Taylor,

Thanks for taking a look at it. and to answer your question yes I do
pass the status in the signature basetring.

Also below is my string which i pass to the below mentioned toSign
variable.

toSign:
POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.xml&oauth_consumer_key%xxxxxxxxxxxxxxx%26oauth_nonce
%3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645-
xxxxxxxxxxxxxxxxxxx%26oauth_version%3D1.0%26status
%3Dhurrrrrrrrrrrrrray

    Mac mac = Mac.getInstance(HMAC_SHA1);
    mac.init(key);
    byte[] bytes = mac.doFinal(toSign.getBytes(UTF8));

and in the key i pass: consumerSecret + '&' + tokenSecret

Thanks,
Rahul

On Apr 29, 12:46 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Rahul,
>
> When you are POSTing to statuses/update.xml -- are you including the status
> that you are posting in your signature base string? As a URL-encoded
> parameter, it should be included in both your POST body and the signature
> base string (but not in the HTTP authorization header).
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
>
>
>
> On Thu, Apr 29, 2010 at 9:35 AM, Rahul <rahul.jun...@gmail.com> wrote:
> > Folks,
>
> > I have been trying this and have already spent lot of time on this but
> > what i don't understand is how is getting the access token working and
> > post to update is not working when i am using the same signature
> > generation method for both the requests.
>
> > Here is my complete scenario.
> > 1. fetch the request token
> > 2. redirect the user to the authurize page
> > 3. get the verifier from the new called back url
> > 4. getting the access token by passing oauth_token and auth_verifier
> > 5. create a new post request for update and sign the request with
> > HMAC.sign(toSign, consumerSecret + '&' + tokenSecret)
> >   Note: toSign is the request with the following headers :
> > oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce,
> > oauth_consumer_key
> > 6. Send the request.
>
> > Also if helpfull, i am using following values
> > oauth_nonce=MD5.hexHash(getTimestampInSeconds())
> > oauth_signature_method=HMAC-SHA1
> > oauth_version=1.0
>
> > I have verified most of the things and looks good to me, also there is
> > very less possibility of generating wrong signature as I have used the
> > same signature to get the access token and was able to successfully
> > receive it.
>
> > Any pointers highly appreciated.
>
> > Thanks,
> > Rahul

Reply via email to