Josh, Srikanth- Thank you very much for your suggestions. I did check the cache, and revalidated the IP scenario again, but with no luck.
The problem was actually caused by an incorrect server clock setting on the new server. The server clock was giving a utc offset equivalent to -54000, which is really not valid. The wrong time was then generating an invalid oauth_timestamp, which eventually returned the "Failed to validate oAuth signature." message. I'm all-good now! _____ From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of srikanth reddy Sent: Wednesday, August 05, 2009 12:03 AM To: twitter-development-talk@googlegroups.com Subject: [twitter-dev] Re: Are the Consumer Token and Secret assigned to a specific Server IP address I dont think even access token is linked to IP.( i actually verified the tokens on different IP) Stealing access token alone is not enough to use protected service. You need consumer secret, access secret to sign the request and i believe access token is linked to consumer and is unique for each user sending requests via a consumer. So even if you try to obtain new access token i guess you would get the same old access token (of course for the same consumer key). I believe you will get new access tokens by changing your consumer key/secrets but all your cached/stored access tokens would be useless. On Wed, Aug 5, 2009 at 6:06 AM, Josh Roesslein <jroessl...@gmail.com> wrote: I don't believe the consumer token/secret is linked to an ip address. I don't remember supplying it during application registration so twitter doesn't really know my ip anyway. I'm guessing the access tokens are linked to the IP address which they where issued. This would help prevent access token theft. Deleting all your cached access tokens and getting new ones with the new ip might help fix your issue. I'd test this first before flushing your cache. Josh On Tue, Aug 4, 2009 at 7:11 PM, MECarluen -TwitterGroup <mecarl...@gmail.com> wrote: Hello Gurus- quick question, are the Consumer Token and Secret assigned to a specific Server IP address? I am currently switching my servers/hosts to a different IP address, but with same domain name. It seems like Oauth returns a "Failed to validate oauth signature and token" when using the same consumer tokens and secrets on the new IP addy. If this is what is causing my problem, how do I remedy? Thanks for for confirming one way or the other... comments welcome. -- Josh
