Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same.....
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul <[email protected]> wrote: > Taylor, > > Thanks for taking a look at it. and to answer your question yes I do > pass the status in the signature basetring. > > Also below is my string which i pass to the below mentioned toSign > variable. > > toSign: > POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses > %2Fupdate.xml&oauth_consumer_key%xxxxxxxxxxxxxxx%26oauth_nonce > %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- > xxxxxxxxxxxxxxxxxxx%26oauth_version%3D1.0%26status > %3Dhurrrrrrrrrrrrrray > > Mac mac = Mac.getInstance(HMAC_SHA1); > mac.init(key); > byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); > > and in the key i pass: consumerSecret + '&' + tokenSecret > > Thanks, > Rahul > > On Apr 29, 12:46 pm, Taylor Singletary <[email protected]> > wrote: > > > > > Hi Rahul, > > > When you are POSTing to statuses/update.xml -- are you including the status > > that you are posting in your signature base string? As a URL-encoded > > parameter, it should be included in both your POST body and the signature > > base string (but not in the HTTP authorization header). > > > Taylor Singletary > > Developer Advocate, Twitterhttp://twitter.com/episod > > > On Thu, Apr 29, 2010 at 9:35 AM, Rahul <[email protected]> wrote: > > > Folks, > > > > I have been trying this and have already spent lot of time on this but > > > what i don't understand is how is getting the access token working and > > > post to update is not working when i am using the same signature > > > generation method for both the requests. > > > > Here is my complete scenario. > > > 1. fetch the request token > > > 2. redirect the user to the authurize page > > > 3. get the verifier from the new called back url > > > 4. getting the access token by passing oauth_token and auth_verifier > > > 5. create a new post request for update and sign the request with > > > HMAC.sign(toSign, consumerSecret + '&' + tokenSecret) > > > Note: toSign is the request with the following headers : > > > oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, > > > oauth_consumer_key > > > 6. Send the request. > > > > Also if helpfull, i am using following values > > > oauth_nonce=MD5.hexHash(getTimestampInSeconds()) > > > oauth_signature_method=HMAC-SHA1 > > > oauth_version=1.0 > > > > I have verified most of the things and looks good to me, also there is > > > very less possibility of generating wrong signature as I have used the > > > same signature to get the access token and was able to successfully > > > receive it. > > > > Any pointers highly appreciated. > > > > Thanks, > > > Rahul
