Several have gotten xAuth to work correctly.

I recommend verifying that the following is true:
1) You received approval for use of xAuth -- if you send me a note off-list
I can double check if this was granted for you
2) You are using the access_token endpoint with HTTPs:
3) Your POST body contains only the x_auth parameters, and the values are
URL encoded as POST bodies are supposed to be
4) You're using header-based authentication; query-string based auth will
not work for xAuth
5) Your signature base string contains the x_auth parameters just like any
other parameters, merged and sorted with the oauth_* parameters, with each
value URL escaped. If URL escaping was required to generate a valid POST
body string, then the values in your signature base string will likely be
double URL encoded.

Concrete example:
- You are logging in as a user named "user1234" with a password "abcd+efgh="
- Your request URI should be
- Your POST body should be (order does not matter)
- Your signature base string should be something similar to:

Taylor Singletary
Developer Advocate, Twitter

On Tue, Apr 6, 2010 at 12:28 PM, Cameron Kaiser <>wrote:

> Anyone using xAuth successfully? I'm having trouble getting the process to
> accept my requests. I can discuss this off list if you prefer.
> --
> ------------------------------------ personal:
> --
>  Cameron Kaiser * Floodgap Systems * *
> -- Seen on hand dryer: "Push button for a message from your congressman."
> -----
> --
> To unsubscribe, reply using "remove me" as the subject.

Reply via email to