I finally found out whats causing problems for me.
1. Make sure you are using token secret(oauth_token_secret) to create
signature. I think earlier, twitter was accepting even without token-
secret (a security hole) and hence the fix (I think).

In javascript api to update a status...

        var accessor = { consumerSecret: this.consumerSecret
                , tokenSecret   : <token_secret>};
        var message = { method: "POST"
                , action: "http://twitter.com/statuses/update.json";
                , parameters: new Array()
        message.parameters.push(["oauth_timestamp", OAuth.timestamp()]);
        message.parameters.push(["oauth_nonce", OAuth.nonce(11)]);
        message.parameters.push(["oauth_signature_method", "HMAC-SHA1"]);
        message.parameters.push(["oauth_token", ot]);
        message.parameters.push(["status",<"Encode(HI FROM TWITTER)">]);

2. If the request uses additional parameters, like to send a tweet we
need to add "status" = <tweet text> parameter, make sure to also pass
the additional parameters to *create* signature. In the above example,
i am passing "status" = ,<"Encode(HI FROM TWITTER)"> to create

3. Be careful of "double-encoding".
for example: "hi there" after encoding becomes.. "hi%20there" and if
your code is mistakenly encoding it a second time.. it would become "hi
%2520there". And since it(HTTP post/get parameter) doesn't match what
was used to create signature, you will again get infamous 'invalid

Reply via email to