Hey there, I'm working on getting xAuth to work on an app i'm
developing. I can't get the oauth_access_token to work while using
unsafe chars like '=' and '+' as in your example (it works perfect for
creds with no unsafe chars). I'm posting my strings and maybe you can
help me here (Note: I'm replacing some chars with '#' to hide critical
info):

POST body:
=========
x_auth_username=c0########&x_auth_mode=client_auth&x_auth_password=testpassword
%3D


baseString:
========
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3D######################
%26oauth_nonce%3DA725A4E0-105C-4727-892D-050985F0DF4C
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1270885235%26oauth_token%3D%26oauth_version%3D1.0%26x_auth_mode
%3Dclient_auth%26x_auth_password%3Dtestpassword%253D%26x_auth_username
%3Dc0########


Thanks in advance

On Apr 6, 3:52 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Several have gotten xAuth to work correctly.
>
> I recommend verifying that the following is true:
> 1) You received approval for use of xAuth -- if you send me a note off-list
> I can double check if this was granted for you
> 2) You are using the access_token endpoint with 
> HTTPs:https://api.twitter.com/oauth/access_token
> 3) Your POST body contains only the x_auth parameters, and the values are
> URL encoded as POST bodies are supposed to be
> 4) You're using header-based authentication; query-string based auth will
> not work for xAuth
> 5) Your signature base string contains the x_auth parameters just like any
> other parameters, merged and sorted with the oauth_* parameters, with each
> value URL escaped. If URL escaping was required to generate a valid POST
> body string, then the values in your signature base string will likely be
> double URL encoded.
>
> Concrete example:
> - You are logging in as a user named "user1234" with a password "abcd+efgh="
> - Your request URI should behttps://api.twitter.com/oauth_access_token
> - Your POST body should be (order does not matter)
> "x_auth_username=user1234&x_auth_password=abcd%2Befgh%3D&x_auth_mode=client_auth"
> - Your signature base string should be something similar to:
> POST&https%3A%2F%2Fapi.twitter.com
> %2Foauth%2Faccess_token&oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3D5lReHcSFHYzKb1A4NqHIpoAhX08usNQpzAboyxEdUCI%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1270583500%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dabcd%252Befgh%253D%26x_auth_username%3Duser1234
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
>
> On Tue, Apr 6, 2010 at 12:28 PM, Cameron Kaiser <spec...@floodgap.com>wrote:
>
> > Anyone using xAuth successfully? I'm having trouble getting the process to
> > accept my requests. I can discuss this off list if you prefer.
>
> > --
> > ------------------------------------ personal:
> >http://www.cameronkaiser.com/--
> >  Cameron Kaiser * Floodgap Systems *www.floodgap.com*
> > ckai...@floodgap.com
> > -- Seen on hand dryer: "Push button for a message from your congressman."
> > -----
>
> > --
> > To unsubscribe, reply using "remove me" as the subject.

Reply via email to