I am signing with both secrets too, and have upper case urlencoding.
Signing requests with an empty token secret (i.e. when getting
original request token) work 100%

I am doing the following to obtain the hmac key:
$key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this-
>token_secret);
when token_secret is an empty string - no probs!


Example request:
GET /statuses/followers.json?
screen_name=timwhitlock&page=1&oauth_consumer_key=[removed]
&oauth_nonce=1248788126.331844&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1248788126&oauth_token=[removed]
&oauth_version=1.0&oauth_signature=bGLpUe4LisXrn1ffGIafwod54ZE%3D HTTP/
1.0


PHP source code snippet:
public function sign_hmac( $http_method, $http_rsc ){
                $this->args['oauth_signature_method'] = 'HMAC-SHA1';
                $this->args['oauth_timestamp'] = sprintf('%u', time() );
                $this->args['oauth_nonce'] = sprintf('%f', microtime(true) );
                // normalize args first
                unset( $this->args['oauth_signature'] );
                $str = $this->__toString();
                // prepend other values, double-encoding the args
                $str = strtoupper($http_method).'&'.rawurlencode
($http_rsc).'&'.rawurlencode($str);
                // sign it
                $key = 
rawurlencode($this->consumer_secret).'&'.rawurlencode($this-
>token_secret);
                $this->args['oauth_signature'] = base64_encode( hash_hmac( 
'sha1',
$str, $key, true ) );
                return parent::serialize( $this->args );
        }

Reply via email to