Taylor,

A quick update on this. I tried generating the signature from my
library and the page mentioned below they both seems tbe exactly the
same.....

http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/

What else can be the reason and how come twitter is responding with
Incorrect Signature ?

Thanks,
Rahul

On Apr 29, 1:19 pm, Rahul <rahul.jun...@gmail.com> wrote:
> Taylor,
>
> Thanks for taking a look at it. and to answer your question yes I do
> pass the status in the signature basetring.
>
> Also below is my string which i pass to the below mentioned toSign
> variable.
>
> toSign:
> POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> %2Fupdate.xml&oauth_consumer_key%xxxxxxxxxxxxxxx%26oauth_nonce
> %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645-
> xxxxxxxxxxxxxxxxxxx%26oauth_version%3D1.0%26status
> %3Dhurrrrrrrrrrrrrray
>
>     Mac mac = Mac.getInstance(HMAC_SHA1);
>     mac.init(key);
>     byte[] bytes = mac.doFinal(toSign.getBytes(UTF8));
>
> and in the key i pass: consumerSecret + '&' + tokenSecret
>
> Thanks,
> Rahul
>
> On Apr 29, 12:46 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>
>
>
> > Hi Rahul,
>
> > When you are POSTing to statuses/update.xml -- are you including the status
> > that you are posting in your signature base string? As a URL-encoded
> > parameter, it should be included in both your POST body and the signature
> > base string (but not in the HTTP authorization header).
>
> > Taylor Singletary
> > Developer Advocate, Twitterhttp://twitter.com/episod
>
> > On Thu, Apr 29, 2010 at 9:35 AM, Rahul <rahul.jun...@gmail.com> wrote:
> > > Folks,
>
> > > I have been trying this and have already spent lot of time on this but
> > > what i don't understand is how is getting the access token working and
> > > post to update is not working when i am using the same signature
> > > generation method for both the requests.
>
> > > Here is my complete scenario.
> > > 1. fetch the request token
> > > 2. redirect the user to the authurize page
> > > 3. get the verifier from the new called back url
> > > 4. getting the access token by passing oauth_token and auth_verifier
> > > 5. create a new post request for update and sign the request with
> > > HMAC.sign(toSign, consumerSecret + '&' + tokenSecret)
> > >   Note: toSign is the request with the following headers :
> > > oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce,
> > > oauth_consumer_key
> > > 6. Send the request.
>
> > > Also if helpfull, i am using following values
> > > oauth_nonce=MD5.hexHash(getTimestampInSeconds())
> > > oauth_signature_method=HMAC-SHA1
> > > oauth_version=1.0
>
> > > I have verified most of the things and looks good to me, also there is
> > > very less possibility of generating wrong signature as I have used the
> > > same signature to get the access token and was able to successfully
> > > receive it.
>
> > > Any pointers highly appreciated.
>
> > > Thanks,
> > > Rahul

Reply via email to