Re: [twitter-dev] Oauth "Incorrect signature" Error

[Martin Dapas]

On Wed, Aug 18, 2010 at 10:40:11AM -0700, Olu wrote:
> Hi, I've been able to get a token and secret for an user but however,
> I'm getting an error while trying to use the status/update call. I've
> googled the problem and tried several solutions but none seems to
> work. I'm not sure what the problem is and I've been looking at this
> for hours. I would appreciate another pair of eyes on this. Any help
> would be greatly appreciated. PHP code below.
> 
> 
>  
> $ch = curl_init("http://api.twitter.com/1/statuses/update.json";);
> 
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
> curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect: ", "Authorization:
> $auth"));
> 
> $b = curl_exec($ch);
> 
> var_dump($b);
> 
> curl_close($ch);

curl defaults to GET, so you're signing a POST for the auth, but
doing a GET. Also, you're not sending the actual status you want to
update, just signing it.



-- 
Martin Dapas
@mahrteen

Re: [twitter-dev] Oauth "Incorrect signature" Error

[Taylor Singletary]

First guesses: your current implementation is incompatible for statuses
containing space characters or non-alphanumeric characters.

You are rawurlencoding your status parameter while building your signature
base string.. which is correct -- except, you should have URL encoded your
status value before-hand, such that you're encoding it again in your
signature base string.

I also can't ascertain in this code where you're actually presenting your
POST body to the request. You'll also want to pass a Content-Type header on
POST requests containing a POST body indicating the disposition of your
content.

Taylor

On Wed, Aug 18, 2010 at 10:40 AM, Olu  wrote:

> Hi, I've been able to get a token and secret for an user but however,
> I'm getting an error while trying to use the status/update call. I've
> googled the problem and tried several solutions but none seems to
> work. I'm not sure what the problem is and I've been looking at this
> for hours. I would appreciate another pair of eyes on this. Any help
> would be greatly appreciated. PHP code below.
>
>
>
> 
>
> $oauth_consumer_key = "";
> $oauth_consumer_secret = "";
> $oauth_nonce = sha1(time());
> $oauth_signature_method = "HMAC-SHA1";
> $oauth_timestamp = time();
> $oauth_version = "1.0";
> $oauth_token = "AAA";
> $token_secret = "";
>
> $status = "testing test";
>
>
> $baseString = "oauth_consumer_key=" .
> rawurlencode($oauth_consumer_key) . "&oauth_nonce=" .
> rawurlencode($oauth_nonce) . "&oauth_signature_method=" .
> rawurlencode($oauth_signature_method) . "&oauth_timestamp=" .
> rawurlencode($oauth_timestamp) . "&oauth_token=" .
> rawurlencode($oauth_token) . "&oauth_version=" .
> rawurlencode($oauth_version) . "&status=" . rawurlencode($status);
>
> $baseString = "POST&" . rawurlencode("http://api.twitter.com/1/
> statuses/update.json") . "&" . rawurlencode($baseString);
>
>
> $signing_key = rawurlencode($oauth_consumer_secret) . "&" .
> rawurlencode($token_secret);
>
>
> $signature = base64_encode(hash_hmac('sha1', $baseString,
> $signing_key, true));
>
>
> $auth = "OAuth oauth_nonce=\"" . $oauth_nonce .
> "\",oauth_signature_method=\"" . $oauth_signature_method .
> "\",oauth_timestamp=\"" . $oauth_timestamp . "\",oauth_consumer_key=
> \"" . $oauth_consumer_key . "\",oauth_token=\"" .
> rawurlencode($oauth_token) . "\",oauth_signature=\"" .
> rawurlencode($signature) ."\",oauth_version=\"" . $oauth_version .
> "\"";
>
>
> $ch = curl_init("http://api.twitter.com/1/statuses/update.json";);
>
>
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
> curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect: ", "Authorization:
> $auth"));
>
> $b = curl_exec($ch);
>
> var_dump($b);
>
> curl_close($ch);
>