I am signing with both secrets too, and have upper case urlencoding.
Signing requests with an empty token secret (i.e. when getting
original request token) work 100%

I am doing the following to obtain the hmac key:
$key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this-
when token_secret is an empty string - no probs!

Example request:
GET /statuses/followers.json?
&oauth_version=1.0&oauth_signature=bGLpUe4LisXrn1ffGIafwod54ZE%3D HTTP/

PHP source code snippet:
public function sign_hmac( $http_method, $http_rsc ){
                $this->args['oauth_signature_method'] = 'HMAC-SHA1';
                $this->args['oauth_timestamp'] = sprintf('%u', time() );
                $this->args['oauth_nonce'] = sprintf('%f', microtime(true) );
                // normalize args first
                unset( $this->args['oauth_signature'] );
                $str = $this->__toString();
                // prepend other values, double-encoding the args
                $str = strtoupper($http_method).'&'.rawurlencode
                // sign it
                $key = 
                $this->args['oauth_signature'] = base64_encode( hash_hmac( 
$str, $key, true ) );
                return parent::serialize( $this->args );

Reply via email to