Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header).
Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul <rahul.jun...@gmail.com> wrote: > Folks, > > I have been trying this and have already spent lot of time on this but > what i don't understand is how is getting the access token working and > post to update is not working when i am using the same signature > generation method for both the requests. > > Here is my complete scenario. > 1. fetch the request token > 2. redirect the user to the authurize page > 3. get the verifier from the new called back url > 4. getting the access token by passing oauth_token and auth_verifier > 5. create a new post request for update and sign the request with > HMAC.sign(toSign, consumerSecret + '&' + tokenSecret) > Note: toSign is the request with the following headers : > oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, > oauth_consumer_key > 6. Send the request. > > Also if helpfull, i am using following values > oauth_nonce=MD5.hexHash(getTimestampInSeconds()) > oauth_signature_method=HMAC-SHA1 > oauth_version=1.0 > > I have verified most of the things and looks good to me, also there is > very less possibility of generating wrong signature as I have used the > same signature to get the access token and was able to successfully > receive it. > > Any pointers highly appreciated. > > Thanks, > Rahul >