The signature has to go last. That's one mistake that most people make. You are suppose to put the parameters in order EXCEPT the signature parameter. The signature parameter is created by using the other parameters, then it's appended to the end of the query string.
The OAuth signature is generated. I made a blog post where I tried to explain it a little better than the documentation does. It's for .Net for the desktop, but the process is the same for any language, and only slightly different for web applications. http://eclipsed4utoo.com/blog/net-twitter-desktop-oauth-authentication/ On Tue, Nov 24, 2009 at 3:12 PM, abruton <andrebru...@gmail.com> wrote: > Hi All > > I am trying to get my head around the Twitter oauth flow. > > The twitter documentation links to oauth.net for parameters, but these > are general and not well documented. > > Is the first step to use http://twitter.com/oauth/request_token ? > > 1. I created the following URL: > > http://twitter.com/oauth/request_token?oauth_consumer_key=3Uu...1HA&oauth_signature=Diz...cnI&oauth_timestamp=1259100056&oauth_nonce=120092402256OY2H6DC7VT053U3HI69HA861&oauth_version=1.0 > > When I put this in a browser to test it, I get the following error: > > Failed to validate oauth signature and token > > 1. What is wrong with the string? > - Is the oauth_signature just your Consumer secret string? > - Do I have to use oauth_signature_method and what method do I use. > If it is sha1, what string do I hash? The whole URL? > > Do I POST the data to http://twitter.com/oauth/request_token or GET or > what? > > Best regards > > Andre F Bruton >