[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-20 Thread mlowicki
It works for me now! This is the final script:

var username = encodeURIComponent(cfg.username),
password = encodeURIComponent(cfg.password),
url = "https://api.twitter.com/oauth/access_token";,
timestamp = Math.round((new Date()).getTime() / 1000),
nonce = Math.random();

var accessToken = ("oauth_consumer_key={key}" +
"&oauth_nonce={nonce}" +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp={timestamp}" +
"&oauth_version=1.0" +
"&x_auth_mode=client_auth" +
"&x_auth_password={password}" +
"&x_auth_username={username}").supplant({
key: CONSUMER_KEY,
nonce: nonce,
timestamp: timestamp,
password: password,
username: username
});

var baseString = "POST&" + encodeURIComponent(url) + "&" +
encodeURIComponent(accessToken);

var signature = encodeURIComponent(
b64_hmac_sha1(CONSUMER_SECRET + "&", baseString) + "=");

var authHeader = ("OAuth oauth_nonce=\"{nonce}\", " +
"oauth_signature_method=\"HMAC-SHA1\", " +
"oauth_timestamp=\"{timestamp}\", " +
"oauth_consumer_key=\"{key}\", " +
"oauth_signature=\"{signature}\", " +
"oauth_version=\"1.0\"").supplant({
nonce: nonce,
timestamp: timestamp,
key: CONSUMER_KEY,
signature: signature
});

new O.IO.Req({
url: url,
method: "POST",
data: "x_auth_username=" + username + "&x_auth_password=" +
password + "&" + "x_auth_mode=client_auth",
headers: [{
name: "Authorization",
val: authHeader
}],
onSuccess: {
fn: function(req) {
var data = {};

req.responseText.split("&").forEach(function(item) {
var parts = item.split("=");

switch(parts[0]) {
case "oauth_token":
data.token = parts[1];
break;
case "oauth_token_secret":
data.secret = parts[1];
break;
case "user_id":
data.userID = parts[1];
break;
case "screen_name":
data.screenName = parts[1];
break;
default:
break;
}
});

cfg.onSuccess.fn.call(cfg.onSuccess.scope, data);
}
},
onFailure: {
fn: function(req) {
cfg.onFailure.fn.call(cfg.onFailure.scope, req);
}
}});

On Sep 20, 1:51 pm, mlowicki  wrote:
> @Matt, can you provide some method for debugging my issue or some
> solution because with such error message as "Failed to validate oauth
> signature and token" my debugging now is more like guessing
>
> On Sep 20, 11:50 am, Tom van der Woerdt  wrote:
>
>
>
> > The only relevant part of my code :
> > $sig = base64_encode(hash_hmac('sha1', $baseString, $key, true));
>
> > Key and Base String are visible on the page itself ;-)
>
> > Tom
>
> > On Mon, 20 Sep 2010 01:59:14 -0700 (PDT), mlowicki 
> > wrote:
>
> > > When i'm usinghttp://quonos.nl/oauthTester/foroAuth validation with
> > > my code i get:
>
> > > Base String syntax: OK
>
> > > Method type: OK
>
> > > URL: OK
>
> > > Parameters syntax: O
>
> > > But when i replace my secret with
> > > "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> > > signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
>
> > > @Tom, can you show the source of your php script for validation?
>
> > > On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
> > >> Second part of the base string:
> > >> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > >> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > >> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > >> _auth_password=
> > >> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > >> Should be also URLEncoded
>
> > >> On Sep 18, 7:19 am, mlowicki  wrote:
>
> > >> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> > >> > (function() {
> > >> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> > >> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> > >> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> > >> > "&oauth_signature_method=HMAC-SHA1" +
> > >> > "&oauth_timestamp=1276101652" +
> > >> > "&oauth_version=1.0" +
> > >> > "&x_auth_mode=client_auth" +
> > >> > "&x_auth_password=%&123!aZ+()456242134" +
> > >> > "&x_auth_username=tpFriendlyGiant";
> > >> > var base_string = "POST&" +
> > >> > encodeURIComponent(
> > >> > "https://api.twitter.com/oauth/access_token";) + "&" +
> > >> > encodeURIComponent(access_token);
>
> > >> > console.debug("base_string", base_string);
> > >> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> > >> > })();
>
> > >> > This is my base_string:
>
> > >> > POST&https%3A%2F%2Fapi.twitter.com

[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-20 Thread mlowicki
@Matt, can you provide some method for debugging my issue or some
solution because with such error message as "Failed to validate oauth
signature and token" my debugging now is more like guessing


On Sep 20, 11:50 am, Tom van der Woerdt  wrote:
> The only relevant part of my code :
> $sig = base64_encode(hash_hmac('sha1', $baseString, $key, true));
>
> Key and Base String are visible on the page itself ;-)
>
> Tom
>
> On Mon, 20 Sep 2010 01:59:14 -0700 (PDT), mlowicki 
> wrote:
>
>
>
> > When i'm usinghttp://quonos.nl/oauthTester/for oAuth validation with
> > my code i get:
>
> > Base String syntax: OK
>
> > Method type: OK
>
> > URL: OK
>
> > Parameters syntax: O
>
> > But when i replace my secret with
> > "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> > signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
>
> > @Tom, can you show the source of your php script for validation?
>
> > On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
> >> Second part of the base string:
> >> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> >> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> >> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> >> _auth_password=
> >> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> >> Should be also URLEncoded
>
> >> On Sep 18, 7:19 am, mlowicki  wrote:
>
> >> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> >> > (function() {
> >> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> >> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> >> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> >> > "&oauth_signature_method=HMAC-SHA1" +
> >> > "&oauth_timestamp=1276101652" +
> >> > "&oauth_version=1.0" +
> >> > "&x_auth_mode=client_auth" +
> >> > "&x_auth_password=%&123!aZ+()456242134" +
> >> > "&x_auth_username=tpFriendlyGiant";
> >> > var base_string = "POST&" +
> >> > encodeURIComponent(
> >> > "https://api.twitter.com/oauth/access_token";) + "&" +
> >> > encodeURIComponent(access_token);
>
> >> > console.debug("base_string", base_string);
> >> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> >> > })();
>
> >> > This is my base_string:
>
> >> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> >> >  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> >> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> >> >  _auth_password=
> >> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> >> > This on is from dev.twitter.com
>
> >> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> >> > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> >> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> >> > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> >> > %26x_auth_password%3D%2525%2526123%2521aZ%252B
> >> > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> >> > I found the differences in encoding %&123!aZ+() prefix from password
> >> > in base_string:
>
> >> > From dev.twitter.com/pages/xauth:
>
> >> > %2525%2526123%2521aZ%252B%2528%2529
>
> >> > From code above:
>
> >> > %25%26123!aZ%2B()
>
> >> > I use wrong encoding method then and encoding is wrong applied?
>
> >> > BR,
> >> > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


Re: [twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-20 Thread Tom van der Woerdt
The only relevant part of my code :
$sig = base64_encode(hash_hmac('sha1', $baseString, $key, true));

Key and Base String are visible on the page itself ;-)

Tom


On Mon, 20 Sep 2010 01:59:14 -0700 (PDT), mlowicki 
wrote:
> When i'm using http://quonos.nl/oauthTester/ for oAuth validation with
> my code i get:
> 
> Base String syntax: OK
> 
> Method type: OK
> 
> URL: OK
> 
> Parameters syntax: O
> 
> But when i replace my secret with
> "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
> 
> @Tom, can you show the source of your php script for validation?
> 
> 
> On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
>> Second part of the base string:
>> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
>> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
>> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
>> _auth_password=
>> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>>
>> Should be also URLEncoded
>>
>> On Sep 18, 7:19 am, mlowicki  wrote:
>>
>>
>>
>> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>>
>> > (function() {
>> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
>> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
>> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
>> > "&oauth_signature_method=HMAC-SHA1" +
>> > "&oauth_timestamp=1276101652" +
>> > "&oauth_version=1.0" +
>> > "&x_auth_mode=client_auth" +
>> > "&x_auth_password=%&123!aZ+()456242134" +
>> > "&x_auth_username=tpFriendlyGiant";
>> > var base_string = "POST&" +
>> > encodeURIComponent(
>> > "https://api.twitter.com/oauth/access_token";) + "&" +
>> > encodeURIComponent(access_token);
>>
>> > console.debug("base_string", base_string);
>> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>>
>> > })();
>>
>> > This is my base_string:
>>
>> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
>> >  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
>> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
>> >  _auth_password=
>> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>>
>> > This on is from dev.twitter.com
>>
>> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
>> > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
>> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
>> > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
>> > %26x_auth_password%3D%2525%2526123%2521aZ%252B
>> > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>>
>> > I found the differences in encoding %&123!aZ+() prefix from password
>> > in base_string:
>>
>> > From dev.twitter.com/pages/xauth:
>>
>> > %2525%2526123%2521aZ%252B%2528%2529
>>
>> > From code above:
>>
>> > %25%26123!aZ%2B()
>>
>> > I use wrong encoding method then and encoding is wrong applied?
>>
>> > BR,
>> > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-20 Thread mlowicki
this is how my code looks like now:

var username = encodeURIComponent("user");
var password = encodeURIComponent("password");
var url = "https://api.twitter.com/oauth/access_token";;
var key = "key";
var secret = "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98";
var timestamp = Math.round((new Date()).getTime() / 1000);
var nonce = Math.random();

var access_token =  "oauth_consumer_key=" + key +
"&oauth_nonce=" + nonce +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp=" + timestamp +
"&oauth_version=1.0" +
"&x_auth_mode=client_auth" +
"&x_auth_password=" + password +
"&x_auth_username=" + username;



var base_string = "POST&" + encodeURIComponent(url) + "&" +
encodeURIComponent(access_token);

console.debug("base string", base_string);
var oauth_signature = b64_hmac_sha1(secret, base_string);
console.debug("signature", oauth_signature);
oauth_signature = encodeURIComponent(oauth_signature+"=");


On Sep 20, 10:59 am, mlowicki  wrote:
> When i'm usinghttp://quonos.nl/oauthTester/for oAuth validation with
> my code i get:
>
> Base String syntax: OK
>
> Method type: OK
>
> URL: OK
>
> Parameters syntax: O
>
> But when i replace my secret with
> "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
>
> @Tom, can you show the source of your php script for validation?
>
> On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
>
>
>
> > Second part of the base string:
> > oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > _auth_password=
> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > Should be also URLEncoded
>
> > On Sep 18, 7:19 am, mlowicki  wrote:
>
> > > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> > > (function() {
> > > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> > > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> > > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> > > "&oauth_signature_method=HMAC-SHA1" +
> > > "&oauth_timestamp=1276101652" +
> > > "&oauth_version=1.0" +
> > > "&x_auth_mode=client_auth" +
> > > "&x_auth_password=%&123!aZ+()456242134" +
> > > "&x_auth_username=tpFriendlyGiant";
> > > var base_string = "POST&" +
> > > encodeURIComponent(
> > > "https://api.twitter.com/oauth/access_token";) + "&" +
> > > encodeURIComponent(access_token);
>
> > > console.debug("base_string", base_string);
> > > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> > > })();
>
> > > This is my base_string:
>
> > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > >  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > >  _auth_password=
> > > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > > This on is from dev.twitter.com
>
> > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> > > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> > > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> > > %26x_auth_password%3D%2525%2526123%2521aZ%252B
> > > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> > > I found the differences in encoding %&123!aZ+() prefix from password
> > > in base_string:
>
> > > From dev.twitter.com/pages/xauth:
>
> > > %2525%2526123%2521aZ%252B%2528%2529
>
> > > From code above:
>
> > > %25%26123!aZ%2B()
>
> > > I use wrong encoding method then and encoding is wrong applied?
>
> > > BR,
> > > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-20 Thread mlowicki
When i'm using http://quonos.nl/oauthTester/ for oAuth validation with
my code i get:

Base String syntax: OK

Method type: OK

URL: OK

Parameters syntax: O

But when i replace my secret with
"MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo

@Tom, can you show the source of your php script for validation?


On Sep 18, 11:41 pm, Nikolay Klimchuk  wrote:
> Second part of the base string:
> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> _auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> Should be also URLEncoded
>
> On Sep 18, 7:19 am, mlowicki  wrote:
>
>
>
> > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> > (function() {
> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> > "&oauth_signature_method=HMAC-SHA1" +
> > "&oauth_timestamp=1276101652" +
> > "&oauth_version=1.0" +
> > "&x_auth_mode=client_auth" +
> > "&x_auth_password=%&123!aZ+()456242134" +
> > "&x_auth_username=tpFriendlyGiant";
> > var base_string = "POST&" +
> > encodeURIComponent(
> > "https://api.twitter.com/oauth/access_token";) + "&" +
> > encodeURIComponent(access_token);
>
> > console.debug("base_string", base_string);
> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> > })();
>
> > This is my base_string:
>
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob 
> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x 
> > _auth_password=
> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > This on is from dev.twitter.com
>
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> > %26x_auth_password%3D%2525%2526123%2521aZ%252B
> > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> > I found the differences in encoding %&123!aZ+() prefix from password
> > in base_string:
>
> > From dev.twitter.com/pages/xauth:
>
> > %2525%2526123%2521aZ%252B%2528%2529
>
> > From code above:
>
> > %25%26123!aZ%2B()
>
> > I use wrong encoding method then and encoding is wrong applied?
>
> > BR,
> > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-18 Thread Nikolay Klimchuk
You need to URLEndcode password and user name
And then URLEncode entire base string one more time

On Sep 18, 5:55 pm, Tom van der Woerdt  wrote:
> Nikolay,
>
> If you look at the code, you'll see that it's already passed through the URL 
> encode function, but it doesn't do a thing. I'd say that the issue is at that 
> function.
>
> Tom
>
> On Sep 18, 2010, at 11:41 PM, Nikolay Klimchuk  wrote:
>
>
>
> > Second part of the base string:
> > oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > _auth_password=
> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > Should be also URLEncoded
>
> > On Sep 18, 7:19 am, mlowicki  wrote:
> >> I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> >> (function() {
> >> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> >> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> >> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> >> "&oauth_signature_method=HMAC-SHA1" +
> >> "&oauth_timestamp=1276101652" +
> >> "&oauth_version=1.0" +
> >> "&x_auth_mode=client_auth" +
> >> "&x_auth_password=%&123!aZ+()456242134" +
> >> "&x_auth_username=tpFriendlyGiant";
> >> var base_string = "POST&" +
> >> encodeURIComponent(
> >> "https://api.twitter.com/oauth/access_token";) + "&" +
> >> encodeURIComponent(access_token);
>
> >> console.debug("base_string", base_string);
> >> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> >> })();
>
> >> This is my base_string:
>
> >> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> >>  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> >> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> >>  _auth_password=
> >> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> >> This on is from dev.twitter.com
>
> >> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> >> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> >> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> >> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> >> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> >> %26x_auth_password%3D%2525%2526123%2521aZ%252B
> >> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> >> I found the differences in encoding %&123!aZ+() prefix from password
> >> in base_string:
>
> >> From dev.twitter.com/pages/xauth:
>
> >> %2525%2526123%2521aZ%252B%2528%2529
>
> >> From code above:
>
> >> %25%26123!aZ%2B()
>
> >> I use wrong encoding method then and encoding is wrong applied?
>
> >> BR,
> >> Michał Łowicki
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this 
> > group:http://groups.google.com/group/twitter-development-talk?hl=en

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


Re: [twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-18 Thread Tom van der Woerdt
Nikolay,

If you look at the code, you'll see that it's already passed through the URL 
encode function, but it doesn't do a thing. I'd say that the issue is at that 
function.

Tom


On Sep 18, 2010, at 11:41 PM, Nikolay Klimchuk  wrote:

> Second part of the base string:
> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> _auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
> 
> Should be also URLEncoded
> 
> On Sep 18, 7:19 am, mlowicki  wrote:
>> I tried with data fromhttp://dev.twitter.com/pages/xauth:
>> 
>> (function() {
>> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
>> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
>> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
>> "&oauth_signature_method=HMAC-SHA1" +
>> "&oauth_timestamp=1276101652" +
>> "&oauth_version=1.0" +
>> "&x_auth_mode=client_auth" +
>> "&x_auth_password=%&123!aZ+()456242134" +
>> "&x_auth_username=tpFriendlyGiant";
>> var base_string = "POST&" +
>> encodeURIComponent(
>> "https://api.twitter.com/oauth/access_token";) + "&" +
>> encodeURIComponent(access_token);
>> 
>> console.debug("base_string", base_string);
>> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>> 
>> })();
>> 
>> This is my base_string:
>> 
>> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob 
>> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
>> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x 
>> _auth_password=
>> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>> 
>> This on is from dev.twitter.com
>> 
>> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
>> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
>> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
>> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
>> %26x_auth_password%3D%2525%2526123%2521aZ%252B
>> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>> 
>> I found the differences in encoding %&123!aZ+() prefix from password
>> in base_string:
>> 
>> From dev.twitter.com/pages/xauth:
>> 
>> %2525%2526123%2521aZ%252B%2528%2529
>> 
>> From code above:
>> 
>> %25%26123!aZ%2B()
>> 
>> I use wrong encoding method then and encoding is wrong applied?
>> 
>> BR,
>> Michał Łowicki
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk?hl=en

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-18 Thread Nikolay Klimchuk
Second part of the base string:
oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
_auth_password=
%25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant

Should be also URLEncoded

On Sep 18, 7:19 am, mlowicki  wrote:
> I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> (function() {
> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> "&oauth_signature_method=HMAC-SHA1" +
> "&oauth_timestamp=1276101652" +
> "&oauth_version=1.0" +
> "&x_auth_mode=client_auth" +
> "&x_auth_password=%&123!aZ+()456242134" +
> "&x_auth_username=tpFriendlyGiant";
> var base_string = "POST&" +
> encodeURIComponent(
> "https://api.twitter.com/oauth/access_token";) + "&" +
> encodeURIComponent(access_token);
>
> console.debug("base_string", base_string);
> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> })();
>
> This is my base_string:
>
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob 
> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x 
> _auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> This on is from dev.twitter.com
>
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> %26x_auth_password%3D%2525%2526123%2521aZ%252B
> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> I found the differences in encoding %&123!aZ+() prefix from password
> in base_string:
>
> From dev.twitter.com/pages/xauth:
>
> %2525%2526123%2521aZ%252B%2528%2529
>
> From code above:
>
> %25%26123!aZ%2B()
>
> I use wrong encoding method then and encoding is wrong applied?
>
> BR,
> Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


Re: [twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-18 Thread Tom van der Woerdt
Hi,

You can verify your Base String using my OAuth Validator,


To answer your question: it *looks* like your encodeURIComponent
function doesn't do its work properly.

Tom


On 9/18/10 1:19 PM, mlowicki wrote:
> I tried with data from http://dev.twitter.com/pages/xauth:
> 
> (function() {
> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> "&oauth_signature_method=HMAC-SHA1" +
> "&oauth_timestamp=1276101652" +
> "&oauth_version=1.0" +
> "&x_auth_mode=client_auth" +
> "&x_auth_password=%&123!aZ+()456242134" +
> "&x_auth_username=tpFriendlyGiant";
> var base_string = "POST&" +
> encodeURIComponent(
> "https://api.twitter.com/oauth/access_token";) + "&" +
> encodeURIComponent(access_token);
> 
> console.debug("base_string", base_string);
> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
> })();
> 
> 
> This is my base_string:
> 
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
> 
> This on is from dev.twitter.com
> 
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> %26x_auth_password%3D%2525%2526123%2521aZ%252B
> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
> 
> 
> I found the differences in encoding %&123!aZ+() prefix from password
> in base_string:
> 
> From dev.twitter.com/pages/xauth:
> 
> %2525%2526123%2521aZ%252B%2528%2529
> 
> From code above:
> 
> %25%26123!aZ%2B()
> 
> I use wrong encoding method then and encoding is wrong applied?
> 
> BR,
> Michał Łowicki
> 

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

2010-09-18 Thread mlowicki
I tried with data from http://dev.twitter.com/pages/xauth:

(function() {
var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
"&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp=1276101652" +
"&oauth_version=1.0" +
"&x_auth_mode=client_auth" +
"&x_auth_password=%&123!aZ+()456242134" +
"&x_auth_username=tpFriendlyGiant";
var base_string = "POST&" +
encodeURIComponent(
"https://api.twitter.com/oauth/access_token";) + "&" +
encodeURIComponent(access_token);

console.debug("base_string", base_string);
console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
})();


This is my base_string:

POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=
%25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant

This on is from dev.twitter.com

POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
%26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3D%2525%2526123%2521aZ%252B
%2528%2529456242134%26x_auth_username%3DtpFriendlyGiant


I found the differences in encoding %&123!aZ+() prefix from password
in base_string:

>From dev.twitter.com/pages/xauth:

%2525%2526123%2521aZ%252B%2528%2529

>From code above:

%25%26123!aZ%2B()

I use wrong encoding method then and encoding is wrong applied?

BR,
Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Re: Failed to validate oauth signature and token with xauth

2010-07-23 Thread David Tavárez
How looks the final code?

On Jul 6, 1:19 pm, ntortarolo  wrote:
> Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
> base64 encoding, on my ajax call with jquery something wrong happened,
> i have changed it to HttpRequest of firefox component and it works. My
> app is an addon for firefox and its client side (javascript and xul).
> I know its not secure having there the consumer secret but i dont have
> another way to do it.
> I get access token right, but now i have another problem, i dont know
> exactly what parameters i must add for a call, for example calling
> friends timeline, i have seen tutorials aboutxauthbut i get this
> response "could not authenticate with oauth".
> Sorry of my english.
>
> Thanks, Nadia
>
> On Jun 24, 5:58 pm, Taylor Singletary 
> wrote:
>
> > Hi there,
>
> > Are you still having this issue?
>
> > In the past when I've seen other developers having issues accomplishing this
> > in Javascript, it's come down to an issue in the library used for HMAC-SHA1
> > and Base64 encoding. While it works in most conditions, there are apparently
> > some edge cases where it does the wrong thing. I generally don't advocate
> > using Javascript and OAuth together for a variety of reasons. Have you tried
> > tracing the request to see exactly the HTTP request being sent to the
> > server?
>
> > Are you writing a browser extension or WebOS app? If the former, how are you
> > keeping your consumer secret at least somewhat secured?
>
> > Have you tried other requests using an access token obtained through other
> > means?
>
> > Taylor
>
> > On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo  wrote:
> > > Hi, i have problem requesting an access_token, i think my source is
> > > right, i dont know where is the problem, i have maken some test with
> > > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> > >http://dev.twitter.com/pages/xauthandi get the same oauth_signature
> > > shown there so i think problem is not there when i use the real
> > > base_string, my oauth_consumer_key and oauth_consumer_secret.
> > >        My source is this, i hope someone can help me (to preserve my 
> > > secret
> > > and key i will put the same as the ones used on
> > >http://dev.twitter.com/pages/xauth)
>
> > >        xauth: functionxauth()
> > >        {
>
> > >         var username = encodeURIComponent(""),
> > >             password = encodeURIComponent(""),
> > >             url= "https://api.twitter.com/oauth/access_token";,
> > >             key = "sGNxxnqgZRHUt6NunK3uw",
> > >             timestamp = (new Date()).getTime(),
> > >             nonce = Math.random();
>
> > >        var access_token = "oauth_consumer_key=" + key +
> > >        "&oauth_nonce=" + nonce +
> > >        "&oauth_signature_method=HMAC-SHA1" +
> > >        "&oauth_timestamp=" + timestamp +
> > >        "&oauth_version=1.0" +
> > >        "&x_auth_mode=client_auth" +
> > >        "&x_auth_password=" + password +
> > >        "&x_auth_username=" + username;
>
> > >        var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > > encodeURIComponent(access_token);
>
> > >        var oauth_signature =
> > > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > > base_string);
>
> > >        oauth_signature = encodeURIComponent(oauth_signature+"=");
>
> > >        var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> > >        ', oauth_signature_method="HMAC-SHA1"' +
> > >        ', oauth_timestamp="' + timestamp + '"' +
> > >        ', oauth_consumer_key="' + key + '"' +
> > >        ', oauth_signature="' + oauth_signature + '"' +
> > >        ', oauth_version="1.0"';
>
> > >        $.ajax({
> > >             url:url,
> > >             method: "POST",
> > >             data: {
> > >                     x_auth_username: username,
> > >                     x_auth_password: password,
> > >                     x_auth_mode: "client_auth"
> > >             },
> > >             beforeSend: function(xhr){
> > >                     xhr.setRequestHeader("Authorization", auth_header);
> > >             },
> > >             success: function(data){
> > >                     alert(data);
> > >             },
> > >             error: function(xhr){
> > >                     alert(xhr.responseText);
> > >             }
> > >        }) ;
>
> > >        * What language or library are you using? What versions?
> > >          i'm using it on javascript
>
> > >        * What oauth application is this for?
> > >        http://twitter.com/apps/edit/181924


Re: [twitter-dev] Re: Failed to validate oauth signature and token with xauth

2010-07-06 Thread Matt Harris
Thanks for sharing the solution. Glad it's all working for you now.
Matt

On Tue, Jul 6, 2010 at 4:24 PM, ntortarolo  wrote:

> I have just fixed my last error. My oauth_token wasnt in correct orden
> on my base string.
> Thanks!
>
> On Jul 6, 2:19 pm, ntortarolo  wrote:
> > Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
> > base64 encoding, on my ajax call with jquery something wrong happened,
> > i have changed it to HttpRequest of firefox component and it works. My
> > app is an addon for firefox and its client side (javascript and xul).
> > I know its not secure having there the consumer secret but i dont have
> > another way to do it.
> > I get access token right, but now i have another problem, i dont know
> > exactly what parameters i must add for a call, for example calling
> > friends timeline, i have seen tutorials about xauth but i get this
> > response "could not authenticate with oauth".
> > Sorry of my english.
> >
> > Thanks, Nadia
> >
> > On Jun 24, 5:58 pm, Taylor Singletary 
> > wrote:
> >
> > > Hi there,
> >
> > > Are you still having this issue?
> >
> > > In the past when I've seen other developers having issues accomplishing
> this
> > > in Javascript, it's come down to an issue in the library used for
> HMAC-SHA1
> > > and Base64 encoding. While it works in most conditions, there are
> apparently
> > > some edge cases where it does the wrong thing. I generally don't
> advocate
> > > using Javascript and OAuth together for a variety of reasons. Have you
> tried
> > > tracing the request to see exactly the HTTP request being sent to the
> > > server?
> >
> > > Are you writing a browser extension or WebOS app? If the former, how
> are you
> > > keeping your consumer secret at least somewhat secured?
> >
> > > Have you tried other requests using an access token obtained through
> other
> > > means?
> >
> > > Taylor
> >
> > > On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo 
> wrote:
> > > > Hi, i have problem requesting an access_token, i think my source is
> > > > right, i dont know where is the problem, i have maken some test with
> > > > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> > > >http://dev.twitter.com/pages/xauthandi get the same oauth_signature
> > > > shown there so i think problem is not there when i use the real
> > > > base_string, my oauth_consumer_key and oauth_consumer_secret.
> > > >My source is this, i hope someone can help me (to preserve my
> secret
> > > > and key i will put the same as the ones used on
> > > >http://dev.twitter.com/pages/xauth)
> >
> > > >xauth: function xauth()
> > > >{
> >
> > > > var username = encodeURIComponent(""),
> > > > password = encodeURIComponent(""),
> > > > url= "https://api.twitter.com/oauth/access_token";,
> > > > key = "sGNxxnqgZRHUt6NunK3uw",
> > > > timestamp = (new Date()).getTime(),
> > > > nonce = Math.random();
> >
> > > >var access_token = "oauth_consumer_key=" + key +
> > > >"&oauth_nonce=" + nonce +
> > > >"&oauth_signature_method=HMAC-SHA1" +
> > > >"&oauth_timestamp=" + timestamp +
> > > >"&oauth_version=1.0" +
> > > >"&x_auth_mode=client_auth" +
> > > >"&x_auth_password=" + password +
> > > >"&x_auth_username=" + username;
> >
> > > >var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > > > encodeURIComponent(access_token);
> >
> > > >var oauth_signature =
> > > > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > > > base_string);
> >
> > > >oauth_signature = encodeURIComponent(oauth_signature+"=");
> >
> > > >var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> > > >', oauth_signature_method="HMAC-SHA1"' +
> > > >', oauth_timestamp="' + timestamp + '"' +
> > > >', oauth_consumer_key="' + key + '"' +
> > > >', oauth_signature="' + oauth_signature + '"' +
> > > >', oauth_version="1.0"';
> >
> > > >$.ajax({
> > > > url:url,
> > > > method: "POST",
> > > > data: {
> > > > x_auth_username: username,
> > > > x_auth_password: password,
> > > > x_auth_mode: "client_auth"
> > > > },
> > > > beforeSend: function(xhr){
> > > > xhr.setRequestHeader("Authorization",
> auth_header);
> > > > },
> > > > success: function(data){
> > > > alert(data);
> > > > },
> > > > error: function(xhr){
> > > > alert(xhr.responseText);
> > > > }
> > > >}) ;
> >
> > > >* What language or library are you using? What versions?
> > > >  i'm using it on javascript
> >
> > > >* What oauth application is this for?
> > > >http://twitter.com/apps/edit/181924
> >
> >
>



-- 

[twitter-dev] Re: Failed to validate oauth signature and token with xauth

2010-07-06 Thread ntortarolo
I have just fixed my last error. My oauth_token wasnt in correct orden
on my base string.
Thanks!

On Jul 6, 2:19 pm, ntortarolo  wrote:
> Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
> base64 encoding, on my ajax call with jquery something wrong happened,
> i have changed it to HttpRequest of firefox component and it works. My
> app is an addon for firefox and its client side (javascript and xul).
> I know its not secure having there the consumer secret but i dont have
> another way to do it.
> I get access token right, but now i have another problem, i dont know
> exactly what parameters i must add for a call, for example calling
> friends timeline, i have seen tutorials about xauth but i get this
> response "could not authenticate with oauth".
> Sorry of my english.
>
> Thanks, Nadia
>
> On Jun 24, 5:58 pm, Taylor Singletary 
> wrote:
>
> > Hi there,
>
> > Are you still having this issue?
>
> > In the past when I've seen other developers having issues accomplishing this
> > in Javascript, it's come down to an issue in the library used for HMAC-SHA1
> > and Base64 encoding. While it works in most conditions, there are apparently
> > some edge cases where it does the wrong thing. I generally don't advocate
> > using Javascript and OAuth together for a variety of reasons. Have you tried
> > tracing the request to see exactly the HTTP request being sent to the
> > server?
>
> > Are you writing a browser extension or WebOS app? If the former, how are you
> > keeping your consumer secret at least somewhat secured?
>
> > Have you tried other requests using an access token obtained through other
> > means?
>
> > Taylor
>
> > On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo  wrote:
> > > Hi, i have problem requesting an access_token, i think my source is
> > > right, i dont know where is the problem, i have maken some test with
> > > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> > >http://dev.twitter.com/pages/xauthandi get the same oauth_signature
> > > shown there so i think problem is not there when i use the real
> > > base_string, my oauth_consumer_key and oauth_consumer_secret.
> > >        My source is this, i hope someone can help me (to preserve my 
> > > secret
> > > and key i will put the same as the ones used on
> > >http://dev.twitter.com/pages/xauth)
>
> > >        xauth: function xauth()
> > >        {
>
> > >         var username = encodeURIComponent(""),
> > >             password = encodeURIComponent(""),
> > >             url= "https://api.twitter.com/oauth/access_token";,
> > >             key = "sGNxxnqgZRHUt6NunK3uw",
> > >             timestamp = (new Date()).getTime(),
> > >             nonce = Math.random();
>
> > >        var access_token = "oauth_consumer_key=" + key +
> > >        "&oauth_nonce=" + nonce +
> > >        "&oauth_signature_method=HMAC-SHA1" +
> > >        "&oauth_timestamp=" + timestamp +
> > >        "&oauth_version=1.0" +
> > >        "&x_auth_mode=client_auth" +
> > >        "&x_auth_password=" + password +
> > >        "&x_auth_username=" + username;
>
> > >        var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > > encodeURIComponent(access_token);
>
> > >        var oauth_signature =
> > > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > > base_string);
>
> > >        oauth_signature = encodeURIComponent(oauth_signature+"=");
>
> > >        var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> > >        ', oauth_signature_method="HMAC-SHA1"' +
> > >        ', oauth_timestamp="' + timestamp + '"' +
> > >        ', oauth_consumer_key="' + key + '"' +
> > >        ', oauth_signature="' + oauth_signature + '"' +
> > >        ', oauth_version="1.0"';
>
> > >        $.ajax({
> > >             url:url,
> > >             method: "POST",
> > >             data: {
> > >                     x_auth_username: username,
> > >                     x_auth_password: password,
> > >                     x_auth_mode: "client_auth"
> > >             },
> > >             beforeSend: function(xhr){
> > >                     xhr.setRequestHeader("Authorization", auth_header);
> > >             },
> > >             success: function(data){
> > >                     alert(data);
> > >             },
> > >             error: function(xhr){
> > >                     alert(xhr.responseText);
> > >             }
> > >        }) ;
>
> > >        * What language or library are you using? What versions?
> > >          i'm using it on javascript
>
> > >        * What oauth application is this for?
> > >        http://twitter.com/apps/edit/181924
>
>


[twitter-dev] Re: Failed to validate oauth signature and token with xauth

2010-07-06 Thread ntortarolo
Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and
base64 encoding, on my ajax call with jquery something wrong happened,
i have changed it to HttpRequest of firefox component and it works. My
app is an addon for firefox and its client side (javascript and xul).
I know its not secure having there the consumer secret but i dont have
another way to do it.
I get access token right, but now i have another problem, i dont know
exactly what parameters i must add for a call, for example calling
friends timeline, i have seen tutorials about xauth but i get this
response "could not authenticate with oauth".
Sorry of my english.

Thanks, Nadia

On Jun 24, 5:58 pm, Taylor Singletary 
wrote:
> Hi there,
>
> Are you still having this issue?
>
> In the past when I've seen other developers having issues accomplishing this
> in Javascript, it's come down to an issue in the library used for HMAC-SHA1
> and Base64 encoding. While it works in most conditions, there are apparently
> some edge cases where it does the wrong thing. I generally don't advocate
> using Javascript and OAuth together for a variety of reasons. Have you tried
> tracing the request to see exactly the HTTP request being sent to the
> server?
>
> Are you writing a browser extension or WebOS app? If the former, how are you
> keeping your consumer secret at least somewhat secured?
>
> Have you tried other requests using an access token obtained through other
> means?
>
> Taylor
>
> On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo  wrote:
> > Hi, i have problem requesting an access_token, i think my source is
> > right, i dont know where is the problem, i have maken some test with
> > base_string,  oauth_consumer_key and oauth_consumer_secret shown on
> >http://dev.twitter.com/pages/xauthand i get the same oauth_signature
> > shown there so i think problem is not there when i use the real
> > base_string, my oauth_consumer_key and oauth_consumer_secret.
> >        My source is this, i hope someone can help me (to preserve my secret
> > and key i will put the same as the ones used on
> >http://dev.twitter.com/pages/xauth)
>
> >        xauth: function xauth()
> >        {
>
> >         var username = encodeURIComponent(""),
> >             password = encodeURIComponent(""),
> >             url= "https://api.twitter.com/oauth/access_token";,
> >             key = "sGNxxnqgZRHUt6NunK3uw",
> >             timestamp = (new Date()).getTime(),
> >             nonce = Math.random();
>
> >        var access_token = "oauth_consumer_key=" + key +
> >        "&oauth_nonce=" + nonce +
> >        "&oauth_signature_method=HMAC-SHA1" +
> >        "&oauth_timestamp=" + timestamp +
> >        "&oauth_version=1.0" +
> >        "&x_auth_mode=client_auth" +
> >        "&x_auth_password=" + password +
> >        "&x_auth_username=" + username;
>
> >        var base_string = "POST&" + encodeURIComponent(url) + "&" +
> > encodeURIComponent(access_token);
>
> >        var oauth_signature =
> > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&",
> > base_string);
>
> >        oauth_signature = encodeURIComponent(oauth_signature+"=");
>
> >        var auth_header = 'OAuth oauth_nonce="' + nonce + '"' +
> >        ', oauth_signature_method="HMAC-SHA1"' +
> >        ', oauth_timestamp="' + timestamp + '"' +
> >        ', oauth_consumer_key="' + key + '"' +
> >        ', oauth_signature="' + oauth_signature + '"' +
> >        ', oauth_version="1.0"';
>
> >        $.ajax({
> >             url:url,
> >             method: "POST",
> >             data: {
> >                     x_auth_username: username,
> >                     x_auth_password: password,
> >                     x_auth_mode: "client_auth"
> >             },
> >             beforeSend: function(xhr){
> >                     xhr.setRequestHeader("Authorization", auth_header);
> >             },
> >             success: function(data){
> >                     alert(data);
> >             },
> >             error: function(xhr){
> >                     alert(xhr.responseText);
> >             }
> >        }) ;
>
> >        * What language or library are you using? What versions?
> >          i'm using it on javascript
>
> >        * What oauth application is this for?
> >        http://twitter.com/apps/edit/181924
>
>