hi carlos. i'm sorry that i'm not sure i can help to debug this code right now. if you are going to insist on creating your own functions to do the oauth signature, please consult http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/as its a great interactive walk through. however, i would *strongly* recommend using a library if possible. a simple google search turned up http://oauth.riaforge.org/.
On Mon, Jul 5, 2010 at 10:42 AM, Carlos Villarreal Mora <cvm...@gmail.com>wrote: > Hello I've been trying to solve this since Friday to no avail. I've > searched and used tips from a bunch of other discussions here but I > still haven't gotten it right. > > I'm using ColdFusion 8 to generate my OAuth signature. These are the > tweaks I've done from tips in this discussion list: > 1) For the timestamp I convert to UTC time with this function: > var nowUTC = dateConvert('local2UTC', now()); > var epochStart = CreateDateTime('1970','1','1','00','00','00'); > var timestamp = dateDiff("s", epochStart, nowUTC); > > This results in these values: > nowUTC = {ts '2010-07-05 17:22:30'} > epochStart = {ts '1970-01-01 00:00:00'} > timestamp = 1278346950 > > 2) For the Nonce I use ColdFusion's createUUID function and then, > based on this (http://www.cflib.org/udf/CreateGUID) from CFLib.org I > convert that UUID into a GUID like so: > var uuid = createUUID(); > //Convert the UUID to a GUID by inserting a dash in the 23rd > position > var nonce = insert("-", uuid, 23); > > This is an example of a resulting nonce: > A3A1648E-F1F0-4032-75F4-712F676BE7E6 > > 3) The most difficult part, and where I'm sure the error is, is the > SHA1 hashing, ColdFusion sucks at it so I'm using Java in the > function: > <cffunction name="javaHMAC" returntype="string" access="public" > output="false"> > <cfargument name="signKey" type="string" > required="true" /> > <cfargument name="signMessage" type="string" required="true" > /> > <cfscript> > var jMsg = > javaCast("string",arguments.signMessage).getBytes("UTF8"); > var jKey = > javaCast("string",arguments.signKey).getBytes("UTF8"); > var key = > createObject("java","javax.crypto.spec.SecretKeySpec"); > var mac = createObject("java","javax.crypto.Mac"); > var ret = ""; > > key = key.init(jKey,"HmacSHA1"); > mac = mac.getInstance(key.getAlgorithm()); > mac.init(key); > mac.update(jMsg); > > ret = lCase(binaryEncode(mac.doFinal(), 'Hex')); > > return(ret); > </cfscript> > </cffunction> > > When I sign the base using my Consumer Secret appended by a "&" using > this function the result is something like this: > 01eb730a110b1e09ccc9bbff9dbca73c5047f4d4 > > Here's the Signature Base and the Header I create (my consumer key is > masked for security reasons): > - Signature Base: > POST&https%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest > %5Ftoken&oauth_callback%3Dhttp%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom > %2FTwitter%2FoAuth%2Ecfm%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxx > %26oauth_nonce%3DA394B8B8- > F1F0-4032-72C8-701CEC482A20%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1278328119 > > - OAuht Authorization Header: > OAuth oauth_nonce="A394B8B8-F1F0-4032-72C8-701CEC482A20", > oauth_callback="http%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom%2FTwitter > %2FoAuth%2Ecfm", oauth_signature_method="HMAC-SHA1", > oauth_timestamp="1278328119", oauth_consumer_key="xxxxxxxxxxx", > oauth_signature="4799dd5a6891474d603a3546c14e9b41ea47088d", > oauth_version="1.0" > > There are no line breaks in either of them btw. Can anybody help me > with this? Try as I might I haven't been able to get beyond the > "Failed to validate oauth signature and token" response. > > Thank you. > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi