this is my favorite javascript oauth library - http://oauth.googlecode.com/svn/code/javascript/ - its pretty well written, and could be ported relatively easily.

The OAuth spec has an example.  However it's included as an appendix,
so it's not really highlighted

http://oauth.net/core/1.0#anchor30

This is an example of a string to encode

GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg %26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce %3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk %26oauth_version%3D1.0%26size%3Doriginal

Getting everything ordered, the right things URL encoded and then
concatenated is tedious but it's all pretty straightforward.  There
are implementations in JavaScript, so I'd imagine a pure ASP version
wouldn't be impossible.

  ---Mark

Classic ASP?  You may in for a rough road.

It not just an encoded URL.  You have to generate a signature for the
URL using some algorithms that may not be easily implemented in ASP.
I'm not saying it's impossible.

Why classic ASP?

Hi

I've found a test site that gives feedback to what the error is 
athttp://term.ie/oauth/example/

My error is that the signature is incorrect. What must the string look
like that needs to be signed? I've tested my script and I know it
encodes correctly if you give it the right information.

Can someone please post a copy of the string that is sent to be
encoded.

Best regards

Andre

Classic ASP

Andre,

Are you sure there isn't already an OAuth library out there that will
work for you?  What language are you developing in?

--Duane

Thank you for the help. I'm still trying to get the first part to
work...

1. The first step in the process, you will make a GET request to "http://twitter.com/oauth/request_token";. In this request, you will need
the following parameters in this specific order:
oauth_consumer_key
oauth_nonce
oauth_signature_method
oauth_timestamp
oauth_version
oauth_signature

What string do I sign?

The whole URL?
Eg:
oauth_consumer_key =2FuDFffo1MnWkw9g2JK7621HA&oauth_nonce=1112009260947V57BU QK06I7H1BL88VBR65VT2&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1259226047&oauth_version=1.0

or

http://twitter.com/oauth/request_token?oauth_consumer_key=2FuDFffo1Mn ...

When do I UTF-8 encode? Before signing or after signing?

Same with the posting? What do i post and when do I UTF-8 encode?

Best regards

Andre

The signature has to go last. That's one mistake that most people make. You are suppose to put the parameters in order EXCEPT the signature parameter. The signature parameter is created by using the other
parameters, then it's appended to the end of the query string.

The OAuth signature is generated.

I made a blog post where I tried to explain it a little better than the documentation does. It's for .Net for the desktop, but the process is the same for any language, and only slightly different for web applications.

http://eclipsed4utoo.com/blog/net-twitter-desktop-oauth-authentication/

Hi All

I am trying to get my head around the Twitter oauth flow.

The twitter documentation links to oauth.net for parameters, but these
are general and not well documented.

Is the first step to usehttp://twitter.com/oauth/request_token?

1. I created the following URL:

http://twitter.com/oauth/request_token?oauth_consumer_key=3Uu...1HA&o ...

When I put this in a browser to test it, I get the following error:

Failed to validate oauth signature and token

1. What is wrong with the string?
  - Is the oauth_signature just your Consumer secret string?
- Do I have to use oauth_signature_method and what method do I use.
If it is sha1, what string do I hash? The whole URL?

Do I POST the data tohttp://twitter.com/oauth/request_tokenorGETor
what?

Best regards

Andre F Bruton

--
Raffi Krikorian
Twitter Platform Team
ra...@twitter.com | @raffi




Reply via email to