[twitter-dev] Re: failed to validate oauth signature and token

[galeyte]

Ok, i've checked again and there is some stuff i did not see at first.
So now i'm correctly generating my basestring :
basestring: POST&http%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3D[CONSUMER_KEY]%26oauth_nonce
%3Dmr7yTy%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1302881089%26oauth_version%3D1.0

and this is the signature :
signature: uC+AkOdUVj8fpiKL+GVLlM0QmAE=

I guess the problem is in the signature but i can't figure where.


On Apr 15, 4:28 pm, galeyte  wrote:
> Hi again !
>
> I'm trying to develop a desktop-application javascript based.
> I'm actually trying to get the request_token from twitter.
> I'm using OAuth js library, and after testing their examples, i'm
> trying to do the same thing 
> ashttp://oauth.googlecode.com/svn/code/javascript/example/requestToken
> do, because it seems to work and twitter respond with a valuable
> request_token and secret.
> To complete the exactly same request, i've been wiresharking my http
> request and form the same strings with XMLHttpRequest in my code.
> The only response i get is "401 - failed to validate oauth signature
> or token", so i assume i make a mistake in basestring generation or
> basstring signature.
> my code :
> function signForm() {
>     accessor = { consumerSecret: consumer_secret
>         , tokenSecret   : oauth_token_secret};
>     message = { action: "/request_token"
>         , method: "POST"
>         , parameters: []};
>     message.parameters.push(["oauth_consumer_key", consumer_key]);
>     message.parameters.push(["oauth_signature_method",
> signature_method]);
>     OAuth.setTimestampAndNonce(message);
>     OAuth.SignatureMethod.sign(message, accessor);
>     return true;
>
> }
>
> function getSignature() {
>     signForm();
>     console.log(OAuth.getParameter(message.parameters,
> "oauth_signature"));
>     OAuth.completeRequest(message, accessor);
>     request_maker = new XMLHttpRequest();
>     request_maker.open("POST", "http://api.twitter.com/oauth/
> request_token");
>     request_maker.setRequestHeader("Host", "api.twitter.com");
>     request_maker.setRequestHeader("Content-type", "application/x-www-
> form-urlencoded");
>     request_maker.onreadystatechange = oth_func;
>     request_maker.send("oauth_consumer_key="+consumer_key
> +"&oauth_signature_method="+signature_method
> +"&oauth_timestamp="+OAuth.getParameter(message.parameters,
> "oauth_timestamp")
> +"&oauth_nonce="+OAuth.getParameter(message.parameters, "oauth_nonce")
> +"&oauth_signature="+encodeURI(OAuth.getParameter(message.parameters,
> "oauth_signature")));
>
> }
>
> I've seen some "base64" encoding in some twitter client sources, but
> since it's not mentioned in twitter api doc, i don't use base64.
>
> If you have any clue to help me go through this issue, i'd be
> gratefull !

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token

[Dale]

Hi Matt,
I have fixed a bunch of the formatting issues and it now validates in
the OAuth tester app that Tom posted, but I am still getting an error
when posting.

Here is my updated request string.
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3DX%26oauth_nonce
%3D430489.541778%26oauth_signature_method%3DHMAC
%2DSHA1%26oauth_timestamp%3D1297274801%26oauth_version%3D1.0

Here is the error returned.
Failed to validate oauth signature and token

Here is the return header.
HTTP/1.1 401 Unauthorized Connection: close Expires: Tue, 31 Mar 1981
05:00:00 GMT Date: Wed, 09 Feb 2011 18:06:45 GMT Server: hi X-Runtime:
0.00454 Vary: Accept-Encoding X-Transaction: Wed Feb 09 18:06:45 +
2011-87785-54083 Pragma: no-cache Status: 401 Unauthorized Cache-
Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0 Set-Cookie: k=[MY IP ADDRESS].1297274805118711; path=/;
expires=Wed, 16-Feb-11 18:06:45 GMT; domain=.twitter.com Set-Cookie:
guest_id=129727480520719350; path=/; expires=Fri, 11 Mar 2011 18:06:45
GMT Set-Cookie:
_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNibmgsuAToHaWQiJTYwMDg4OGQ2N2ZlMTBm
%250AY2I1NWFiNGRmNWRiY2I2N2UxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--0e5cbcd15c652517645f3fb4a648abeabec997e9;
domain=.twitter.com; path=/; HttpOnly X-Revision: DEV Last-Modified:
Wed, 09 Feb 2011 18:06:45 GMT Content-Type: text/html; charset=utf-8

Any further ideas?
-Dale

On Feb 8, 5:34 pm, Matt Harris  wrote:
> Hi Dale,
>
> There are a number of things that can cause OAuth to fail. We've clarified
> our error messages to try and make it easier to know which bit is the cause
> of the problem.
>
> For timestamps we return the error message "Timestamp out of bounds".
> In your case the error message is saying your signature is incorrect. This
> means either your basestring is incorrectly encoded, badly formatted or
> doesn't match the API request URL and parameters you are sending.
> Looking at your basestring I notice that you have a lot of additional
> encoding going on and are missing the first & between POST and http.
>
> To help you get it right I recommended checking out our authentication
> overview page on our developer resources site. Specifically the section on
> signing requests and acquiring a request token:
>    http://dev.twitter.com/pages/auth#signing-requests
>    http://dev.twitter.com/pages/auth#request-token
>
> Best,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
>
>
>
>
>
>
> On Tue, Feb 8, 2011 at 3:58 PM, Dale  wrote:
> > I just set the system clock on my Win 2003 server to net time /
> > setsntp:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org" as I saw a lot
> > of folks saying this fixed their issues, but it had no effect.
>
> > On Feb 8, 3:15 pm, Dale  wrote:
> > > I am attempting to set up a ColdFusion script to do auto updates to
> > > Twitter when a new article is posted to our CMS. I have been having
> > > trouble getting the request token and keep getting the Failed to
> > > validate oauth signature and token error message when making
> > > attempts.
>
> > > Here is my request string...
> > > POSThttp%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest%5Ftoken%26oauth
> > > %5Fconsumer%5Fkey%XXX%26oauth%5Fsignature%5Fmethod%3DHMAC
> > > %2DSHA1%26oauth%5Ftimestamp%3D1297206414%26oauth%5Fversion
> > > %3D1%2E0%26oauth%5Fnonce%3D556979%2E9534
>
> > > I have verified that the time stamp is the the correct epoch time in
> > > my time zone (PST). Any help would be appreciated.
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Failed to validate oauth signature and token

[victoriannsmith]

Do I have to leave the group? 
Sent via BlackBerry by AT&T

-Original Message-
From: Matt Harris 
Sender: twitter-development-talk@googlegroups.com
Date: Tue, 8 Feb 2011 17:34:18 
To: 
Reply-To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] Re: Failed to validate oauth signature and token

Hi Dale,

There are a number of things that can cause OAuth to fail. We've clarified
our error messages to try and make it easier to know which bit is the cause
of the problem.

For timestamps we return the error message "Timestamp out of bounds".
In your case the error message is saying your signature is incorrect. This
means either your basestring is incorrectly encoded, badly formatted or
doesn't match the API request URL and parameters you are sending.
Looking at your basestring I notice that you have a lot of additional
encoding going on and are missing the first & between POST and http.

To help you get it right I recommended checking out our authentication
overview page on our developer resources site. Specifically the section on
signing requests and acquiring a request token:
http://dev.twitter.com/pages/auth#signing-requests
http://dev.twitter.com/pages/auth#request-token

Best,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Tue, Feb 8, 2011 at 3:58 PM, Dale  wrote:

> I just set the system clock on my Win 2003 server to net time /
> setsntp:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org" as I saw a lot
> of folks saying this fixed their issues, but it had no effect.
>
> On Feb 8, 3:15 pm, Dale  wrote:
> > I am attempting to set up a ColdFusion script to do auto updates to
> > Twitter when a new article is posted to our CMS. I have been having
> > trouble getting the request token and keep getting the Failed to
> > validate oauth signature and token error message when making
> > attempts.
> >
> > Here is my request string...
> > POSThttp%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest%5Ftoken%26oauth
> > %5Fconsumer%5Fkey%XXX%26oauth%5Fsignature%5Fmethod%3DHMAC
> > %2DSHA1%26oauth%5Ftimestamp%3D1297206414%26oauth%5Fversion
> > %3D1%2E0%26oauth%5Fnonce%3D556979%2E9534
> >
> > I have verified that the time stamp is the the correct epoch time in
> > my time zone (PST). Any help would be appreciated.
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Failed to validate oauth signature and token

[victoriannsmith]

I'm getting CC'd on all these emails, can you take me off please? 
Sent via BlackBerry by AT&T

-Original Message-
From: Matt Harris 
Sender: twitter-development-talk@googlegroups.com
Date: Tue, 8 Feb 2011 17:34:18 
To: 
Reply-To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] Re: Failed to validate oauth signature and token

Hi Dale,

There are a number of things that can cause OAuth to fail. We've clarified
our error messages to try and make it easier to know which bit is the cause
of the problem.

For timestamps we return the error message "Timestamp out of bounds".
In your case the error message is saying your signature is incorrect. This
means either your basestring is incorrectly encoded, badly formatted or
doesn't match the API request URL and parameters you are sending.
Looking at your basestring I notice that you have a lot of additional
encoding going on and are missing the first & between POST and http.

To help you get it right I recommended checking out our authentication
overview page on our developer resources site. Specifically the section on
signing requests and acquiring a request token:
http://dev.twitter.com/pages/auth#signing-requests
http://dev.twitter.com/pages/auth#request-token

Best,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Tue, Feb 8, 2011 at 3:58 PM, Dale  wrote:

> I just set the system clock on my Win 2003 server to net time /
> setsntp:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org" as I saw a lot
> of folks saying this fixed their issues, but it had no effect.
>
> On Feb 8, 3:15 pm, Dale  wrote:
> > I am attempting to set up a ColdFusion script to do auto updates to
> > Twitter when a new article is posted to our CMS. I have been having
> > trouble getting the request token and keep getting the Failed to
> > validate oauth signature and token error message when making
> > attempts.
> >
> > Here is my request string...
> > POSThttp%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest%5Ftoken%26oauth
> > %5Fconsumer%5Fkey%XXX%26oauth%5Fsignature%5Fmethod%3DHMAC
> > %2DSHA1%26oauth%5Ftimestamp%3D1297206414%26oauth%5Fversion
> > %3D1%2E0%26oauth%5Fnonce%3D556979%2E9534
> >
> > I have verified that the time stamp is the the correct epoch time in
> > my time zone (PST). Any help would be appreciated.
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Failed to validate oauth signature and token

[Matt Harris]

Hi Dale,

There are a number of things that can cause OAuth to fail. We've clarified
our error messages to try and make it easier to know which bit is the cause
of the problem.

For timestamps we return the error message "Timestamp out of bounds".
In your case the error message is saying your signature is incorrect. This
means either your basestring is incorrectly encoded, badly formatted or
doesn't match the API request URL and parameters you are sending.
Looking at your basestring I notice that you have a lot of additional
encoding going on and are missing the first & between POST and http.

To help you get it right I recommended checking out our authentication
overview page on our developer resources site. Specifically the section on
signing requests and acquiring a request token:
http://dev.twitter.com/pages/auth#signing-requests
http://dev.twitter.com/pages/auth#request-token

Best,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Tue, Feb 8, 2011 at 3:58 PM, Dale  wrote:

> I just set the system clock on my Win 2003 server to net time /
> setsntp:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org" as I saw a lot
> of folks saying this fixed their issues, but it had no effect.
>
> On Feb 8, 3:15 pm, Dale  wrote:
> > I am attempting to set up a ColdFusion script to do auto updates to
> > Twitter when a new article is posted to our CMS. I have been having
> > trouble getting the request token and keep getting the Failed to
> > validate oauth signature and token error message when making
> > attempts.
> >
> > Here is my request string...
> > POSThttp%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest%5Ftoken%26oauth
> > %5Fconsumer%5Fkey%XXX%26oauth%5Fsignature%5Fmethod%3DHMAC
> > %2DSHA1%26oauth%5Ftimestamp%3D1297206414%26oauth%5Fversion
> > %3D1%2E0%26oauth%5Fnonce%3D556979%2E9534
> >
> > I have verified that the time stamp is the the correct epoch time in
> > my time zone (PST). Any help would be appreciated.
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token

[Dale]

I just set the system clock on my Win 2003 server to net time /
setsntp:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org" as I saw a lot
of folks saying this fixed their issues, but it had no effect.

On Feb 8, 3:15 pm, Dale  wrote:
> I am attempting to set up a ColdFusion script to do auto updates to
> Twitter when a new article is posted to our CMS. I have been having
> trouble getting the request token and keep getting the Failed to
> validate oauth signature and token error message when making
> attempts.
>
> Here is my request string...
> POSThttp%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest%5Ftoken%26oauth
> %5Fconsumer%5Fkey%XXX%26oauth%5Fsignature%5Fmethod%3DHMAC
> %2DSHA1%26oauth%5Ftimestamp%3D1297206414%26oauth%5Fversion
> %3D1%2E0%26oauth%5Fnonce%3D556979%2E9534
>
> I have verified that the time stamp is the the correct epoch time in
> my time zone (PST). Any help would be appreciated.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token

[computerzworld]

I am facing the problem again even after server time sync. Getting the
same error again. Now what should be the issue? I am getting stuck
again :(

On Nov 20, 10:45 am, computerzworld  wrote:
> Problem solved! I have synchronized my server time to NTM using WHM  &
> it worked! Thanks all for your help.
>
> On Nov 20, 10:26 am, computerzworld  wrote:
>
> > @ Matt Harris
> >                       I checked the header from twitter & my server's
> > header & I found difference of 1 hour & I have set the time using
> > date_default_timezone_set to GMT using PHP. But still its giving the
> > same error. What should be the problem behind it? Thanks.
>
> > On Nov 19, 11:55 pm, Matt Harris  wrote:
>
> > > In addition, the server time is returned in the HEAD of every response 
> > > from
> > > the Twitter API. If the first request fails you can inspect the time
> > > returned in the HEAD and calculate the difference between it and your 
> > > local
> > > time. You can then add/subtract that difference to the timestamp you use 
> > > for
> > > OAuth requests.
>
> > > Hope that helps,
> > > @themattharris
> > > Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> > > On Fri, Nov 19, 2010 at 9:35 AM, M. Edward (Ed) Borasky <
>
> > > zn...@borasky-research.net> wrote:
> > > > The server administrators can and should sync server clocks 
> > > > automatically
> > > > to the world time clocks using Network Time Protocol (NTP). If your "IT
> > > > department" isn't doing this, find out why not. Most likely they don't 
> > > > know
> > > > it's possible. It's pretty easy on Linux and Windows, but you do need an
> > > > Internet connection to the outside world, so the firewall folks need to 
> > > > be
> > > > involved and you have to make sure your server-side NTP software is 
> > > > kept up
> > > > to date on security patches.
> > > >  --
> > > > M. Edward (Ed) Borasky
> > > >http://borasky-research.nethttp://twitter.com/znmeb
>
> > > > "A mathematician is a device for turning coffee into theorems." - Paul
> > > > Erdos
>
> > > > Quoting computerzworld :
>
> > > >  Thanks for your reply. Is there anyway to sync server clock
> > > >> programatically? Or any other way by which we can make the stuff
> > > >> working? Because I don't have access to server hardware.
>
> > > >> On Nov 12, 12:28 am, Abraham Williams <4bra...@gmail.com> wrote:
>
> > > >>> Your servers clock needs to be properly synced using NTP.
>
> > > >>>http://en.wikipedia.org/wiki/Network_Time_Protocol
>
> > > >>> Abraham
> > > >>> -
> > > >>> Abraham Williams | Hacker Advocate | abrah.am
> > > >>> @abraham  | github.com/abraham |
> > > >>> blog.abrah.am
> > > >>> This email is: [ ] shareable [x] ask first [ ] private.
>
> > > >>> On Thu, Nov 11, 2010 at 05:36, computerzworld 
> > > >>> wrote:
> > > >>> > Hello,
> > > >>> >            I am using Twitter Oauth library for signing in to 
> > > >>> > Twitter
> > > >>> > & getting access token for posting tweets programatically. But when 
> > > >>> > I
> > > >>> > am trying to run the application on my server it is giving me error
> > > >>> > like
>
> > > >>> > "Failed to validate oauth signature and token"
>
> > > >>> > I tried to move the application on another server & it is working. 
> > > >>> > So
> > > >>> > what should be the problem behind this? Is there any configuration
> > > >>> > required for the server in order to make this work? Please help me.
>
> > > >>> > Thanks in advance.
>
> > > >>> > --
> > > >>> > Twitter developer documentation and resources:
> > > >>>http://dev.twitter.com/doc
> > > >>> > API updates via Twitter:http://twitter.com/twitterapi
> > > >>> > Issues/Enhancements Tracker:
> > > >>> >http://code.google.com/p/twitter-api/issues/list
> > > >>> > Change your membership to this group:
> > > >>> >http://groups.google.com/group/twitter-development-talk
>
> > > >> --
> > > >> Twitter developer documentation and 
> > > >> resources:http://dev.twitter.com/doc
> > > >> API updates via Twitter:http://twitter.com/twitterapi
> > > >> Issues/Enhancements Tracker:
> > > >>http://code.google.com/p/twitter-api/issues/list
> > > >> Change your membership to this group:
> > > >>http://groups.google.com/group/twitter-development-talk
>
> > > > --
> > > > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > > > API updates via Twitter:http://twitter.com/twitterapi
> > > > Issues/Enhancements Tracker:
> > > >http://code.google.com/p/twitter-api/issues/list
> > > > Change your membership to this group:
> > > >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token

[computerzworld]

Problem solved! I have synchronized my server time to NTM using WHM  &
it worked! Thanks all for your help.


On Nov 20, 10:26 am, computerzworld  wrote:
> @ Matt Harris
>                       I checked the header from twitter & my server's
> header & I found difference of 1 hour & I have set the time using
> date_default_timezone_set to GMT using PHP. But still its giving the
> same error. What should be the problem behind it? Thanks.
>
> On Nov 19, 11:55 pm, Matt Harris  wrote:
>
> > In addition, the server time is returned in the HEAD of every response from
> > the Twitter API. If the first request fails you can inspect the time
> > returned in the HEAD and calculate the difference between it and your local
> > time. You can then add/subtract that difference to the timestamp you use for
> > OAuth requests.
>
> > Hope that helps,
> > @themattharris
> > Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> > On Fri, Nov 19, 2010 at 9:35 AM, M. Edward (Ed) Borasky <
>
> > zn...@borasky-research.net> wrote:
> > > The server administrators can and should sync server clocks automatically
> > > to the world time clocks using Network Time Protocol (NTP). If your "IT
> > > department" isn't doing this, find out why not. Most likely they don't 
> > > know
> > > it's possible. It's pretty easy on Linux and Windows, but you do need an
> > > Internet connection to the outside world, so the firewall folks need to be
> > > involved and you have to make sure your server-side NTP software is kept 
> > > up
> > > to date on security patches.
> > >  --
> > > M. Edward (Ed) Borasky
> > >http://borasky-research.nethttp://twitter.com/znmeb
>
> > > "A mathematician is a device for turning coffee into theorems." - Paul
> > > Erdos
>
> > > Quoting computerzworld :
>
> > >  Thanks for your reply. Is there anyway to sync server clock
> > >> programatically? Or any other way by which we can make the stuff
> > >> working? Because I don't have access to server hardware.
>
> > >> On Nov 12, 12:28 am, Abraham Williams <4bra...@gmail.com> wrote:
>
> > >>> Your servers clock needs to be properly synced using NTP.
>
> > >>>http://en.wikipedia.org/wiki/Network_Time_Protocol
>
> > >>> Abraham
> > >>> -
> > >>> Abraham Williams | Hacker Advocate | abrah.am
> > >>> @abraham  | github.com/abraham |
> > >>> blog.abrah.am
> > >>> This email is: [ ] shareable [x] ask first [ ] private.
>
> > >>> On Thu, Nov 11, 2010 at 05:36, computerzworld 
> > >>> wrote:
> > >>> > Hello,
> > >>> >            I am using Twitter Oauth library for signing in to Twitter
> > >>> > & getting access token for posting tweets programatically. But when I
> > >>> > am trying to run the application on my server it is giving me error
> > >>> > like
>
> > >>> > "Failed to validate oauth signature and token"
>
> > >>> > I tried to move the application on another server & it is working. So
> > >>> > what should be the problem behind this? Is there any configuration
> > >>> > required for the server in order to make this work? Please help me.
>
> > >>> > Thanks in advance.
>
> > >>> > --
> > >>> > Twitter developer documentation and resources:
> > >>>http://dev.twitter.com/doc
> > >>> > API updates via Twitter:http://twitter.com/twitterapi
> > >>> > Issues/Enhancements Tracker:
> > >>> >http://code.google.com/p/twitter-api/issues/list
> > >>> > Change your membership to this group:
> > >>> >http://groups.google.com/group/twitter-development-talk
>
> > >> --
> > >> Twitter developer documentation and resources:http://dev.twitter.com/doc
> > >> API updates via Twitter:http://twitter.com/twitterapi
> > >> Issues/Enhancements Tracker:
> > >>http://code.google.com/p/twitter-api/issues/list
> > >> Change your membership to this group:
> > >>http://groups.google.com/group/twitter-development-talk
>
> > > --
> > > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > > API updates via Twitter:http://twitter.com/twitterapi
> > > Issues/Enhancements Tracker:
> > >http://code.google.com/p/twitter-api/issues/list
> > > Change your membership to this group:
> > >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token

[computerzworld]

@ Matt Harris
  I checked the header from twitter & my server's
header & I found difference of 1 hour & I have set the time using
date_default_timezone_set to GMT using PHP. But still its giving the
same error. What should be the problem behind it? Thanks.

On Nov 19, 11:55 pm, Matt Harris  wrote:
> In addition, the server time is returned in the HEAD of every response from
> the Twitter API. If the first request fails you can inspect the time
> returned in the HEAD and calculate the difference between it and your local
> time. You can then add/subtract that difference to the timestamp you use for
> OAuth requests.
>
> Hope that helps,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> On Fri, Nov 19, 2010 at 9:35 AM, M. Edward (Ed) Borasky <
>
> zn...@borasky-research.net> wrote:
> > The server administrators can and should sync server clocks automatically
> > to the world time clocks using Network Time Protocol (NTP). If your "IT
> > department" isn't doing this, find out why not. Most likely they don't know
> > it's possible. It's pretty easy on Linux and Windows, but you do need an
> > Internet connection to the outside world, so the firewall folks need to be
> > involved and you have to make sure your server-side NTP software is kept up
> > to date on security patches.
> >  --
> > M. Edward (Ed) Borasky
> >http://borasky-research.nethttp://twitter.com/znmeb
>
> > "A mathematician is a device for turning coffee into theorems." - Paul
> > Erdos
>
> > Quoting computerzworld :
>
> >  Thanks for your reply. Is there anyway to sync server clock
> >> programatically? Or any other way by which we can make the stuff
> >> working? Because I don't have access to server hardware.
>
> >> On Nov 12, 12:28 am, Abraham Williams <4bra...@gmail.com> wrote:
>
> >>> Your servers clock needs to be properly synced using NTP.
>
> >>>http://en.wikipedia.org/wiki/Network_Time_Protocol
>
> >>> Abraham
> >>> -
> >>> Abraham Williams | Hacker Advocate | abrah.am
> >>> @abraham  | github.com/abraham |
> >>> blog.abrah.am
> >>> This email is: [ ] shareable [x] ask first [ ] private.
>
> >>> On Thu, Nov 11, 2010 at 05:36, computerzworld 
> >>> wrote:
> >>> > Hello,
> >>> >            I am using Twitter Oauth library for signing in to Twitter
> >>> > & getting access token for posting tweets programatically. But when I
> >>> > am trying to run the application on my server it is giving me error
> >>> > like
>
> >>> > "Failed to validate oauth signature and token"
>
> >>> > I tried to move the application on another server & it is working. So
> >>> > what should be the problem behind this? Is there any configuration
> >>> > required for the server in order to make this work? Please help me.
>
> >>> > Thanks in advance.
>
> >>> > --
> >>> > Twitter developer documentation and resources:
> >>>http://dev.twitter.com/doc
> >>> > API updates via Twitter:http://twitter.com/twitterapi
> >>> > Issues/Enhancements Tracker:
> >>> >http://code.google.com/p/twitter-api/issues/list
> >>> > Change your membership to this group:
> >>> >http://groups.google.com/group/twitter-development-talk
>
> >> --
> >> Twitter developer documentation and resources:http://dev.twitter.com/doc
> >> API updates via Twitter:http://twitter.com/twitterapi
> >> Issues/Enhancements Tracker:
> >>http://code.google.com/p/twitter-api/issues/list
> >> Change your membership to this group:
> >>http://groups.google.com/group/twitter-development-talk
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Failed to validate oauth signature and token

[Matt Harris]

In addition, the server time is returned in the HEAD of every response from
the Twitter API. If the first request fails you can inspect the time
returned in the HEAD and calculate the difference between it and your local
time. You can then add/subtract that difference to the timestamp you use for
OAuth requests.

Hope that helps,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Fri, Nov 19, 2010 at 9:35 AM, M. Edward (Ed) Borasky <
zn...@borasky-research.net> wrote:

> The server administrators can and should sync server clocks automatically
> to the world time clocks using Network Time Protocol (NTP). If your "IT
> department" isn't doing this, find out why not. Most likely they don't know
> it's possible. It's pretty easy on Linux and Windows, but you do need an
> Internet connection to the outside world, so the firewall folks need to be
> involved and you have to make sure your server-side NTP software is kept up
> to date on security patches.
>  --
> M. Edward (Ed) Borasky
> http://borasky-research.net http://twitter.com/znmeb
>
> "A mathematician is a device for turning coffee into theorems." - Paul
> Erdos
>
>
>
> Quoting computerzworld :
>
>  Thanks for your reply. Is there anyway to sync server clock
>> programatically? Or any other way by which we can make the stuff
>> working? Because I don't have access to server hardware.
>>
>> On Nov 12, 12:28 am, Abraham Williams <4bra...@gmail.com> wrote:
>>
>>> Your servers clock needs to be properly synced using NTP.
>>>
>>> http://en.wikipedia.org/wiki/Network_Time_Protocol
>>>
>>> Abraham
>>> -
>>> Abraham Williams | Hacker Advocate | abrah.am
>>> @abraham  | github.com/abraham |
>>> blog.abrah.am
>>> This email is: [ ] shareable [x] ask first [ ] private.
>>>
>>> On Thu, Nov 11, 2010 at 05:36, computerzworld 
>>> wrote:
>>> > Hello,
>>> >I am using Twitter Oauth library for signing in to Twitter
>>> > & getting access token for posting tweets programatically. But when I
>>> > am trying to run the application on my server it is giving me error
>>> > like
>>>
>>> > "Failed to validate oauth signature and token"
>>>
>>> > I tried to move the application on another server & it is working. So
>>> > what should be the problem behind this? Is there any configuration
>>> > required for the server in order to make this work? Please help me.
>>>
>>> > Thanks in advance.
>>>
>>> > --
>>> > Twitter developer documentation and resources:
>>> http://dev.twitter.com/doc
>>> > API updates via Twitter:http://twitter.com/twitterapi
>>> > Issues/Enhancements Tracker:
>>> >http://code.google.com/p/twitter-api/issues/list
>>> > Change your membership to this group:
>>> >http://groups.google.com/group/twitter-development-talk
>>>
>>
>> --
>> Twitter developer documentation and resources: http://dev.twitter.com/doc
>> API updates via Twitter: http://twitter.com/twitterapi
>> Issues/Enhancements Tracker:
>> http://code.google.com/p/twitter-api/issues/list
>> Change your membership to this group:
>> http://groups.google.com/group/twitter-development-talk
>>
>>
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Failed to validate oauth signature and token

[M. Edward (Ed) Borasky]

The server administrators can and should sync server clocks  
automatically to the world time clocks using Network Time Protocol  
(NTP). If your "IT department" isn't doing this, find out why not.  
Most likely they don't know it's possible. It's pretty easy on Linux  
and Windows, but you do need an Internet connection to the outside  
world, so the firewall folks need to be involved and you have to make  
sure your server-side NTP software is kept up to date on security  
patches.

--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos


Quoting computerzworld :


Thanks for your reply. Is there anyway to sync server clock
programatically? Or any other way by which we can make the stuff
working? Because I don't have access to server hardware.

On Nov 12, 12:28 am, Abraham Williams <4bra...@gmail.com> wrote:

Your servers clock needs to be properly synced using NTP.

http://en.wikipedia.org/wiki/Network_Time_Protocol

Abraham
-
Abraham Williams | Hacker Advocate | abrah.am
@abraham  | github.com/abraham | blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.

On Thu, Nov 11, 2010 at 05:36, computerzworld  wrote:
> Hello,
>            I am using Twitter Oauth library for signing in to Twitter
> & getting access token for posting tweets programatically. But when I
> am trying to run the application on my server it is giving me error
> like

> "Failed to validate oauth signature and token"

> I tried to move the application on another server & it is working. So
> what should be the problem behind this? Is there any configuration
> required for the server in order to make this work? Please help me.

> Thanks in advance.

> --
> Twitter developer documentation and resources:http://dev.twitter.com/doc
> API updates via Twitter:http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
>http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
>http://groups.google.com/group/twitter-development-talk


--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:  
http://groups.google.com/group/twitter-development-talk





--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token

[computerzworld]

Thanks for your reply. Is there anyway to sync server clock
programatically? Or any other way by which we can make the stuff
working? Because I don't have access to server hardware.

On Nov 12, 12:28 am, Abraham Williams <4bra...@gmail.com> wrote:
> Your servers clock needs to be properly synced using NTP.
>
> http://en.wikipedia.org/wiki/Network_Time_Protocol
>
> Abraham
> -
> Abraham Williams | Hacker Advocate | abrah.am
> @abraham  | github.com/abraham | blog.abrah.am
> This email is: [ ] shareable [x] ask first [ ] private.
>
> On Thu, Nov 11, 2010 at 05:36, computerzworld  wrote:
> > Hello,
> >            I am using Twitter Oauth library for signing in to Twitter
> > & getting access token for posting tweets programatically. But when I
> > am trying to run the application on my server it is giving me error
> > like
>
> > "Failed to validate oauth signature and token"
>
> > I tried to move the application on another server & it is working. So
> > what should be the problem behind this? Is there any configuration
> > required for the server in order to make this work? Please help me.
>
> > Thanks in advance.
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token

[kprobe]

OK, switched over to use Tijs Verkoyen twitter class and it works.

On Oct 28, 2:00 pm, Tom van der Woerdt  wrote:
> The URLs in that object are very old. You should always use
> api.twitter.com, and if possible, https://.
>
> I cannot tell you why you are getting this error without seeing more
> info about the request, like the complete HTTP request, and some
> information about the signature generation.
>
> Tom
>
> On 10/28/10 7:54 PM, kprobe wrote:
>
> > I have two browser-based applications. One has been running for a week
> > but today is getting "Failed to validate oauth signature and token"
> > error. I made no changes. Using the EPITwitter library. Even reset the
> > tokens.
>
> > EpiTwitter Object ( [requestTokenUrl:protected] 
> > =>http://twitter.com/oauth/request_token
> > [accessTokenUrl:protected] =>http://twitter.com/oauth/access_token
> > [authorizeUrl:protected] =>http://twitter.com/oauth/authorize
> > [apiUrl:protected] =>http://twitter.com[version] => 1.0
> > [consumerKey:protected] => x
> > [consumerSecret:protected] => x [token:protected]
> > => [tokenSecret:protected] => [signatureMethod:protected] => HMAC-SHA1
> > [curl] => EpiCurl Object ( [mc:private] => Resource id #8
> > [msgs:private] => [running:private] => [requests:private] => Array
> > ( [Resource id #9] => Resource id #9 ) [responses:private] => Array
> > ( [Resource id #9] => Array ( [data] => Failed to validate oauth
> > signature and token [code] => 401 [time] => 0.249076 [length] => 44
> > [type] => text/html; charset=utf-8 ) ) [properties:private] => Array
> > ( [code] => 2097154 [time] => 3145731 [length] => 3145743 [type] =>
> > 1048594 ) ) )
>
> > The other application is a clone but under another account, using
> > different key and tokens of course. That one authenticates and tries
> > to send tweets (post_statusesUpdate), gets no error responses but the
> > tweets never appear in the account.
>
> > Any ideas on either?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token - C# .Net

[MartinHN]

Thanks, that helped! I just encoded the callback URL, and now it
works!

On Oct 26, 9:26 pm, Tom van der Woerdt  wrote:
> You should URL-encode all values first, before putting them in the Body
> part of the Base String (which is then URL-encoded again).
>
> In your case, oauth_callback isn't properly encoded.
>
> Tom
>
> On 10/26/10 9:20 PM, MartinHN wrote:
>
>
>
>
>
>
>
> > Signature base:
>
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fyakinix.web%2Foauth
> > %2Fcallback%26oauth_consumer_key%3D6lu1o0Jd01UoBPIvdohog%26oauth_nonce
> > %3Df35812a9-39e7-41f4-b2aa-e08bae349f60%26oauth_signature_method
> > %3DHMAC-SHA1%26oauth_timestamp%3D1288120763%26oauth_version%3D1.0
>
> > New timestamp and nonce, since I copied the above from a new request.
>
> > On Oct 26, 9:06 pm, Tom van der Woerdt  wrote:
> >> You're probably not creating a signature the right way. What is your
> >> base string?
>
> >> Tom
>
> >> On 10/26/10 9:01 PM, MartinHN wrote:
>
> >>> Hi
>
> >>> I'm getting the Failed to validate oauth signature and token error,
> >>> and I really don't know what I'm doing wrong.
>
> >>> Here are the request and responses, hope someone can figure out what's
> >>> wrong:
>
> >>> Request:
>
> >>> POSThttps://api.twitter.com/oauth/request_tokenHTTP/1.1
> >>> Content-Type: application/x-www-form-urlencoded
> >>> Authorization: OAuth oauth_nonce="63b2a5f9-
> >>> c84c-4139-9e72-09704f8c460f", oauth_callback="http%3A%2F%2Fyakinix.web
> >>> %2Foauth%2Fcallback", oauth_signature_method="HMAC-SHA1",
> >>> oauth_timestamp="1288119361",
> >>> oauth_consumer_key="6lu1o0Jd01UoBPIvdohog",
> >>> oauth_signature="vI8MaCVg7XciXIeIay%2Bg%2BXGiflM%3D",
> >>> oauth_version="1.0"
> >>> Host: api.twitter.com
> >>> Content-Length: 0
> >>> Connection: Keep-Alive
>
> >>> Response:
>
> >>> HTTP/1.1 401 Unauthorized
> >>> Date: Tue, 26 Oct 2010 18:56:02 GMT
> >>> Server: hi
> >>> Status: 401 Unauthorized
> >>> X-Transaction: 1288119362-88573-53455
> >>> Last-Modified: Tue, 26 Oct 2010 18:56:02 GMT
> >>> X-Runtime: 0.01085
> >>> Content-Type: text/html; charset=utf-8
> >>> Content-Length: 44
> >>> Pragma: no-cache
> >>> X-Revision: DEV
> >>> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> >>> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> >>> check=0
> >>> Set-Cookie: k=87.60.166.192.1288119362316968; path=/; expires=Tue, 02-
> >>> Nov-10 18:56:02 GMT; domain=.twitter.com
> >>> Set-Cookie: guest_id=128811936237445035; path=/; expires=Thu, 25 Nov
> >>> 2010 18:56:02 GMT
> >>> Set-Cookie:
> >>> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEij5ekrAToHaWQiJTYxZjRmNzM4OTYwNzBl
> >>> %250AMzA3NWRlY2VhZTI1NDFhZGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> >>> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--560f0521cbaf0946beaf5055905d
> >>>  6d07c1deb378;
> >>> domain=.twitter.com; path=/
> >>> Vary: Accept-Encoding
> >>> Connection: close
>
> >>> Failed to validate oauth signature and token
>
> >>> Can anyone see what's wrong?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Failed to validate oauth signature and token - C# .Net

[Tom van der Woerdt]

You should URL-encode all values first, before putting them in the Body
part of the Base String (which is then URL-encoded again).

In your case, oauth_callback isn't properly encoded.

Tom


On 10/26/10 9:20 PM, MartinHN wrote:
> Signature base:
> 
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fyakinix.web%2Foauth
> %2Fcallback%26oauth_consumer_key%3D6lu1o0Jd01UoBPIvdohog%26oauth_nonce
> %3Df35812a9-39e7-41f4-b2aa-e08bae349f60%26oauth_signature_method
> %3DHMAC-SHA1%26oauth_timestamp%3D1288120763%26oauth_version%3D1.0
> 
> New timestamp and nonce, since I copied the above from a new request.
> 
> On Oct 26, 9:06 pm, Tom van der Woerdt  wrote:
>> You're probably not creating a signature the right way. What is your
>> base string?
>>
>> Tom
>>
>> On 10/26/10 9:01 PM, MartinHN wrote:
>>
>>
>>
>>
>>
>>
>>
>>> Hi
>>
>>> I'm getting the Failed to validate oauth signature and token error,
>>> and I really don't know what I'm doing wrong.
>>
>>> Here are the request and responses, hope someone can figure out what's
>>> wrong:
>>
>>> Request:
>>
>>> POSThttps://api.twitter.com/oauth/request_tokenHTTP/1.1
>>> Content-Type: application/x-www-form-urlencoded
>>> Authorization: OAuth oauth_nonce="63b2a5f9-
>>> c84c-4139-9e72-09704f8c460f", oauth_callback="http%3A%2F%2Fyakinix.web
>>> %2Foauth%2Fcallback", oauth_signature_method="HMAC-SHA1",
>>> oauth_timestamp="1288119361",
>>> oauth_consumer_key="6lu1o0Jd01UoBPIvdohog",
>>> oauth_signature="vI8MaCVg7XciXIeIay%2Bg%2BXGiflM%3D",
>>> oauth_version="1.0"
>>> Host: api.twitter.com
>>> Content-Length: 0
>>> Connection: Keep-Alive
>>
>>> Response:
>>
>>> HTTP/1.1 401 Unauthorized
>>> Date: Tue, 26 Oct 2010 18:56:02 GMT
>>> Server: hi
>>> Status: 401 Unauthorized
>>> X-Transaction: 1288119362-88573-53455
>>> Last-Modified: Tue, 26 Oct 2010 18:56:02 GMT
>>> X-Runtime: 0.01085
>>> Content-Type: text/html; charset=utf-8
>>> Content-Length: 44
>>> Pragma: no-cache
>>> X-Revision: DEV
>>> Expires: Tue, 31 Mar 1981 05:00:00 GMT
>>> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
>>> check=0
>>> Set-Cookie: k=87.60.166.192.1288119362316968; path=/; expires=Tue, 02-
>>> Nov-10 18:56:02 GMT; domain=.twitter.com
>>> Set-Cookie: guest_id=128811936237445035; path=/; expires=Thu, 25 Nov
>>> 2010 18:56:02 GMT
>>> Set-Cookie:
>>> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEij5ekrAToHaWQiJTYxZjRmNzM4OTYwNzBl
>>> %250AMzA3NWRlY2VhZTI1NDFhZGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
>>> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--560f0521cbaf0946beaf5055905d 
>>> 6d07c1deb378;
>>> domain=.twitter.com; path=/
>>> Vary: Accept-Encoding
>>> Connection: close
>>
>>> Failed to validate oauth signature and token
>>
>>> Can anyone see what's wrong?
> 

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Failed to validate oauth signature and token - C# .Net

[MartinHN]

Signature base:

POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fyakinix.web%2Foauth
%2Fcallback%26oauth_consumer_key%3D6lu1o0Jd01UoBPIvdohog%26oauth_nonce
%3Df35812a9-39e7-41f4-b2aa-e08bae349f60%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1288120763%26oauth_version%3D1.0

New timestamp and nonce, since I copied the above from a new request.

On Oct 26, 9:06 pm, Tom van der Woerdt  wrote:
> You're probably not creating a signature the right way. What is your
> base string?
>
> Tom
>
> On 10/26/10 9:01 PM, MartinHN wrote:
>
>
>
>
>
>
>
> > Hi
>
> > I'm getting the Failed to validate oauth signature and token error,
> > and I really don't know what I'm doing wrong.
>
> > Here are the request and responses, hope someone can figure out what's
> > wrong:
>
> > Request:
>
> > POSThttps://api.twitter.com/oauth/request_tokenHTTP/1.1
> > Content-Type: application/x-www-form-urlencoded
> > Authorization: OAuth oauth_nonce="63b2a5f9-
> > c84c-4139-9e72-09704f8c460f", oauth_callback="http%3A%2F%2Fyakinix.web
> > %2Foauth%2Fcallback", oauth_signature_method="HMAC-SHA1",
> > oauth_timestamp="1288119361",
> > oauth_consumer_key="6lu1o0Jd01UoBPIvdohog",
> > oauth_signature="vI8MaCVg7XciXIeIay%2Bg%2BXGiflM%3D",
> > oauth_version="1.0"
> > Host: api.twitter.com
> > Content-Length: 0
> > Connection: Keep-Alive
>
> > Response:
>
> > HTTP/1.1 401 Unauthorized
> > Date: Tue, 26 Oct 2010 18:56:02 GMT
> > Server: hi
> > Status: 401 Unauthorized
> > X-Transaction: 1288119362-88573-53455
> > Last-Modified: Tue, 26 Oct 2010 18:56:02 GMT
> > X-Runtime: 0.01085
> > Content-Type: text/html; charset=utf-8
> > Content-Length: 44
> > Pragma: no-cache
> > X-Revision: DEV
> > Expires: Tue, 31 Mar 1981 05:00:00 GMT
> > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> > check=0
> > Set-Cookie: k=87.60.166.192.1288119362316968; path=/; expires=Tue, 02-
> > Nov-10 18:56:02 GMT; domain=.twitter.com
> > Set-Cookie: guest_id=128811936237445035; path=/; expires=Thu, 25 Nov
> > 2010 18:56:02 GMT
> > Set-Cookie:
> > _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEij5ekrAToHaWQiJTYxZjRmNzM4OTYwNzBl
> > %250AMzA3NWRlY2VhZTI1NDFhZGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> > %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--560f0521cbaf0946beaf5055905d 
> > 6d07c1deb378;
> > domain=.twitter.com; path=/
> > Vary: Accept-Encoding
> > Connection: close
>
> > Failed to validate oauth signature and token
>
> > Can anyone see what's wrong?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[mlowicki]

It works for me now! This is the final script:

var username = encodeURIComponent(cfg.username),
password = encodeURIComponent(cfg.password),
url = "https://api.twitter.com/oauth/access_token";,
timestamp = Math.round((new Date()).getTime() / 1000),
nonce = Math.random();

var accessToken = ("oauth_consumer_key={key}" +
"&oauth_nonce={nonce}" +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp={timestamp}" +
"&oauth_version=1.0" +
"&x_auth_mode=client_auth" +
"&x_auth_password={password}" +
"&x_auth_username={username}").supplant({
key: CONSUMER_KEY,
nonce: nonce,
timestamp: timestamp,
password: password,
username: username
});

var baseString = "POST&" + encodeURIComponent(url) + "&" +
encodeURIComponent(accessToken);

var signature = encodeURIComponent(
b64_hmac_sha1(CONSUMER_SECRET + "&", baseString) + "=");

var authHeader = ("OAuth oauth_nonce=\"{nonce}\", " +
"oauth_signature_method=\"HMAC-SHA1\", " +
"oauth_timestamp=\"{timestamp}\", " +
"oauth_consumer_key=\"{key}\", " +
"oauth_signature=\"{signature}\", " +
"oauth_version=\"1.0\"").supplant({
nonce: nonce,
timestamp: timestamp,
key: CONSUMER_KEY,
signature: signature
});

new O.IO.Req({
url: url,
method: "POST",
data: "x_auth_username=" + username + "&x_auth_password=" +
password + "&" + "x_auth_mode=client_auth",
headers: [{
name: "Authorization",
val: authHeader
}],
onSuccess: {
fn: function(req) {
var data = {};

req.responseText.split("&").forEach(function(item) {
var parts = item.split("=");

switch(parts[0]) {
case "oauth_token":
data.token = parts[1];
break;
case "oauth_token_secret":
data.secret = parts[1];
break;
case "user_id":
data.userID = parts[1];
break;
case "screen_name":
data.screenName = parts[1];
break;
default:
break;
}
});

cfg.onSuccess.fn.call(cfg.onSuccess.scope, data);
}
},
onFailure: {
fn: function(req) {
cfg.onFailure.fn.call(cfg.onFailure.scope, req);
}
}});

On Sep 20, 1:51 pm, mlowicki  wrote:
> @Matt, can you provide some method for debugging my issue or some
> solution because with such error message as "Failed to validate oauth
> signature and token" my debugging now is more like guessing
>
> On Sep 20, 11:50 am, Tom van der Woerdt  wrote:
>
>
>
> > The only relevant part of my code :
> > $sig = base64_encode(hash_hmac('sha1', $baseString, $key, true));
>
> > Key and Base String are visible on the page itself ;-)
>
> > Tom
>
> > On Mon, 20 Sep 2010 01:59:14 -0700 (PDT), mlowicki 
> > wrote:
>
> > > When i'm usinghttp://quonos.nl/oauthTester/foroAuth validation with
> > > my code i get:
>
> > > Base String syntax: OK
>
> > > Method type: OK
>
> > > URL: OK
>
> > > Parameters syntax: O
>
> > > But when i replace my secret with
> > > "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> > > signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
>
> > > @Tom, can you show the source of your php script for validation?
>
> > > On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
> > >> Second part of the base string:
> > >> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > >> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > >> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > >> _auth_password=
> > >> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > >> Should be also URLEncoded
>
> > >> On Sep 18, 7:19 am, mlowicki  wrote:
>
> > >> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> > >> > (function() {
> > >> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> > >> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> > >> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> > >> > "&oauth_signature_method=HMAC-SHA1" +
> > >> > "&oauth_timestamp=1276101652" +
> > >> > "&oauth_version=1.0" +
> > >> > "&x_auth_mode=client_auth" +
> > >> > "&x_auth_password=%&123!aZ+()456242134" +
> > >> > "&x_auth_username=tpFriendlyGiant";
> > >> > var base_string = "POST&" +
> > >> > encodeURIComponent(
> > >> > "https://api.twitter.com/oauth/access_token";) + "&" +
> > >> > encodeURIComponent(access_token);
>
> > >> > console.debug("base_string", base_string);
> > >> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> > >> > })();
>
> > >> > This is my base_string:
>
> > >> > POST&https%3A%2F%2Fapi.twitter.com

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[mlowicki]

@Matt, can you provide some method for debugging my issue or some
solution because with such error message as "Failed to validate oauth
signature and token" my debugging now is more like guessing


On Sep 20, 11:50 am, Tom van der Woerdt  wrote:
> The only relevant part of my code :
> $sig = base64_encode(hash_hmac('sha1', $baseString, $key, true));
>
> Key and Base String are visible on the page itself ;-)
>
> Tom
>
> On Mon, 20 Sep 2010 01:59:14 -0700 (PDT), mlowicki 
> wrote:
>
>
>
> > When i'm usinghttp://quonos.nl/oauthTester/for oAuth validation with
> > my code i get:
>
> > Base String syntax: OK
>
> > Method type: OK
>
> > URL: OK
>
> > Parameters syntax: O
>
> > But when i replace my secret with
> > "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> > signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
>
> > @Tom, can you show the source of your php script for validation?
>
> > On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
> >> Second part of the base string:
> >> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> >> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> >> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> >> _auth_password=
> >> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> >> Should be also URLEncoded
>
> >> On Sep 18, 7:19 am, mlowicki  wrote:
>
> >> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> >> > (function() {
> >> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> >> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> >> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> >> > "&oauth_signature_method=HMAC-SHA1" +
> >> > "&oauth_timestamp=1276101652" +
> >> > "&oauth_version=1.0" +
> >> > "&x_auth_mode=client_auth" +
> >> > "&x_auth_password=%&123!aZ+()456242134" +
> >> > "&x_auth_username=tpFriendlyGiant";
> >> > var base_string = "POST&" +
> >> > encodeURIComponent(
> >> > "https://api.twitter.com/oauth/access_token";) + "&" +
> >> > encodeURIComponent(access_token);
>
> >> > console.debug("base_string", base_string);
> >> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> >> > })();
>
> >> > This is my base_string:
>
> >> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> >> >  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> >> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> >> >  _auth_password=
> >> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> >> > This on is from dev.twitter.com
>
> >> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> >> > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> >> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> >> > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> >> > %26x_auth_password%3D%2525%2526123%2521aZ%252B
> >> > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> >> > I found the differences in encoding %&123!aZ+() prefix from password
> >> > in base_string:
>
> >> > From dev.twitter.com/pages/xauth:
>
> >> > %2525%2526123%2521aZ%252B%2528%2529
>
> >> > From code above:
>
> >> > %25%26123!aZ%2B()
>
> >> > I use wrong encoding method then and encoding is wrong applied?
>
> >> > BR,
> >> > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[Tom van der Woerdt]

The only relevant part of my code :
$sig = base64_encode(hash_hmac('sha1', $baseString, $key, true));

Key and Base String are visible on the page itself ;-)

Tom


On Mon, 20 Sep 2010 01:59:14 -0700 (PDT), mlowicki 
wrote:
> When i'm using http://quonos.nl/oauthTester/ for oAuth validation with
> my code i get:
> 
> Base String syntax: OK
> 
> Method type: OK
> 
> URL: OK
> 
> Parameters syntax: O
> 
> But when i replace my secret with
> "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
> 
> @Tom, can you show the source of your php script for validation?
> 
> 
> On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
>> Second part of the base string:
>> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
>> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
>> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
>> _auth_password=
>> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>>
>> Should be also URLEncoded
>>
>> On Sep 18, 7:19 am, mlowicki  wrote:
>>
>>
>>
>> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>>
>> > (function() {
>> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
>> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
>> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
>> > "&oauth_signature_method=HMAC-SHA1" +
>> > "&oauth_timestamp=1276101652" +
>> > "&oauth_version=1.0" +
>> > "&x_auth_mode=client_auth" +
>> > "&x_auth_password=%&123!aZ+()456242134" +
>> > "&x_auth_username=tpFriendlyGiant";
>> > var base_string = "POST&" +
>> > encodeURIComponent(
>> > "https://api.twitter.com/oauth/access_token";) + "&" +
>> > encodeURIComponent(access_token);
>>
>> > console.debug("base_string", base_string);
>> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>>
>> > })();
>>
>> > This is my base_string:
>>
>> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
>> >  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
>> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
>> >  _auth_password=
>> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>>
>> > This on is from dev.twitter.com
>>
>> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
>> > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
>> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
>> > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
>> > %26x_auth_password%3D%2525%2526123%2521aZ%252B
>> > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>>
>> > I found the differences in encoding %&123!aZ+() prefix from password
>> > in base_string:
>>
>> > From dev.twitter.com/pages/xauth:
>>
>> > %2525%2526123%2521aZ%252B%2528%2529
>>
>> > From code above:
>>
>> > %25%26123!aZ%2B()
>>
>> > I use wrong encoding method then and encoding is wrong applied?
>>
>> > BR,
>> > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[mlowicki]

this is how my code looks like now:

var username = encodeURIComponent("user");
var password = encodeURIComponent("password");
var url = "https://api.twitter.com/oauth/access_token";;
var key = "key";
var secret = "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98";
var timestamp = Math.round((new Date()).getTime() / 1000);
var nonce = Math.random();

var access_token =  "oauth_consumer_key=" + key +
"&oauth_nonce=" + nonce +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp=" + timestamp +
"&oauth_version=1.0" +
"&x_auth_mode=client_auth" +
"&x_auth_password=" + password +
"&x_auth_username=" + username;



var base_string = "POST&" + encodeURIComponent(url) + "&" +
encodeURIComponent(access_token);

console.debug("base string", base_string);
var oauth_signature = b64_hmac_sha1(secret, base_string);
console.debug("signature", oauth_signature);
oauth_signature = encodeURIComponent(oauth_signature+"=");


On Sep 20, 10:59 am, mlowicki  wrote:
> When i'm usinghttp://quonos.nl/oauthTester/for oAuth validation with
> my code i get:
>
> Base String syntax: OK
>
> Method type: OK
>
> URL: OK
>
> Parameters syntax: O
>
> But when i replace my secret with
> "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
>
> @Tom, can you show the source of your php script for validation?
>
> On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
>
>
>
> > Second part of the base string:
> > oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > _auth_password=
> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > Should be also URLEncoded
>
> > On Sep 18, 7:19 am, mlowicki  wrote:
>
> > > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> > > (function() {
> > > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> > > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> > > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> > > "&oauth_signature_method=HMAC-SHA1" +
> > > "&oauth_timestamp=1276101652" +
> > > "&oauth_version=1.0" +
> > > "&x_auth_mode=client_auth" +
> > > "&x_auth_password=%&123!aZ+()456242134" +
> > > "&x_auth_username=tpFriendlyGiant";
> > > var base_string = "POST&" +
> > > encodeURIComponent(
> > > "https://api.twitter.com/oauth/access_token";) + "&" +
> > > encodeURIComponent(access_token);
>
> > > console.debug("base_string", base_string);
> > > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> > > })();
>
> > > This is my base_string:
>
> > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > >  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > >  _auth_password=
> > > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > > This on is from dev.twitter.com
>
> > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> > > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> > > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> > > %26x_auth_password%3D%2525%2526123%2521aZ%252B
> > > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> > > I found the differences in encoding %&123!aZ+() prefix from password
> > > in base_string:
>
> > > From dev.twitter.com/pages/xauth:
>
> > > %2525%2526123%2521aZ%252B%2528%2529
>
> > > From code above:
>
> > > %25%26123!aZ%2B()
>
> > > I use wrong encoding method then and encoding is wrong applied?
>
> > > BR,
> > > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[mlowicki]

When i'm using http://quonos.nl/oauthTester/ for oAuth validation with
my code i get:

Base String syntax: OK

Method type: OK

URL: OK

Parameters syntax: O

But when i replace my secret with
"MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo

@Tom, can you show the source of your php script for validation?


On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
> Second part of the base string:
> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> _auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> Should be also URLEncoded
>
> On Sep 18, 7:19 am, mlowicki  wrote:
>
>
>
> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> > (function() {
> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> > "&oauth_signature_method=HMAC-SHA1" +
> > "&oauth_timestamp=1276101652" +
> > "&oauth_version=1.0" +
> > "&x_auth_mode=client_auth" +
> > "&x_auth_password=%&123!aZ+()456242134" +
> > "&x_auth_username=tpFriendlyGiant";
> > var base_string = "POST&" +
> > encodeURIComponent(
> > "https://api.twitter.com/oauth/access_token";) + "&" +
> > encodeURIComponent(access_token);
>
> > console.debug("base_string", base_string);
> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> > })();
>
> > This is my base_string:
>
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob 
> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x 
> > _auth_password=
> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > This on is from dev.twitter.com
>
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> > %26x_auth_password%3D%2525%2526123%2521aZ%252B
> > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> > I found the differences in encoding %&123!aZ+() prefix from password
> > in base_string:
>
> > From dev.twitter.com/pages/xauth:
>
> > %2525%2526123%2521aZ%252B%2528%2529
>
> > From code above:
>
> > %25%26123!aZ%2B()
>
> > I use wrong encoding method then and encoding is wrong applied?
>
> > BR,
> > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[Nikolay Klimchuk]

You need to URLEndcode password and user name
And then URLEncode entire base string one more time

On Sep 18, 5:55 pm, Tom van der Woerdt  wrote:
> Nikolay,
>
> If you look at the code, you'll see that it's already passed through the URL 
> encode function, but it doesn't do a thing. I'd say that the issue is at that 
> function.
>
> Tom
>
> On Sep 18, 2010, at 11:41 PM, Nikolay Klimchuk  wrote:
>
>
>
> > Second part of the base string:
> > oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > _auth_password=
> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > Should be also URLEncoded
>
> > On Sep 18, 7:19 am, mlowicki  wrote:
> >> I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> >> (function() {
> >> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> >> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> >> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> >> "&oauth_signature_method=HMAC-SHA1" +
> >> "&oauth_timestamp=1276101652" +
> >> "&oauth_version=1.0" +
> >> "&x_auth_mode=client_auth" +
> >> "&x_auth_password=%&123!aZ+()456242134" +
> >> "&x_auth_username=tpFriendlyGiant";
> >> var base_string = "POST&" +
> >> encodeURIComponent(
> >> "https://api.twitter.com/oauth/access_token";) + "&" +
> >> encodeURIComponent(access_token);
>
> >> console.debug("base_string", base_string);
> >> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> >> })();
>
> >> This is my base_string:
>
> >> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> >>  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> >> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> >>  _auth_password=
> >> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> >> This on is from dev.twitter.com
>
> >> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> >> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> >> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> >> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> >> %26x_auth_password%3D%2525%2526123%2521aZ%252B
> >> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> >> I found the differences in encoding %&123!aZ+() prefix from password
> >> in base_string:
>
> >> From dev.twitter.com/pages/xauth:
>
> >> %2525%2526123%2521aZ%252B%2528%2529
>
> >> From code above:
>
> >> %25%26123!aZ%2B()
>
> >> I use wrong encoding method then and encoding is wrong applied?
>
> >> BR,
> >> Michał Łowicki
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this 
> > group:http://groups.google.com/group/twitter-development-talk?hl=en

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[Tom van der Woerdt]

Nikolay,

If you look at the code, you'll see that it's already passed through the URL 
encode function, but it doesn't do a thing. I'd say that the issue is at that 
function.

Tom


On Sep 18, 2010, at 11:41 PM, Nikolay Klimchuk  wrote:

> Second part of the base string:
> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> _auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
> 
> Should be also URLEncoded
> 
> On Sep 18, 7:19 am, mlowicki  wrote:
>> I tried with data fromhttp://dev.twitter.com/pages/xauth:
>> 
>> (function() {
>> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
>> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
>> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
>> "&oauth_signature_method=HMAC-SHA1" +
>> "&oauth_timestamp=1276101652" +
>> "&oauth_version=1.0" +
>> "&x_auth_mode=client_auth" +
>> "&x_auth_password=%&123!aZ+()456242134" +
>> "&x_auth_username=tpFriendlyGiant";
>> var base_string = "POST&" +
>> encodeURIComponent(
>> "https://api.twitter.com/oauth/access_token";) + "&" +
>> encodeURIComponent(access_token);
>> 
>> console.debug("base_string", base_string);
>> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>> 
>> })();
>> 
>> This is my base_string:
>> 
>> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob 
>> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
>> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x 
>> _auth_password=
>> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>> 
>> This on is from dev.twitter.com
>> 
>> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
>> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
>> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
>> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
>> %26x_auth_password%3D%2525%2526123%2521aZ%252B
>> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>> 
>> I found the differences in encoding %&123!aZ+() prefix from password
>> in base_string:
>> 
>> From dev.twitter.com/pages/xauth:
>> 
>> %2525%2526123%2521aZ%252B%2528%2529
>> 
>> From code above:
>> 
>> %25%26123!aZ%2B()
>> 
>> I use wrong encoding method then and encoding is wrong applied?
>> 
>> BR,
>> Michał Łowicki
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk?hl=en

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[Nikolay Klimchuk]

Second part of the base string:
oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
_auth_password=
%25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant

Should be also URLEncoded

On Sep 18, 7:19 am, mlowicki  wrote:
> I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> (function() {
> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> "&oauth_signature_method=HMAC-SHA1" +
> "&oauth_timestamp=1276101652" +
> "&oauth_version=1.0" +
> "&x_auth_mode=client_auth" +
> "&x_auth_password=%&123!aZ+()456242134" +
> "&x_auth_username=tpFriendlyGiant";
> var base_string = "POST&" +
> encodeURIComponent(
> "https://api.twitter.com/oauth/access_token";) + "&" +
> encodeURIComponent(access_token);
>
> console.debug("base_string", base_string);
> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> })();
>
> This is my base_string:
>
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob 
> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x 
> _auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> This on is from dev.twitter.com
>
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> %26x_auth_password%3D%2525%2526123%2521aZ%252B
> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> I found the differences in encoding %&123!aZ+() prefix from password
> in base_string:
>
> From dev.twitter.com/pages/xauth:
>
> %2525%2526123%2521aZ%252B%2528%2529
>
> From code above:
>
> %25%26123!aZ%2B()
>
> I use wrong encoding method then and encoding is wrong applied?
>
> BR,
> Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[Tom van der Woerdt]

Hi,

You can verify your Base String using my OAuth Validator,


To answer your question: it *looks* like your encodeURIComponent
function doesn't do its work properly.

Tom


On 9/18/10 1:19 PM, mlowicki wrote:
> I tried with data from http://dev.twitter.com/pages/xauth:
> 
> (function() {
> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> "&oauth_signature_method=HMAC-SHA1" +
> "&oauth_timestamp=1276101652" +
> "&oauth_version=1.0" +
> "&x_auth_mode=client_auth" +
> "&x_auth_password=%&123!aZ+()456242134" +
> "&x_auth_username=tpFriendlyGiant";
> var base_string = "POST&" +
> encodeURIComponent(
> "https://api.twitter.com/oauth/access_token";) + "&" +
> encodeURIComponent(access_token);
> 
> console.debug("base_string", base_string);
> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
> })();
> 
> 
> This is my base_string:
> 
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
> 
> This on is from dev.twitter.com
> 
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> %26x_auth_password%3D%2525%2526123%2521aZ%252B
> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
> 
> 
> I found the differences in encoding %&123!aZ+() prefix from password
> in base_string:
> 
> From dev.twitter.com/pages/xauth:
> 
> %2525%2526123%2521aZ%252B%2528%2529
> 
> From code above:
> 
> %25%26123!aZ%2B()
> 
> I use wrong encoding method then and encoding is wrong applied?
> 
> BR,
> Michał Łowicki
> 

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

[mlowicki]

I tried with data from http://dev.twitter.com/pages/xauth:

(function() {
var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
"&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp=1276101652" +
"&oauth_version=1.0" +
"&x_auth_mode=client_auth" +
"&x_auth_password=%&123!aZ+()456242134" +
"&x_auth_username=tpFriendlyGiant";
var base_string = "POST&" +
encodeURIComponent(
"https://api.twitter.com/oauth/access_token";) + "&" +
encodeURIComponent(access_token);

console.debug("base_string", base_string);
console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
})();


This is my base_string:

POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=
%25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant

This on is from dev.twitter.com

POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
%26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3D%2525%2526123%2521aZ%252B
%2528%2529456242134%26x_auth_username%3DtpFriendlyGiant


I found the differences in encoding %&123!aZ+() prefix from password
in base_string:

>From dev.twitter.com/pages/xauth:

%2525%2526123%2521aZ%252B%2528%2529

>From code above:

%25%26123!aZ%2B()

I use wrong encoding method then and encoding is wrong applied?

BR,
Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: Failed to validate oauth signature and token

[Dommer]

I messed around with hand-endcoding oauth urls as well and finally
gave up.

There are a plethora of APIs out there that take care of all this for
you.
Personally I am using @anywhere on the client and twitter4j on the
server.

Really seamless, and now I can focus my app (www.standard3d.com).


On Aug 12, 8:09 am, Lumpizaver  wrote:
> I cannot get the oAuth to work properly.
>
> I am trying to get a web response of a string that looks like 
> this:https://twitter.com/oauth/request_token?
> oauth_callback=http://win.plane.si/TwittRank/tweets.aspx
> &oauth_consumer_key=[MY CONSUMER KEY]
> &oauth_nonce=8536829
> &oauth_signature_method=HMAC-SHA1
> &oauth_timestamp=1281614745
> &oauth_token=[MY ACCESS TOKEN]
> &oauth_version=1.0
> &oauth_signature=OTNQE/CGAcVemax9egTA5LFw04w=}
>
> I get the exception: The remote server returned an error: (401)
> Unauthorized.
>
> If I visit the URL above in browser i get:
>
> Failed to validate oauth signature and token
>
> Thanks for your help.
>
> Jure

[twitter-dev] Re: Failed to validate oauth signature and token with xauth

[David Tavárez]

How looks the final code?

On Jul 6, 1:19 pm, ntortarolo  wrote:
> Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
> base64 encoding, on my ajax call with jquery something wrong happened,
> i have changed it to HttpRequest of firefox component and it works. My
> app is an addon for firefox and its client side (javascript and xul).
> I know its not secure having there the consumer secret but i dont have
> another way to do it.
> I get access token right, but now i have another problem, i dont know
> exactly what parameters i must add for a call, for example calling
> friends timeline, i have seen tutorials aboutxauthbut i get this
> response "could not authenticate with oauth".
> Sorry of my english.
>
> Thanks, Nadia
>
> On Jun 24, 5:58 pm, Taylor Singletary 
> wrote:
>
> > Hi there,
>
> > Are you still having this issue?
>
> > In the past when I've seen other developers having issues accomplishing this
> > in Javascript, it's come down to an issue in the library used for HMAC-SHA1
> > and Base64 encoding. While it works in most conditions, there are apparently
> > some edge cases where it does the wrong thing. I generally don't advocate
> > using Javascript and OAuth together for a variety of reasons. Have you tried
> > tracing the request to see exactly the HTTP request being sent to the
> > server?
>
> > Are you writing a browser extension or WebOS app? If the former, how are you
> > keeping your consumer secret at least somewhat secured?
>
> > Have you tried other requests using an access token obtained through other
> > means?
>
> > Taylor
>
> > On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo  wrote:
> > > Hi, i have problem requesting an access_token, i think my source is
> > > right, i dont know where is the problem, i have maken some test with
> > > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> > >http://dev.twitter.com/pages/xauthandi get the same oauth_signature
> > > shown there so i think problem is not there when i use the real
> > > base_string, my oauth_consumer_key and oauth_consumer_secret.
> > >        My source is this, i hope someone can help me (to preserve my 
> > > secret
> > > and key i will put the same as the ones used on
> > >http://dev.twitter.com/pages/xauth)
>
> > >        xauth: functionxauth()
> > >        {
>
> > >         var username = encodeURIComponent(""),
> > >             password = encodeURIComponent(""),
> > >             url= "https://api.twitter.com/oauth/access_token";,
> > >             key = "sGNxxnqgZRHUt6NunK3uw",
> > >             timestamp = (new Date()).getTime(),
> > >             nonce = Math.random();
>
> > >        var access_token = "oauth_consumer_key=" + key +
> > >        "&oauth_nonce=" + nonce +
> > >        "&oauth_signature_method=HMAC-SHA1" +
> > >        "&oauth_timestamp=" + timestamp +
> > >        "&oauth_version=1.0" +
> > >        "&x_auth_mode=client_auth" +
> > >        "&x_auth_password=" + password +
> > >        "&x_auth_username=" + username;
>
> > >        var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > > encodeURIComponent(access_token);
>
> > >        var oauth_signature =
> > > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > > base_string);
>
> > >        oauth_signature = encodeURIComponent(oauth_signature+"=");
>
> > >        var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> > >        ', oauth_signature_method="HMAC-SHA1"' +
> > >        ', oauth_timestamp="' + timestamp + '"' +
> > >        ', oauth_consumer_key="' + key + '"' +
> > >        ', oauth_signature="' + oauth_signature + '"' +
> > >        ', oauth_version="1.0"';
>
> > >        $.ajax({
> > >             url:url,
> > >             method: "POST",
> > >             data: {
> > >                     x_auth_username: username,
> > >                     x_auth_password: password,
> > >                     x_auth_mode: "client_auth"
> > >             },
> > >             beforeSend: function(xhr){
> > >                     xhr.setRequestHeader("Authorization", auth_header);
> > >             },
> > >             success: function(data){
> > >                     alert(data);
> > >             },
> > >             error: function(xhr){
> > >                     alert(xhr.responseText);
> > >             }
> > >        }) ;
>
> > >        * What language or library are you using? What versions?
> > >          i'm using it on javascript
>
> > >        * What oauth application is this for?
> > >        http://twitter.com/apps/edit/181924

Re: [twitter-dev] Re: Failed to validate oauth signature and token with xauth

[Matt Harris]

Thanks for sharing the solution. Glad it's all working for you now.
Matt

On Tue, Jul 6, 2010 at 4:24 PM, ntortarolo  wrote:

> I have just fixed my last error. My oauth_token wasnt in correct orden
> on my base string.
> Thanks!
>
> On Jul 6, 2:19 pm, ntortarolo  wrote:
> > Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
> > base64 encoding, on my ajax call with jquery something wrong happened,
> > i have changed it to HttpRequest of firefox component and it works. My
> > app is an addon for firefox and its client side (javascript and xul).
> > I know its not secure having there the consumer secret but i dont have
> > another way to do it.
> > I get access token right, but now i have another problem, i dont know
> > exactly what parameters i must add for a call, for example calling
> > friends timeline, i have seen tutorials about xauth but i get this
> > response "could not authenticate with oauth".
> > Sorry of my english.
> >
> > Thanks, Nadia
> >
> > On Jun 24, 5:58 pm, Taylor Singletary 
> > wrote:
> >
> > > Hi there,
> >
> > > Are you still having this issue?
> >
> > > In the past when I've seen other developers having issues accomplishing
> this
> > > in Javascript, it's come down to an issue in the library used for
> HMAC-SHA1
> > > and Base64 encoding. While it works in most conditions, there are
> apparently
> > > some edge cases where it does the wrong thing. I generally don't
> advocate
> > > using Javascript and OAuth together for a variety of reasons. Have you
> tried
> > > tracing the request to see exactly the HTTP request being sent to the
> > > server?
> >
> > > Are you writing a browser extension or WebOS app? If the former, how
> are you
> > > keeping your consumer secret at least somewhat secured?
> >
> > > Have you tried other requests using an access token obtained through
> other
> > > means?
> >
> > > Taylor
> >
> > > On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo 
> wrote:
> > > > Hi, i have problem requesting an access_token, i think my source is
> > > > right, i dont know where is the problem, i have maken some test with
> > > > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> > > >http://dev.twitter.com/pages/xauthandi get the same oauth_signature
> > > > shown there so i think problem is not there when i use the real
> > > > base_string, my oauth_consumer_key and oauth_consumer_secret.
> > > >My source is this, i hope someone can help me (to preserve my
> secret
> > > > and key i will put the same as the ones used on
> > > >http://dev.twitter.com/pages/xauth)
> >
> > > >xauth: function xauth()
> > > >{
> >
> > > > var username = encodeURIComponent(""),
> > > > password = encodeURIComponent(""),
> > > > url= "https://api.twitter.com/oauth/access_token";,
> > > > key = "sGNxxnqgZRHUt6NunK3uw",
> > > > timestamp = (new Date()).getTime(),
> > > > nonce = Math.random();
> >
> > > >var access_token = "oauth_consumer_key=" + key +
> > > >"&oauth_nonce=" + nonce +
> > > >"&oauth_signature_method=HMAC-SHA1" +
> > > >"&oauth_timestamp=" + timestamp +
> > > >"&oauth_version=1.0" +
> > > >"&x_auth_mode=client_auth" +
> > > >"&x_auth_password=" + password +
> > > >"&x_auth_username=" + username;
> >
> > > >var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > > > encodeURIComponent(access_token);
> >
> > > >var oauth_signature =
> > > > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > > > base_string);
> >
> > > >oauth_signature = encodeURIComponent(oauth_signature+"=");
> >
> > > >var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> > > >', oauth_signature_method="HMAC-SHA1"' +
> > > >', oauth_timestamp="' + timestamp + '"' +
> > > >', oauth_consumer_key="' + key + '"' +
> > > >', oauth_signature="' + oauth_signature + '"' +
> > > >', oauth_version="1.0"';
> >
> > > >$.ajax({
> > > > url:url,
> > > > method: "POST",
> > > > data: {
> > > > x_auth_username: username,
> > > > x_auth_password: password,
> > > > x_auth_mode: "client_auth"
> > > > },
> > > > beforeSend: function(xhr){
> > > > xhr.setRequestHeader("Authorization",
> auth_header);
> > > > },
> > > > success: function(data){
> > > > alert(data);
> > > > },
> > > > error: function(xhr){
> > > > alert(xhr.responseText);
> > > > }
> > > >}) ;
> >
> > > >* What language or library are you using? What versions?
> > > >  i'm using it on javascript
> >
> > > >* What oauth application is this for?
> > > >http://twitter.com/apps/edit/181924
> >
> >
>



-- 

[twitter-dev] Re: Failed to validate oauth signature and token with xauth

[ntortarolo]

I have just fixed my last error. My oauth_token wasnt in correct orden
on my base string.
Thanks!

On Jul 6, 2:19 pm, ntortarolo  wrote:
> Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
> base64 encoding, on my ajax call with jquery something wrong happened,
> i have changed it to HttpRequest of firefox component and it works. My
> app is an addon for firefox and its client side (javascript and xul).
> I know its not secure having there the consumer secret but i dont have
> another way to do it.
> I get access token right, but now i have another problem, i dont know
> exactly what parameters i must add for a call, for example calling
> friends timeline, i have seen tutorials about xauth but i get this
> response "could not authenticate with oauth".
> Sorry of my english.
>
> Thanks, Nadia
>
> On Jun 24, 5:58 pm, Taylor Singletary 
> wrote:
>
> > Hi there,
>
> > Are you still having this issue?
>
> > In the past when I've seen other developers having issues accomplishing this
> > in Javascript, it's come down to an issue in the library used for HMAC-SHA1
> > and Base64 encoding. While it works in most conditions, there are apparently
> > some edge cases where it does the wrong thing. I generally don't advocate
> > using Javascript and OAuth together for a variety of reasons. Have you tried
> > tracing the request to see exactly the HTTP request being sent to the
> > server?
>
> > Are you writing a browser extension or WebOS app? If the former, how are you
> > keeping your consumer secret at least somewhat secured?
>
> > Have you tried other requests using an access token obtained through other
> > means?
>
> > Taylor
>
> > On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo  wrote:
> > > Hi, i have problem requesting an access_token, i think my source is
> > > right, i dont know where is the problem, i have maken some test with
> > > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> > >http://dev.twitter.com/pages/xauthandi get the same oauth_signature
> > > shown there so i think problem is not there when i use the real
> > > base_string, my oauth_consumer_key and oauth_consumer_secret.
> > >        My source is this, i hope someone can help me (to preserve my 
> > > secret
> > > and key i will put the same as the ones used on
> > >http://dev.twitter.com/pages/xauth)
>
> > >        xauth: function xauth()
> > >        {
>
> > >         var username = encodeURIComponent(""),
> > >             password = encodeURIComponent(""),
> > >             url= "https://api.twitter.com/oauth/access_token";,
> > >             key = "sGNxxnqgZRHUt6NunK3uw",
> > >             timestamp = (new Date()).getTime(),
> > >             nonce = Math.random();
>
> > >        var access_token = "oauth_consumer_key=" + key +
> > >        "&oauth_nonce=" + nonce +
> > >        "&oauth_signature_method=HMAC-SHA1" +
> > >        "&oauth_timestamp=" + timestamp +
> > >        "&oauth_version=1.0" +
> > >        "&x_auth_mode=client_auth" +
> > >        "&x_auth_password=" + password +
> > >        "&x_auth_username=" + username;
>
> > >        var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > > encodeURIComponent(access_token);
>
> > >        var oauth_signature =
> > > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > > base_string);
>
> > >        oauth_signature = encodeURIComponent(oauth_signature+"=");
>
> > >        var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> > >        ', oauth_signature_method="HMAC-SHA1"' +
> > >        ', oauth_timestamp="' + timestamp + '"' +
> > >        ', oauth_consumer_key="' + key + '"' +
> > >        ', oauth_signature="' + oauth_signature + '"' +
> > >        ', oauth_version="1.0"';
>
> > >        $.ajax({
> > >             url:url,
> > >             method: "POST",
> > >             data: {
> > >                     x_auth_username: username,
> > >                     x_auth_password: password,
> > >                     x_auth_mode: "client_auth"
> > >             },
> > >             beforeSend: function(xhr){
> > >                     xhr.setRequestHeader("Authorization", auth_header);
> > >             },
> > >             success: function(data){
> > >                     alert(data);
> > >             },
> > >             error: function(xhr){
> > >                     alert(xhr.responseText);
> > >             }
> > >        }) ;
>
> > >        * What language or library are you using? What versions?
> > >          i'm using it on javascript
>
> > >        * What oauth application is this for?
> > >        http://twitter.com/apps/edit/181924
>
>

[twitter-dev] Re: "Failed to validate oauth signature and token" using ColdFusion8

[Carlos Villarreal Mora]

Thanks Raffi,

I'll check that library out. I didn't know there were libraries I
could use.

On Jul 6, 7:23 am, Raffi Krikorian  wrote:
> hi carlos.
>
> i'm sorry that i'm not sure i can help to debug this code right now.  if you
> are going to insist on creating your own functions to do the oauth
> signature, please 
> consulthttp://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> its a great interactive walk through.  however, i would
> *strongly* recommend using a library if possible.  a simple google search
> turned uphttp://oauth.riaforge.org/.
>
> On Mon, Jul 5, 2010 at 10:42 AM, Carlos Villarreal Mora 
> wrote:
>
>
>
> > Hello I've been trying to solve this since Friday to no avail. I've
> > searched and used tips from a bunch of other discussions here but I
> > still haven't gotten it right.
>
> > I'm using ColdFusion 8 to generate my OAuth signature. These are the
> > tweaks I've done from tips in this discussion list:
> > 1) For the timestamp I convert to UTC time with this function:
> >        var nowUTC = dateConvert('local2UTC', now());
> >        var epochStart = CreateDateTime('1970','1','1','00','00','00');
> >        var timestamp = dateDiff("s", epochStart, nowUTC);
>
> >        This results in these values:
> >        nowUTC = {ts '2010-07-05 17:22:30'}
> >        epochStart = {ts '1970-01-01 00:00:00'}
> >        timestamp = 1278346950
>
> > 2) For the Nonce I use ColdFusion's createUUID function and then,
> > based on this (http://www.cflib.org/udf/CreateGUID) from CFLib.org I
> > convert that UUID into a GUID like so:
> >        var uuid = createUUID();
> >        //Convert the UUID to a GUID by inserting a dash in the 23rd
> > position
> >        var nonce = insert("-", uuid, 23);
>
> >        This is an example of a resulting nonce:
> >        A3A1648E-F1F0-4032-75F4-712F676BE7E6
>
> > 3) The most difficult part, and where I'm sure the error is, is the
> > SHA1 hashing, ColdFusion sucks at it so I'm using Java in the
> > function:
> >         > output="false">
> >                 > required="true" />
> >                 > />
> >                
> >                        var jMsg =
> > javaCast("string",arguments.signMessage).getBytes("UTF8");
> >                        var jKey =
> > javaCast("string",arguments.signKey).getBytes("UTF8");
> >                        var key  =
> > createObject("java","javax.crypto.spec.SecretKeySpec");
> >                        var mac  = createObject("java","javax.crypto.Mac");
> >                        var ret  = "";
>
> >                        key = key.init(jKey,"HmacSHA1");
> >                        mac = mac.getInstance(key.getAlgorithm());
> >                        mac.init(key);
> >                        mac.update(jMsg);
>
> >                        ret = lCase(binaryEncode(mac.doFinal(), 'Hex'));
>
> >                        return(ret);
> >                
> >        
>
> > When I sign the base using my Consumer Secret appended by a "&" using
> > this function the result is something like this:
> > 01eb730a110b1e09ccc9bbff9dbca73c5047f4d4
>
> > Here's the Signature Base and the Header I create (my consumer key is
> > masked for security reasons):
> > - Signature Base:
> > POST&https%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest
> > %5Ftoken&oauth_callback%3Dhttp%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom
> > %2FTwitter%2FoAuth%2Ecfm%26oauth_consumer_key%3D
> > %26oauth_nonce%3DA394B8B8-
> > F1F0-4032-72C8-701CEC482A20%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1278328119
>
> > - OAuht Authorization Header:
> > OAuth oauth_nonce="A394B8B8-F1F0-4032-72C8-701CEC482A20",
> > oauth_callback="http%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom%2FTwitter
> > %2FoAuth%2Ecfm", oauth_signature_method="HMAC-SHA1",
> > oauth_timestamp="1278328119", oauth_consumer_key="xxx",
> > oauth_signature="4799dd5a6891474d603a3546c14e9b41ea47088d",
> > oauth_version="1.0"
>
> > There are no line breaks in either of them btw. Can anybody help me
> > with this? Try as I might I haven't been able to get beyond the
> > "Failed to validate oauth signature and token" response.
>
> > Thank you.
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi

[twitter-dev] Re: Failed to validate oauth signature and token with xauth

[ntortarolo]

Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
base64 encoding, on my ajax call with jquery something wrong happened,
i have changed it to HttpRequest of firefox component and it works. My
app is an addon for firefox and its client side (javascript and xul).
I know its not secure having there the consumer secret but i dont have
another way to do it.
I get access token right, but now i have another problem, i dont know
exactly what parameters i must add for a call, for example calling
friends timeline, i have seen tutorials about xauth but i get this
response "could not authenticate with oauth".
Sorry of my english.

Thanks, Nadia

On Jun 24, 5:58 pm, Taylor Singletary 
wrote:
> Hi there,
>
> Are you still having this issue?
>
> In the past when I've seen other developers having issues accomplishing this
> in Javascript, it's come down to an issue in the library used for HMAC-SHA1
> and Base64 encoding. While it works in most conditions, there are apparently
> some edge cases where it does the wrong thing. I generally don't advocate
> using Javascript and OAuth together for a variety of reasons. Have you tried
> tracing the request to see exactly the HTTP request being sent to the
> server?
>
> Are you writing a browser extension or WebOS app? If the former, how are you
> keeping your consumer secret at least somewhat secured?
>
> Have you tried other requests using an access token obtained through other
> means?
>
> Taylor
>
> On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo  wrote:
> > Hi, i have problem requesting an access_token, i think my source is
> > right, i dont know where is the problem, i have maken some test with
> > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> >http://dev.twitter.com/pages/xauthand i get the same oauth_signature
> > shown there so i think problem is not there when i use the real
> > base_string, my oauth_consumer_key and oauth_consumer_secret.
> >        My source is this, i hope someone can help me (to preserve my secret
> > and key i will put the same as the ones used on
> >http://dev.twitter.com/pages/xauth)
>
> >        xauth: function xauth()
> >        {
>
> >         var username = encodeURIComponent(""),
> >             password = encodeURIComponent(""),
> >             url= "https://api.twitter.com/oauth/access_token";,
> >             key = "sGNxxnqgZRHUt6NunK3uw",
> >             timestamp = (new Date()).getTime(),
> >             nonce = Math.random();
>
> >        var access_token = "oauth_consumer_key=" + key +
> >        "&oauth_nonce=" + nonce +
> >        "&oauth_signature_method=HMAC-SHA1" +
> >        "&oauth_timestamp=" + timestamp +
> >        "&oauth_version=1.0" +
> >        "&x_auth_mode=client_auth" +
> >        "&x_auth_password=" + password +
> >        "&x_auth_username=" + username;
>
> >        var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > encodeURIComponent(access_token);
>
> >        var oauth_signature =
> > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > base_string);
>
> >        oauth_signature = encodeURIComponent(oauth_signature+"=");
>
> >        var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> >        ', oauth_signature_method="HMAC-SHA1"' +
> >        ', oauth_timestamp="' + timestamp + '"' +
> >        ', oauth_consumer_key="' + key + '"' +
> >        ', oauth_signature="' + oauth_signature + '"' +
> >        ', oauth_version="1.0"';
>
> >        $.ajax({
> >             url:url,
> >             method: "POST",
> >             data: {
> >                     x_auth_username: username,
> >                     x_auth_password: password,
> >                     x_auth_mode: "client_auth"
> >             },
> >             beforeSend: function(xhr){
> >                     xhr.setRequestHeader("Authorization", auth_header);
> >             },
> >             success: function(data){
> >                     alert(data);
> >             },
> >             error: function(xhr){
> >                     alert(xhr.responseText);
> >             }
> >        }) ;
>
> >        * What language or library are you using? What versions?
> >          i'm using it on javascript
>
> >        * What oauth application is this for?
> >        http://twitter.com/apps/edit/181924
>
>

Re: [twitter-dev] Re: Failed to validate oauth signature and token

[ryan alford]

Yeah, the Nonce needs to be a unique value.  If your language can create
GUIDs, that might be the best option.

Ryan

On Sat, Jan 16, 2010 at 11:11 PM, eco_bach  wrote:

> solved, apparently my oauth_nonce value was incorrect, I assumed it
> was simply a random string and I didn't use the mx.utils.UIDUtil class
> to generate.
> I'll try also switching the order so the signature is at the end.
>

[twitter-dev] Re: Failed to validate oauth signature and token

[eco_bach]

solved, apparently my oauth_nonce value was incorrect, I assumed it
was simply a random string and I didn't use the mx.utils.UIDUtil class
to generate.
I'll try also switching the order so the signature is at the end.

Re: [twitter-dev] Re: "Failed to validate oauth signature and token" error

[Raffi Krikorian]

>
> > not right now.
>
> hmm, if it is so then how does the "python-twitter" (http://
> code.google.com/p/python-twitter/) work? it allows posting messages
> and much more without the browser. maybe i missed smth...
> thank you for clarifications.
>

python twitter, i assume, is using basic authentication for its interactions
with the Twitter API.  this, however, has the disadvantages -
http://apiwiki.twitter.com/OAuth+Example+-+Ruby (see the "what does oauth
give me").

-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

[twitter-dev] Re: "Failed to validate oauth signature and token" error

[varnie]

On Dec 30, 2:07 am, Raffi Krikorian  wrote:
> not right now.

hmm, if it is so then how does the "python-twitter" (http://
code.google.com/p/python-twitter/) work? it allows posting messages
and much more without the browser. maybe i missed smth...
thank you for clarifications.

Re: [twitter-dev] Re: "Failed to validate oauth signature and token" error

[Raffi Krikorian]

not right now.

i have to emphasize, the reason the browser is "a good thing" is that the
user can see that he is not giving his twitter password to your application.

On Tue, Dec 29, 2009 at 10:46 AM, varnie  wrote:

> Good day. I've solved my issue. One more question - are there any ways
> to get authorization without having to use the browser? if you're
> awared of any solutions please let me know, thanks.
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

[twitter-dev] Re: "Failed to validate oauth signature and token" error

[varnie]

Good day. I've solved my issue. One more question - are there any ways
to get authorization without having to use the browser? if you're
awared of any solutions please let me know, thanks.

Re: [twitter-dev] Re: "Failed to validate oauth signature and token" error

[Abraham Williams]

In order for your application to act on behalf of a user you must follow the
OAuth flow and get access tokens for the user.

You can read about getting started with OAuth from:
http://oauth.net/documentation/getting-started/

You can also read my slightly dated walkthrough although the flow will still
work:
https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4

On Mon, Dec 28, 2009 at 08:18, varnie  wrote:

> Tried to register test application and tried to use that oauth.py
> script with newer consumer key and consumer secret. but unluckily
> there's no success.
>
> here is the newest HTTP logs:
>
> "send: 'POST
>
> http://twitter.com/oauth/request_token?oauth_nonce=81708853&oauth_timestamp=1262009548&oauth_consumer_key=IHCqwfscVOzUmmKULwsUkA&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=IHCqwfscVOzUmmKULwsUkA&oauth_signature=IeErhy8ajwf1cnPygZt1LgF%2B1ws%3D
> HTTP/1.1\r\nHost: twitter.com\r\nAccept-Encoding: identity\r\n\r\n'
> reply: 'HTTP/1.1 401 Unauthorized\r\n'
> header: Date: Mon, 28 Dec 2009 14:12:28 GMT
> header: Server: hi
> header: X-Transaction: 1262009548-20986-31207
> header: Status: 401 Unauthorized
> header: Last-Modified: Mon, 28 Dec 2009 14:12:28 GMT
> header: X-Runtime: 0.00591
> header: Content-Type: text/html; charset=utf-8
> header: Pragma: no-cache
> header: Content-Length: 44
> header: Cache-Control: no-cache, no-store, must-revalidate, pre-
> check=0, post-check=0
> header: Expires: Tue, 31 Mar 1981 05:00:00 GMT
> header: X-Revision: DEV
> header: Set-Cookie:
> _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJTM4OTMyMzg1MDMxYjUxZDAwNWYx
> %250AYzVkZDI3ODQ2ZjY3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
>
> %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--3302083013fe75a2fe5f0a54e0ed0905c871a14b;
> domain=.twitter.com; path=/
> header: Vary: Accept-Encoding
> header: Connection: close
> Failed to validate oauth signature and token"
>



-- 
Abraham Williams | Awesome Lists | http://awesomeli.st
Project | Intersect | http://intersect.labs.poseurtech.com
Hacker | http://abrah.am | http://twitter.com/abraham
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Madison, WI, United States

[twitter-dev] Re: "Failed to validate oauth signature and token" error

[varnie]

Tried to register test application and tried to use that oauth.py
script with newer consumer key and consumer secret. but unluckily
there's no success.

here is the newest HTTP logs:

"send: 'POST
http://twitter.com/oauth/request_token?oauth_nonce=81708853&oauth_timestamp=1262009548&oauth_consumer_key=IHCqwfscVOzUmmKULwsUkA&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=IHCqwfscVOzUmmKULwsUkA&oauth_signature=IeErhy8ajwf1cnPygZt1LgF%2B1ws%3D
HTTP/1.1\r\nHost: twitter.com\r\nAccept-Encoding: identity\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Date: Mon, 28 Dec 2009 14:12:28 GMT
header: Server: hi
header: X-Transaction: 1262009548-20986-31207
header: Status: 401 Unauthorized
header: Last-Modified: Mon, 28 Dec 2009 14:12:28 GMT
header: X-Runtime: 0.00591
header: Content-Type: text/html; charset=utf-8
header: Pragma: no-cache
header: Content-Length: 44
header: Cache-Control: no-cache, no-store, must-revalidate, pre-
check=0, post-check=0
header: Expires: Tue, 31 Mar 1981 05:00:00 GMT
header: X-Revision: DEV
header: Set-Cookie:
_twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJTM4OTMyMzg1MDMxYjUxZDAwNWYx
%250AYzVkZDI3ODQ2ZjY3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
%250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--3302083013fe75a2fe5f0a54e0ed0905c871a14b;
domain=.twitter.com; path=/
header: Vary: Accept-Encoding
header: Connection: close
Failed to validate oauth signature and token"

[twitter-dev] Re: "Failed to validate oauth signature and token" error

[varnie]

Hello. Thanks for info.

As far as i read, the "consumer_key" is just a user's nickname in
Twitter. is it true?
Speaking  about registering an application with Twitter. Does it
needed when i just want to use some well-known open-source
applications/scripts to communicate with Twitter using my twitter
account?

For example, what steps have to be performed to get authenticated with
oauth.py script (http://github.com/mikelikespie/oauth-repoze/tree/
master/oauthwhat/lib/)?

Thank you.

[twitter-dev] Re: Failed to validate oauth signature and token

[Rock]

Hi Srikanth,

 I am able to get the PIN from twitter. Now as you mentioned above i
need to add oauth_verifier in accessToken.html. I have added that
field and entered the PIN i got from twitter. However it is not
working.

Can you please explain a bit on changes that need to be done in
accessToken.html

Thanks

[twitter-dev] Re: Failed to validate oauth signature and token

[Rock]

Thanks srikanth. It worked :-)

[twitter-dev] Re: Failed to validate oauth signature and token

[srikanth reddy]

Hi
You might have got the samples along with jscript libraries (eg
requestToken.html , authorize.html etc ). They are working fine .
Just replace the consumer keys and secrets with yours in consumer.js
One more change is add the 'oauth_verifier' field in accessToken.html (make
sure you trim the trailing whitespace while pasting the value)
The sample code provided in Ajax.html is also working fine and i verified
with some twitter methods

Good luck
Srikanth

On Tue, Jul 28, 2009 at 10:52 PM, Rock  wrote:

>
> Hello All,
>
>  I am new to twitter development. I am developing a twitter client
> for Nokia S60 devices. I wanted to make use of OAuth sign in provided
> by twitter. I have my customer key and customer secret. However when i
> try to get the token i receive "Failed to validate oauth signature and
> token" message.
>
> Also i have come across oauth.js. Since i am new to javascript as well
> i feel bit difficult to track it. Is there any site which explains on
> how to use this script.
>
> My url to request token from twitter is as shown below.
>
>
> http://twitter.com/oauth/request_token?oauth_version=1.0&1248801338&cdxAC3T2J6Lro7&oauth_consumer_key=UoK2gkoRexTkoZy1fBvgg&oauth_signature_method=HMAC_SHA1&oauth_signature=d1AxaPrUbj6RsjXvHM0WkzGujsBz9k4HzFztlhVzbo
>
> Thanks in advance.
>

[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs

[Blaine Garrett]

Update: It works now. Thanks to everyone who tried to help me diagnose
the issue.

Today, Hedley posted about the system being off can cause the request
token to fail. This was my exact problem it turns out.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/aadee92bc5c34f29?pli=1

Thanks again!
~Blaine


On Jul 9, 10:57 pm, JDG  wrote:
> No. According to the oauth spec, your signature key is always
> "consumer_secret&token_secret", even if token_secret is empty, so when you
> first call request_token, your key will be "consumer_secret&"
>
> On Thu, Jul 9, 2009 at 21:24, Blaine Garrett wrote:
>
>
>
>
>
> > Hi,
>
> > Thanks for the  quick reply Matt. Below is a recap of the setup with a
> > bit more clarity as well as the keys, url, and pre-encoded data.
> > Hopefully this sheds some light on the issue. I also tried the PHP lib
> > someone recommended with the same results - i.e 401 error. So again, I
> > am thinking it is something external to the Django setup - be it on
> > either end of the requests.
>
> > Thanks again!
> > Blaine
>
> > 
>
> > 1. Url I am trying to call the twitter API:
> >http://articulture.blainegarrett.com/signin/
>
> > 2. View Code being called:
> > [python_code]
> > def signin(request):
> >    from acsite.people import oauthtwitter
> >    import acsite.settings as settings
>
> >    # Step 1: Create an anonymous twitter oauth consumer
> >    oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
> > 'MY_SECRET_KEY') # Blaine's Personal Dev Site keys
>
> >    # Step 2: Fetch Request Token From Twitter
> >    request_token = oauth_consumer.getRequestToken() # In here I get
> > the 401 error
> >    raise Exception(request_token) # Never gets here
> > [/python_code]
>
> > 3: I installed fresh copies:
> > python-twitter :http://code.google.com/p/python-twitter/
> > oauth-python-twitter:
> >http://code.google.com/p/oauth-python-twitter/
> > oauth :http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
>
> > In the oauth.py, I changed the line 36:
> > SIGNATURE_METHOD = 'HMAC-SHA1'
>
> > 4. With no other changes, I get: the urllib2 exception: HTTPError at /
> > signin/ "HTTP Error 401: Unauthorized"
> > 5. When I wrap the url opener code in oauthtwitter.py on approx line
> > 102 in:
> > try:
> >    url_data = opener.open(url).read()
> > except urllib2.HTTPError, e:
> >    raise Exception('GET REQUEST VERSION : Unable to connect to the
> > oAuth Service. Code: %s  - Url: %s : Content - %s' % (e.code, e.url,
> > e.msg))
>
> > I get the exception:
> > GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
> > 401  - Url:
>
> >https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_ti...
> > : Content - Unauthorized
>
> > 6. Trying again with a new request, adding an exception of the key,raw
> > returned from build_signature_base_string in build_signature in
> > oauth.py line 563, I get:
> > key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
> > %2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
> > %26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"
>
> > Note trailing ampersand on the key returned. Could this be a query
> > string artifact?
>
> > On Jul 6, 10:59 am, Matt Sanford  wrote:
> > > Hi Blaine,
>
> > >      Failing the validate the signature when getting a request token
> > > is pretty rare. As you said the fact this all works from other
> > > libraries seems to point to a library issue. The most helpful things
> > > to see in these cases are:
>
> > >   • The actual HTTP request and response that fails. By seeing the URL
> > > requested I can try and recreate the signature and find the mismatch.
> > >   • The "signature base string" used to create the oauth_signature
> > > parameter. This usually requires adding some print statements to the
> > > oauth library you're using but can be really helpful.
>
> > >      If you can send the HTTP request and response (headers and
> > > bodies) that will be a good start. If you're not sure how to get them
> > > from your library I recommend using a debugging proxy like Charles [1].
>
> > > Thanks;
> > >   – Matt Sanford / @mzsanford
> > >       Twitter Dev
>
> > > [1] -http://www.charlesproxy.com/
>
> > > On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
>
> > > > Hi,
>
> > > > I get the 401:Unauthorized Error every time I attempt to get a request
> > > > token. When I attempt to go to the URL directly in the browser (not
> > > > yet accessed to preserve nonce) I get a body of "Failed to validate
> > > > oauth signature and token".
>
> > > > I am using the Leah's oauth client listed athttp://oauth.net/code
> > > > as well as the python-twitter (0.7-devel) and oauth-python-twitter
> > > > (v0.1)
>
> > > > I was able to get these same libraries to work on a different project
> > > > but not on the current one I am working on.

[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs

[JDG]

No. According to the oauth spec, your signature key is always
"consumer_secret&token_secret", even if token_secret is empty, so when you
first call request_token, your key will be "consumer_secret&"

On Thu, Jul 9, 2009 at 21:24, Blaine Garrett wrote:

>
> Hi,
>
> Thanks for the  quick reply Matt. Below is a recap of the setup with a
> bit more clarity as well as the keys, url, and pre-encoded data.
> Hopefully this sheds some light on the issue. I also tried the PHP lib
> someone recommended with the same results - i.e 401 error. So again, I
> am thinking it is something external to the Django setup - be it on
> either end of the requests.
>
> Thanks again!
> Blaine
>
>
> 
>
> 1. Url I am trying to call the twitter API:
> http://articulture.blainegarrett.com/signin/
>
> 2. View Code being called:
> [python_code]
> def signin(request):
>from acsite.people import oauthtwitter
>import acsite.settings as settings
>
># Step 1: Create an anonymous twitter oauth consumer
>oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
> 'MY_SECRET_KEY') # Blaine's Personal Dev Site keys
>
># Step 2: Fetch Request Token From Twitter
>request_token = oauth_consumer.getRequestToken() # In here I get
> the 401 error
>raise Exception(request_token) # Never gets here
> [/python_code]
>
> 3: I installed fresh copies:
> python-twitter : http://code.google.com/p/python-twitter/
> oauth-python-twitter:
> http://code.google.com/p/oauth-python-twitter/
> oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py
>
> In the oauth.py, I changed the line 36:
> SIGNATURE_METHOD = 'HMAC-SHA1'
>
> 4. With no other changes, I get: the urllib2 exception: HTTPError at /
> signin/ "HTTP Error 401: Unauthorized"
> 5. When I wrap the url opener code in oauthtwitter.py on approx line
> 102 in:
> try:
>url_data = opener.open(url).read()
> except urllib2.HTTPError, e:
>raise Exception('GET REQUEST VERSION : Unable to connect to the
> oAuth Service. Code: %s  - Url: %s : Content - %s' % (e.code, e.url,
> e.msg))
>
> I get the exception:
> GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
> 401  - Url:
>
> https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_timestamp=1247173406&oauth_consumer_key=Vx43QEmSCP1whLq1OSPg&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D
> : Content - Unauthorized
>
> 6. Trying again with a new request, adding an exception of the key,raw
> returned from build_signature_base_string in build_signature in
> oauth.py line 563, I get:
> key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
> %2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
> %26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"
>
> Note trailing ampersand on the key returned. Could this be a query
> string artifact?
>
>
>
> On Jul 6, 10:59 am, Matt Sanford  wrote:
> > Hi Blaine,
> >
> >  Failing the validate the signature when getting a request token
> > is pretty rare. As you said the fact this all works from other
> > libraries seems to point to a library issue. The most helpful things
> > to see in these cases are:
> >
> >   • The actual HTTP request and response that fails. By seeing the URL
> > requested I can try and recreate the signature and find the mismatch.
> >   • The "signature base string" used to create the oauth_signature
> > parameter. This usually requires adding some print statements to the
> > oauth library you're using but can be really helpful.
> >
> >  If you can send the HTTP request and response (headers and
> > bodies) that will be a good start. If you're not sure how to get them
> > from your library I recommend using a debugging proxy like Charles [1].
> >
> > Thanks;
> >   – Matt Sanford / @mzsanford
> >   Twitter Dev
> >
> > [1] -http://www.charlesproxy.com/
> >
> > On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
> >
> >
> >
> > > Hi,
> >
> > > I get the 401:Unauthorized Error every time I attempt to get a request
> > > token. When I attempt to go to the URL directly in the browser (not
> > > yet accessed to preserve nonce) I get a body of "Failed to validate
> > > oauth signature and token".
> >
> > > I am using the Leah's oauth client listed athttp://oauth.net/code
> > > as well as the python-twitter (0.7-devel) and oauth-python-twitter
> > > (v0.1)
> >
> > > I was able to get these same libraries to work on a different project
> > > but not on the current one I am working on.
> > > I have refreshed my tokens numerous times and also tried the working
> > > ones from the other project. I also tried the tokens from this project
> > > on the other project that was working and that WORKED.
> >
> > > As such, I am guessing it is an issue with my setup or some other lib
> > > I am working with.
> > > Both projects however have Python Ve

[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs

[Blaine Garrett]

Hi,

Thanks for the  quick reply Matt. Below is a recap of the setup with a
bit more clarity as well as the keys, url, and pre-encoded data.
Hopefully this sheds some light on the issue. I also tried the PHP lib
someone recommended with the same results - i.e 401 error. So again, I
am thinking it is something external to the Django setup - be it on
either end of the requests.

Thanks again!
Blaine




1. Url I am trying to call the twitter API:
http://articulture.blainegarrett.com/signin/

2. View Code being called:
[python_code]
def signin(request):
from acsite.people import oauthtwitter
import acsite.settings as settings

# Step 1: Create an anonymous twitter oauth consumer
oauth_consumer = oauthtwitter.OAuthApi('Vx43QEmSCP1whLq1OSPg',
'MY_SECRET_KEY') # Blaine's Personal Dev Site keys

# Step 2: Fetch Request Token From Twitter
request_token = oauth_consumer.getRequestToken() # In here I get
the 401 error
raise Exception(request_token) # Never gets here
[/python_code]

3: I installed fresh copies:
python-twitter : http://code.google.com/p/python-twitter/
oauth-python-twitter : http://code.google.com/p/oauth-python-twitter/
oauth : http://oauth.googlecode.com/svn/code/python/oauth/oauth.py

In the oauth.py, I changed the line 36:
SIGNATURE_METHOD = 'HMAC-SHA1'

4. With no other changes, I get: the urllib2 exception: HTTPError at /
signin/ "HTTP Error 401: Unauthorized"
5. When I wrap the url opener code in oauthtwitter.py on approx line
102 in:
try:
url_data = opener.open(url).read()
except urllib2.HTTPError, e:
raise Exception('GET REQUEST VERSION : Unable to connect to the
oAuth Service. Code: %s  - Url: %s : Content - %s' % (e.code, e.url,
e.msg))

I get the exception:
GET REQUEST VERSION: Unable to connect to the oAuth Service. Code:
401  - Url:
https://twitter.com/oauth/request_token?oauth_nonce=51064775&oauth_timestamp=1247173406&oauth_consumer_key=Vx43QEmSCP1whLq1OSPg&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=4RiqJL0ZpHux77GKZku9FVeyhA8%3D
: Content - Unauthorized

6. Trying again with a new request, adding an exception of the key,raw
returned from build_signature_base_string in build_signature in
oauth.py line 563, I get:
key="MY_SECRET_KEY&", "raw: GET&https%3A%2F%2Ftwitter.com%2Foauth
%2Frequest_token&oauth_consumer_key%3DVx43QEmSCP1whLq1OSPg
%26oauth_nonce%3D59181510%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1247173659%26oauth_version%3D1.0"

Note trailing ampersand on the key returned. Could this be a query
string artifact?



On Jul 6, 10:59 am, Matt Sanford  wrote:
> Hi Blaine,
>
>      Failing the validate the signature when getting a request token  
> is pretty rare. As you said the fact this all works from other  
> libraries seems to point to a library issue. The most helpful things  
> to see in these cases are:
>
>   • The actual HTTP request and response that fails. By seeing the URL  
> requested I can try and recreate the signature and find the mismatch.
>   • The "signature base string" used to create the oauth_signature  
> parameter. This usually requires adding some print statements to the  
> oauth library you're using but can be really helpful.
>
>      If you can send the HTTP request and response (headers and  
> bodies) that will be a good start. If you're not sure how to get them  
> from your library I recommend using a debugging proxy like Charles [1].
>
> Thanks;
>   – Matt Sanford / @mzsanford
>       Twitter Dev
>
> [1] -http://www.charlesproxy.com/
>
> On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:
>
>
>
> > Hi,
>
> > I get the 401:Unauthorized Error every time I attempt to get a request
> > token. When I attempt to go to the URL directly in the browser (not
> > yet accessed to preserve nonce) I get a body of "Failed to validate
> > oauth signature and token".
>
> > I am using the Leah's oauth client listed athttp://oauth.net/code
> > as well as the python-twitter (0.7-devel) and oauth-python-twitter
> > (v0.1)
>
> > I was able to get these same libraries to work on a different project
> > but not on the current one I am working on.
> > I have refreshed my tokens numerous times and also tried the working
> > ones from the other project. I also tried the tokens from this project
> > on the other project that was working and that WORKED.
>
> > As such, I am guessing it is an issue with my setup or some other lib
> > I am working with.
> > Both projects however have Python Versions  2.5.2 and should otherwise
> > be the same setups.
>
> > Domain the project is on ishttp://articulture.blainegarrett.comif
> > the matters for some odd reason.
>
> > Any thoughts?
>
> > Here is the code I am using to call the libs if it helps:
> > oauth_consumer = oauthtwitter.OAuthApi(consumer_token,
> > consumer_secret)
> > request_token = oauth_consumer.getRequestToken() # httplib exception
> > bubbles from within here
> > authorization_url = oauth_consumer.getAuthorizationURL(request_token)
>
> > Thank 

[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs

[Matt Sanford]

Hi Blaine,

Failing the validate the signature when getting a request token  
is pretty rare. As you said the fact this all works from other  
libraries seems to point to a library issue. The most helpful things  
to see in these cases are:


 • The actual HTTP request and response that fails. By seeing the URL  
requested I can try and recreate the signature and find the mismatch.
 • The "signature base string" used to create the oauth_signature  
parameter. This usually requires adding some print statements to the  
oauth library you're using but can be really helpful.


If you can send the HTTP request and response (headers and  
bodies) that will be a good start. If you're not sure how to get them  
from your library I recommend using a debugging proxy like Charles [1].


Thanks;
 – Matt Sanford / @mzsanford
 Twitter Dev

[1] - http://www.charlesproxy.com/

On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote:



Hi,

I get the 401:Unauthorized Error every time I attempt to get a request
token. When I attempt to go to the URL directly in the browser (not
yet accessed to preserve nonce) I get a body of "Failed to validate
oauth signature and token".

I am using the Leah's oauth client listed at http://oauth.net/code
as well as the python-twitter (0.7-devel) and oauth-python-twitter
(v0.1)

I was able to get these same libraries to work on a different project
but not on the current one I am working on.
I have refreshed my tokens numerous times and also tried the working
ones from the other project. I also tried the tokens from this project
on the other project that was working and that WORKED.

As such, I am guessing it is an issue with my setup or some other lib
I am working with.
Both projects however have Python Versions  2.5.2 and should otherwise
be the same setups.

Domain the project is on is http://articulture.blainegarrett.com if
the matters for some odd reason.

Any thoughts?

Here is the code I am using to call the libs if it helps:
oauth_consumer = oauthtwitter.OAuthApi(consumer_token,
consumer_secret)
request_token = oauth_consumer.getRequestToken() # httplib exception
bubbles from within here
authorization_url = oauth_consumer.getAuthorizationURL(request_token)

Thank you!
~Blaine

--
Blaine Garrett
gchat :  bla...@jrcorps.com
aim: zombiediv
y!: zombiediv