] =
_consumer.secret;
_requestParams["oauth_nonce"] = uuid;
_requestParams["oauth_signature_method"] =
signatureMethod.name;
_requestParams["oauth_timestamp"] =
String(curDate.time).substring(0, 10);
_requestParams["oauth_version"] = "1.0";
_requestParams["x_auth_mode"] = "client_auth";
_requestParams["x_auth_password"] = password;
_requestParams["x_auth_username"] = user;
_requestParams["oauth_token"] = _token.key;
_requestParams["oauth_token_secret"] = _token.secret;
// generate the signature
var signature:String =
signatureMethod.signRequest(this);
_requestParams["oauth_signature"] = signature;
The Signantur is determined by the following function throw the class
"OAuthSignatureMethod_HMAC_SHA1" from the oauth-as3 library:
public function signRequest(request:OAuthRequest):String {
// get the signable string
var toBeSigned:String = request.getSignableString();
// get the secrets to encrypt with
var sSec:String =
URLEncoding.encode(request.consumer.secret) + "&"
if (request.token)
sSec +=
URLEncoding.encode(request.token.secret);
// hash them
var hmac:HMAC = Crypto.getHMAC("sha1");
var key:ByteArray = Hex.toArray(Hex.fromString(sSec));
var message:ByteArray =
Hex.toArray(Hex.fromString(toBeSigned));
var result:ByteArray = hmac.compute(key,message);
var ret:String = Base64.encodeByteArray(result);
return ret;
}
In the variable "toBeSigned" is included my OAuth signature base
string:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3D..myConsumerKey...%26oauth_nonce
%3D5653B8B9-87E3-89DA-3857-1E9E70C56F5C%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1284708921%26oauth_version
%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password
%3D..myTwitterUsername..%26x_auth_username%3D..myTwitterPassword..
Additionally, I have at this point trying to use the parameters
oauth_consumer_secret and oauth_token.
In my variable "aSec" is including. "myConsumerKey+"&"+myOAuthToken".
For the variable "aSec" I have test following combinations:
"myConsumerKey+"&"+myOAuthToken"
"myConsumerKey+"&"+myOAuthTokenSecret"
"myConsumerSecret+"&"+myOAuthToken"
"myConsumerSecret+"&"+myOAuthTokenSecret"
Since the Twitter documentation to the oauth-as3 library reference, I
assume that runs the encryption correctly.
Perhaps at this point but made a mistake. Can everyone encrypt one
time the words "hello", "world" and tell me how this would look like
encrypted, which is also in use xauth? My result after the above code
would look like: ijqEvNDQBl6X8XXTcER8fQLgCXM=
After this I create my OAuth HTTP Authorisation header. The header
name is "Authorization" and the header value is the following:
OAuth oauth_nonce="5653B8B9-87E3-89DA-3857-1E9E70C56F5C",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1284708921",
oauth_consumer_key="...myConsumerKey...",
oauth_signature="...myCreatedSignanture...", oauth_version="1.0"
I send a Request with this url to the twitter server:
https://api.twitter.com/oauth/access_token?x_auth_mode=client_auth&x_auth_password=..myTwitterPassword&x_auth_username=..MyTwitterUsername...
In the following
In the following my ActionScript code by I make my request to your
server.
var postVariables:String = "?
x_auth_mode=client_auth&x_auth_password="+password
+"&x_auth_username="+user;
var params:URLVariables = new URLVariables();
params.x_auth_mode = "client_auth";
params.x_auth_password = password;
params.x_auth_username = user;
var request:URLRequest = new
URLRequest("https://api.twitter.com/
oauth/access_token"+postVariables);
request.method = URLRequestMethod.POST;
request.requestHeaders = new Array(header);
request.contentType =
"application/x-www-form-urlencoded";
//request.data = params;
var loader:URLLoader = new URLLoader();
loader.addEventListener(Event.COMPLETE,
onComplete);
loader.addEventListener(IOErrorEvent.IO_ERROR,
onFailed);
loader.load(request);
Unfortunately I do not get an successful response. I get the Error-
Message "Failed to validate oauth signature and token", the HTTP
status code 401 and following Error-description:
"Error #2032: Stream Error. URL:
https://api.twitter.com/oauth/access_token?x_auth_mode=client_auth&x_auth_password=myPassword&x_auth_username=myUsername";
I am grateful for any help
andy
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk?hl=en
