Hey there, I'm working on getting xAuth to work on an app i'm developing. I can't get the oauth_access_token to work while using unsafe chars like '=' and '+' as in your example (it works perfect for creds with no unsafe chars). I'm posting my strings and maybe you can help me here (Note: I'm replacing some chars with '#' to hide critical info):
POST body: ========= x_auth_username=c0########&x_auth_mode=client_auth&x_auth_password=testpassword %3D baseString: ======== POST&https%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_token&oauth_consumer_key%3D###################### %26oauth_nonce%3DA725A4E0-105C-4727-892D-050985F0DF4C %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1270885235%26oauth_token%3D%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3Dtestpassword%253D%26x_auth_username %3Dc0######## Thanks in advance On Apr 6, 3:52 pm, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Several have gotten xAuth to work correctly. > > I recommend verifying that the following is true: > 1) You received approval for use of xAuth -- if you send me a note off-list > I can double check if this was granted for you > 2) You are using the access_token endpoint with > HTTPs:https://api.twitter.com/oauth/access_token > 3) Your POST body contains only the x_auth parameters, and the values are > URL encoded as POST bodies are supposed to be > 4) You're using header-based authentication; query-string based auth will > not work for xAuth > 5) Your signature base string contains the x_auth parameters just like any > other parameters, merged and sorted with the oauth_* parameters, with each > value URL escaped. If URL escaping was required to generate a valid POST > body string, then the values in your signature base string will likely be > double URL encoded. > > Concrete example: > - You are logging in as a user named "user1234" with a password "abcd+efgh=" > - Your request URI should behttps://api.twitter.com/oauth_access_token > - Your POST body should be (order does not matter) > "x_auth_username=user1234&x_auth_password=abcd%2Befgh%3D&x_auth_mode=client_auth" > - Your signature base string should be something similar to: > POST&https%3A%2F%2Fapi.twitter.com > %2Foauth%2Faccess_token&oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3D5lReHcSFHYzKb1A4NqHIpoAhX08usNQpzAboyxEdUCI%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1270583500%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dabcd%252Befgh%253D%26x_auth_username%3Duser1234 > > Taylor Singletary > Developer Advocate, Twitterhttp://twitter.com/episod > > On Tue, Apr 6, 2010 at 12:28 PM, Cameron Kaiser <spec...@floodgap.com>wrote: > > > Anyone using xAuth successfully? I'm having trouble getting the process to > > accept my requests. I can discuss this off list if you prefer. > > > -- > > ------------------------------------ personal: > >http://www.cameronkaiser.com/-- > > Cameron Kaiser * Floodgap Systems *www.floodgap.com* > > ckai...@floodgap.com > > -- Seen on hand dryer: "Push button for a message from your congressman." > > ----- > > > -- > > To unsubscribe, reply using "remove me" as the subject.