Well nevermind this, I found what the problem was and it sort of had
to do with the strings but not in the base string but the aouth
authorization header string. I was skipping parameters if they were
empty, which is not what is called for in the oauth specs.

On Apr 10, 4:07 am, c0olcast <c0olc...@gmail.com> wrote:
> Hey there, I'm working on getting xAuth to work on an app i'm
> developing. I can't get the oauth_access_token to work while using
> unsafe chars like '=' and '+' as in your example (it works perfect for
> creds with no unsafe chars). I'm posting my strings and maybe you can
> help me here (Note: I'm replacing some chars with '#' to hide critical
> info):
>
> POST body:
> =========
> x_auth_username=c0########&x_auth_mode=client_auth&x_auth_password=testpassword
> %3D
>
> baseString:
> ========
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3D######################
> %26oauth_nonce%3DA725A4E0-105C-4727-892D-050985F0DF4C
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1270885235%26oauth_token%3D%26oauth_version%3D1.0%26x_auth_mode
> %3Dclient_auth%26x_auth_password%3Dtestpassword%253D%26x_auth_username
> %3Dc0########
>
> Thanks in advance
>
> On Apr 6, 3:52 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>
> > Several have gotten xAuth to work correctly.
>
> > I recommend verifying that the following is true:
> > 1) You received approval for use of xAuth -- if you send me a note off-list
> > I can double check if this was granted for you
> > 2) You are using the access_token endpoint with 
> > HTTPs:https://api.twitter.com/oauth/access_token
> > 3) Your POST body contains only the x_auth parameters, and the values are
> > URL encoded as POST bodies are supposed to be
> > 4) You're using header-based authentication; query-string based auth will
> > not work for xAuth
> > 5) Your signature base string contains the x_auth parameters just like any
> > other parameters, merged and sorted with the oauth_* parameters, with each
> > value URL escaped. If URL escaping was required to generate a valid POST
> > body string, then the values in your signature base string will likely be
> > double URL encoded.
>
> > Concrete example:
> > - You are logging in as a user named "user1234" with a password "abcd+efgh="
> > - Your request URI should behttps://api.twitter.com/oauth_access_token
> > - Your POST body should be (order does not matter)
> > "x_auth_username=user1234&x_auth_password=abcd%2Befgh%3D&x_auth_mode=client_auth"
> > - Your signature base string should be something similar to:
> > POST&https%3A%2F%2Fapi.twitter.com
> > %2Foauth%2Faccess_token&oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3D5lReHcSFHYzKb1A4NqHIpoAhX08usNQpzAboyxEdUCI%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1270583500%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dabcd%252Befgh%253D%26x_auth_username%3Duser1234
>
> > Taylor Singletary
> > Developer Advocate, Twitterhttp://twitter.com/episod
>
> > On Tue, Apr 6, 2010 at 12:28 PM, Cameron Kaiser <spec...@floodgap.com>wrote:
>
> > > Anyone using xAuth successfully? I'm having trouble getting the process to
> > > accept my requests. I can discuss this off list if you prefer.
>
> > > --
> > > ------------------------------------ personal:
> > >http://www.cameronkaiser.com/--
> > >  Cameron Kaiser * Floodgap Systems *www.floodgap.com*
> > > ckai...@floodgap.com
> > > -- Seen on hand dryer: "Push button for a message from your congressman."
> > > -----
>
> > > --
> > > To unsubscribe, reply using "remove me" as the subject.

Reply via email to