hi carlos.

i'm sorry that i'm not sure i can help to debug this code right now.  if you
are going to insist on creating your own functions to do the oauth
signature, please consult
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/as
its a great interactive walk through.  however, i would
*strongly* recommend using a library if possible.  a simple google search
turned up http://oauth.riaforge.org/.

On Mon, Jul 5, 2010 at 10:42 AM, Carlos Villarreal Mora <cvm...@gmail.com>wrote:

> Hello I've been trying to solve this since Friday to no avail. I've
> searched and used tips from a bunch of other discussions here but I
> still haven't gotten it right.
>
> I'm using ColdFusion 8 to generate my OAuth signature. These are the
> tweaks I've done from tips in this discussion list:
> 1) For the timestamp I convert to UTC time with this function:
>        var nowUTC = dateConvert('local2UTC', now());
>        var epochStart = CreateDateTime('1970','1','1','00','00','00');
>        var timestamp = dateDiff("s", epochStart, nowUTC);
>
>        This results in these values:
>        nowUTC = {ts '2010-07-05 17:22:30'}
>        epochStart = {ts '1970-01-01 00:00:00'}
>        timestamp = 1278346950
>
> 2) For the Nonce I use ColdFusion's createUUID function and then,
> based on this (http://www.cflib.org/udf/CreateGUID) from CFLib.org I
> convert that UUID into a GUID like so:
>        var uuid = createUUID();
>        //Convert the UUID to a GUID by inserting a dash in the 23rd
> position
>        var nonce = insert("-", uuid, 23);
>
>        This is an example of a resulting nonce:
>        A3A1648E-F1F0-4032-75F4-712F676BE7E6
>
> 3) The most difficult part, and where I'm sure the error is, is the
> SHA1 hashing, ColdFusion sucks at it so I'm using Java in the
> function:
>        <cffunction name="javaHMAC" returntype="string" access="public"
> output="false">
>                <cfargument name="signKey"       type="string"
> required="true" />
>                <cfargument name="signMessage" type="string" required="true"
> />
>                <cfscript>
>                        var jMsg =
> javaCast("string",arguments.signMessage).getBytes("UTF8");
>                        var jKey =
> javaCast("string",arguments.signKey).getBytes("UTF8");
>                        var key  =
> createObject("java","javax.crypto.spec.SecretKeySpec");
>                        var mac  = createObject("java","javax.crypto.Mac");
>                        var ret  = "";
>
>                        key = key.init(jKey,"HmacSHA1");
>                        mac = mac.getInstance(key.getAlgorithm());
>                        mac.init(key);
>                        mac.update(jMsg);
>
>                        ret = lCase(binaryEncode(mac.doFinal(), 'Hex'));
>
>                        return(ret);
>                </cfscript>
>        </cffunction>
>
> When I sign the base using my Consumer Secret appended by a "&" using
> this function the result is something like this:
> 01eb730a110b1e09ccc9bbff9dbca73c5047f4d4
>
> Here's the Signature Base and the Header I create (my consumer key is
> masked for security reasons):
> - Signature Base:
> POST&https%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest
> %5Ftoken&oauth_callback%3Dhttp%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom
> %2FTwitter%2FoAuth%2Ecfm%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxx
> %26oauth_nonce%3DA394B8B8-
> F1F0-4032-72C8-701CEC482A20%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1278328119
>
> - OAuht Authorization Header:
> OAuth oauth_nonce="A394B8B8-F1F0-4032-72C8-701CEC482A20",
> oauth_callback="http%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom%2FTwitter
> %2FoAuth%2Ecfm", oauth_signature_method="HMAC-SHA1",
> oauth_timestamp="1278328119", oauth_consumer_key="xxxxxxxxxxx",
> oauth_signature="4799dd5a6891474d603a3546c14e9b41ea47088d",
> oauth_version="1.0"
>
> There are no line breaks in either of them btw. Can anybody help me
> with this? Try as I might I haven't been able to get beyond the
> "Failed to validate oauth signature and token" response.
>
> Thank you.
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Reply via email to