this is my favorite javascript oauth library - - its pretty well written, and could be ported relatively easily.

The OAuth spec has an example.  However it's included as an appendix,
so it's not really highlighted

This is an example of a string to encode

GET& %26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce %3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk %26oauth_version%3D1.0%26size%3Doriginal

Getting everything ordered, the right things URL encoded and then
concatenated is tedious but it's all pretty straightforward.  There
are implementations in JavaScript, so I'd imagine a pure ASP version
wouldn't be impossible.


Classic ASP?  You may in for a rough road.

It not just an encoded URL.  You have to generate a signature for the
URL using some algorithms that may not be easily implemented in ASP.
I'm not saying it's impossible.

Why classic ASP?


I've found a test site that gives feedback to what the error is 

My error is that the signature is incorrect. What must the string look
like that needs to be signed? I've tested my script and I know it
encodes correctly if you give it the right information.

Can someone please post a copy of the string that is sent to be

Best regards


Classic ASP


Are you sure there isn't already an OAuth library out there that will
work for you?  What language are you developing in?


Thank you for the help. I'm still trying to get the first part to

1. The first step in the process, you will make a GET request to "";. In this request, you will need
the following parameters in this specific order:

What string do I sign?

The whole URL?
oauth_consumer_key =2FuDFffo1MnWkw9g2JK7621HA&oauth_nonce=1112009260947V57BU QK06I7H1BL88VBR65VT2&oauth_signature_method=HMAC-

or ...

When do I UTF-8 encode? Before signing or after signing?

Same with the posting? What do i post and when do I UTF-8 encode?

Best regards


The signature has to go last. That's one mistake that most people make. You are suppose to put the parameters in order EXCEPT the signature parameter. The signature parameter is created by using the other
parameters, then it's appended to the end of the query string.

The OAuth signature is generated.

I made a blog post where I tried to explain it a little better than the documentation does. It's for .Net for the desktop, but the process is the same for any language, and only slightly different for web applications.

Hi All

I am trying to get my head around the Twitter oauth flow.

The twitter documentation links to for parameters, but these
are general and not well documented.

Is the first step to use

1. I created the following URL: ...

When I put this in a browser to test it, I get the following error:

Failed to validate oauth signature and token

1. What is wrong with the string?
  - Is the oauth_signature just your Consumer secret string?
- Do I have to use oauth_signature_method and what method do I use.
If it is sha1, what string do I hash? The whole URL?

Do I POST the data to

Best regards

Andre F Bruton

Raffi Krikorian
Twitter Platform Team | @raffi

Reply via email to