Well nevermind this, I found what the problem was and it sort of had to do with the strings but not in the base string but the aouth authorization header string. I was skipping parameters if they were empty, which is not what is called for in the oauth specs.
On Apr 10, 4:07 am, c0olcast <c0olc...@gmail.com> wrote: > Hey there, I'm working on getting xAuth to work on an app i'm > developing. I can't get the oauth_access_token to work while using > unsafe chars like '=' and '+' as in your example (it works perfect for > creds with no unsafe chars). I'm posting my strings and maybe you can > help me here (Note: I'm replacing some chars with '#' to hide critical > info): > > POST body: > ========= > x_auth_username=c0########&x_auth_mode=client_auth&x_auth_password=testpassword > %3D > > baseString: > ======== > POST&https%3A%2F%2Fapi.twitter.com%2Foauth > %2Faccess_token&oauth_consumer_key%3D###################### > %26oauth_nonce%3DA725A4E0-105C-4727-892D-050985F0DF4C > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > %3D1270885235%26oauth_token%3D%26oauth_version%3D1.0%26x_auth_mode > %3Dclient_auth%26x_auth_password%3Dtestpassword%253D%26x_auth_username > %3Dc0######## > > Thanks in advance > > On Apr 6, 3:52 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > > Several have gotten xAuth to work correctly. > > > I recommend verifying that the following is true: > > 1) You received approval for use of xAuth -- if you send me a note off-list > > I can double check if this was granted for you > > 2) You are using the access_token endpoint with > > HTTPs:https://api.twitter.com/oauth/access_token > > 3) Your POST body contains only the x_auth parameters, and the values are > > URL encoded as POST bodies are supposed to be > > 4) You're using header-based authentication; query-string based auth will > > not work for xAuth > > 5) Your signature base string contains the x_auth parameters just like any > > other parameters, merged and sorted with the oauth_* parameters, with each > > value URL escaped. If URL escaping was required to generate a valid POST > > body string, then the values in your signature base string will likely be > > double URL encoded. > > > Concrete example: > > - You are logging in as a user named "user1234" with a password "abcd+efgh=" > > - Your request URI should behttps://api.twitter.com/oauth_access_token > > - Your POST body should be (order does not matter) > > "x_auth_username=user1234&x_auth_password=abcd%2Befgh%3D&x_auth_mode=client_auth" > > - Your signature base string should be something similar to: > > POST&https%3A%2F%2Fapi.twitter.com > > %2Foauth%2Faccess_token&oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3D5lReHcSFHYzKb1A4NqHIpoAhX08usNQpzAboyxEdUCI%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1270583500%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dabcd%252Befgh%253D%26x_auth_username%3Duser1234 > > > Taylor Singletary > > Developer Advocate, Twitterhttp://twitter.com/episod > > > On Tue, Apr 6, 2010 at 12:28 PM, Cameron Kaiser <spec...@floodgap.com>wrote: > > > > Anyone using xAuth successfully? I'm having trouble getting the process to > > > accept my requests. I can discuss this off list if you prefer. > > > > -- > > > ------------------------------------ personal: > > >http://www.cameronkaiser.com/-- > > > Cameron Kaiser * Floodgap Systems *www.floodgap.com* > > > ckai...@floodgap.com > > > -- Seen on hand dryer: "Push button for a message from your congressman." > > > ----- > > > > -- > > > To unsubscribe, reply using "remove me" as the subject.