Hi Rahul,

When you are POSTing to statuses/update.xml -- are you including the status
that you are posting in your signature base string? As a URL-encoded
parameter, it should be included in both your POST body and the signature
base string (but not in the HTTP authorization header).

Taylor Singletary
Developer Advocate, Twitter

On Thu, Apr 29, 2010 at 9:35 AM, Rahul <rahul.jun...@gmail.com> wrote:

> Folks,
> I have been trying this and have already spent lot of time on this but
> what i don't understand is how is getting the access token working and
> post to update is not working when i am using the same signature
> generation method for both the requests.
> Here is my complete scenario.
> 1. fetch the request token
> 2. redirect the user to the authurize page
> 3. get the verifier from the new called back url
> 4. getting the access token by passing oauth_token and auth_verifier
> 5. create a new post request for update and sign the request with
> HMAC.sign(toSign, consumerSecret + '&' + tokenSecret)
>   Note: toSign is the request with the following headers :
> oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce,
> oauth_consumer_key
> 6. Send the request.
> Also if helpfull, i am using following values
> oauth_nonce=MD5.hexHash(getTimestampInSeconds())
> oauth_signature_method=HMAC-SHA1
> oauth_version=1.0
> I have verified most of the things and looks good to me, also there is
> very less possibility of generating wrong signature as I have used the
> same signature to get the access token and was able to successfully
> receive it.
> Any pointers highly appreciated.
> Thanks,
> Rahul

Reply via email to