I am testing the Twitter API for a Firefox extension I am writing, and trying out the OAuth flow for desktop clients, as described on http://twitterapi.pbworks.com/Authentication.
I get stuck in the very first step "The application uses oauth/ request_token to obtain a request token from twitter.com." and have a newbie question about the signing. I construct a GET request which looks similar to this: http://twitter.com/oauth/request_token?oauth_consumer_key=<my_clients_consumer_key>&oauth_signature_method=HMAC-SHA1&oauth_timestamp=<my_time_stamp>&oauth_nonce=<my_nonce>?oauth_signature=<missing_this_part???> My question: What string is actually to be signed with HMAC-SHA1 and included as value for oauth_signature? (I am using the sha1 javascript implementation from http://pajhome.org.uk/crypt/md5/) I figure I should encode my client's consumer secret with my client's consumer key, but I only get "Failed to validate oauth signature and token". Sorry for this dumb question, but I hope someone can point me in the right direction. Thanks.
