Hi Georgina,
I'm sure you're pretty close to figuring this out. A few tips when you've
gotten to this point:
- Make sure that you're transporting the request correctly
- If you're using header-based OAuth, make sure that your HTTP
Authorization header is being properly setup and formatted. This will be
language-specific. Also make sure that you aren't repeating any of the
oauth_* parameters in the POST body or URL of your actual executed request.
Only parameters that don't begin with oauth_* should appear in the POST body
or query string. (In other words, don't present double authentication)
- Make sure that your HTTP verbs are in agreement
- If you're sending a POST, make sure your HTTP client is actually
sending a POST and that your OAuth signature base string's method component
matched
Here's a quick walkthrough of all the steps involved in obtaining an access
token (though with my keys instead of yours).. note the signature base
string, authorization header, URL, and POST body for each step (keeping in
mind that the authorize step is kind of special in that it happens in a
browser).
Request Token Step
--
Request URL: https://api.twitter.com/oauth/request_token
HTTP Method: POST
POST body: (empty)
Signature Basestring:
POST&https%3A%2F%2Fapi.twitter.com
%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D1%26oauth_consumer_key%3DOqEqJeafRSF10jBMStrZg%26oauth_nonce%3DK7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1300228849%26oauth_version%3D1.0
Authorization Header: OAuth
oauth_nonce="K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw",
oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D1",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228849",
oauth_consumer_key="OqEqJeafRSF10jBMStrZg",
oauth_signature="Pk%2BMLdv028fxCErFyi8KXFM%2BddU%3D", oauth_version="1.0"
Response Body:
oauth_token=IPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU&oauth_token_secret=&oauth_callback_confirmed=true
Authorization Step
-
Request URL:
https://api.twitter.com/oauth/authorize?oauth_token=IPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU
HTTP Method: GET
POST Body: N/A
Signature Basestring: N/A
Authorization Header: N/A
Access Token Step
-
Request URL: https://api.twitter.com/oauth/access_token
HTTP Method: POST
POST Body: (empty)
Signature Basestring:
POST&https%3A%2F%2Fapi.twitter.com
%2Foauth%2Faccess_token&oauth_consumer_key%3DOqEqJeafRSF10jBMStrZg%26oauth_nonce%3DFCKJcpPIhJpOLV1VQtP560IH0rKI9jMPrlkzqQWoA%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1300228855%26oauth_token%3DIPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU%26oauth_verifier%3DPmThbFiYNd3TOoFRBbFwwRRPHB3PlkFbxmX4lCqmnc%26oauth_version%3D1.0
Authorization Header: OAuth
oauth_nonce="FCKJcpPIhJpOLV1VQtP560IH0rKI9jMPrlkzqQWoA",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228855",
oauth_consumer_key="OqEqJeafRSF10jBMStrZg",
oauth_token="IPPjb9gdAB15Gnw7to8idfCfePqJgem9MVyhcEkPsU",
oauth_verifier="PmThbFiYNd3TOoFRBbFwwRRPHB3PlkFbxmX4lCqmnc",
oauth_signature="AFJr%2BdS%2FmWgPbMtJR3vdwMA4cTk%3D", oauth_version="1.0"
Response Body:
oauth_token=819797-bAOfajtcYw8xHm1UQ3v5V5WfUb90zN7OWlWmvl8ZU0&oauth_token_secret=x&user_id=819797&screen_name=episod
On Tue, Mar 15, 2011 at 7:22 AM, lappynet wrote:
> Thanks for everyone's help on this. I think that I now have this
> working (twitter documentation values match up).
>
> My problem now is that although I'm confident of my algorithm, twitter
> is always responding 401. I've debugged my network service and the
> message being returned is Incorrect Signature. I do not understand how
> this can be... :S
>
> On Mar 15, 6:03 am, kamesh SmartDude
> wrote:
> > Hai lappynet,
> >
> > I Used GET method to retrive the Request Token And I Avoided the OAuth
> > Callback, because it was registered when i registered my app.
> >
> > Below is the method how i am doing.
> >
> > ** SignatureBase String is *
> >
> > GET&https%3A%2F%2Fapi.twitter.com
> > %2Foauth%2Frequest_token&oauth_consumer_key%3D
> >
> %26oauth_nonce%3DydBxFJKdzK%26oauth_signature_method%3DHMAC-SHA1%26oauth_ti
> mestamp%3D1300167727%26oauth_version%3D1.0
> >
> > Signature Key U are appending "&" and it is correct.
> >
> > i am adding the oauth header like below
> >
> > OAuth realm="Twitter API", oauth_consumer_key=,
> > oauth_nonce=ydBxFJKdzK,
> oauth_signature=89%2BSoLKBdE%2FeHN5PFRxNl3G7tNo%3D,
> > oauth_signature_method=HMAC-SHA1, oauth_timestamp=1300167727,
> > oauth_version=1.0
> >
> > I think u might have some problem with generating the signature.
> >
> > Try this,
> > //kamesh
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Mar 14, 2011 at 8:16 PM, lappynet
> wrote:
> > > cURL... I've heard about this, but I don't really know about it. Is
> > > there a windows version as I don't have access to other OSs