Hi Rahul,

I'm trying to think of other reasons. We might be throwing the invalid
signature error in a case where the signature is not in fact invalid.

How about requests are not of the type POST? Have you had a GET (other than
OAuth token negotiation steps) work for you? When you were doing the token
negotiation steps, were you using POSTs or GETs? When performing a POST, are
you setting your HTTP Content-Type header to
"application/x-www-form-urlencoded"?

What's the exact response from the server? There's usually a payload
included with the response that may give more clarity to the error. We have
some upcoming enhancements to the OAuth implementation that will return to
you the "signature base string we calculated" which would be useful here
now..


Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Thu, Apr 29, 2010 at 1:12 PM, Rahul <rahul.jun...@gmail.com> wrote:

> Taylor,
>
> A quick update on this. I tried generating the signature from my
> library and the page mentioned below they both seems tbe exactly the
> same.....
>
>
> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
>
> What else can be the reason and how come twitter is responding with
> Incorrect Signature ?
>
> Thanks,
> Rahul
>
> On Apr 29, 1:19 pm, Rahul <rahul.jun...@gmail.com> wrote:
> > Taylor,
> >
> > Thanks for taking a look at it. and to answer your question yes I do
> > pass the status in the signature basetring.
> >
> > Also below is my string which i pass to the below mentioned toSign
> > variable.
> >
> > toSign:
> > POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> > %2Fupdate.xml&oauth_consumer_key%xxxxxxxxxxxxxxx%26oauth_nonce
> > %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645-
> > xxxxxxxxxxxxxxxxxxx%26oauth_version%3D1.0%26status
> > %3Dhurrrrrrrrrrrrrray
> >
> >     Mac mac = Mac.getInstance(HMAC_SHA1);
> >     mac.init(key);
> >     byte[] bytes = mac.doFinal(toSign.getBytes(UTF8));
> >
> > and in the key i pass: consumerSecret + '&' + tokenSecret
> >
> > Thanks,
> > Rahul
> >
> > On Apr 29, 12:46 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> > wrote:
> >
> >
> >
> > > Hi Rahul,
> >
> > > When you are POSTing to statuses/update.xml -- are you including the
> status
> > > that you are posting in your signature base string? As a URL-encoded
> > > parameter, it should be included in both your POST body and the
> signature
> > > base string (but not in the HTTP authorization header).
> >
> > > Taylor Singletary
> > > Developer Advocate, Twitterhttp://twitter.com/episod
> >
> > > On Thu, Apr 29, 2010 at 9:35 AM, Rahul <rahul.jun...@gmail.com> wrote:
> > > > Folks,
> >
> > > > I have been trying this and have already spent lot of time on this
> but
> > > > what i don't understand is how is getting the access token working
> and
> > > > post to update is not working when i am using the same signature
> > > > generation method for both the requests.
> >
> > > > Here is my complete scenario.
> > > > 1. fetch the request token
> > > > 2. redirect the user to the authurize page
> > > > 3. get the verifier from the new called back url
> > > > 4. getting the access token by passing oauth_token and auth_verifier
> > > > 5. create a new post request for update and sign the request with
> > > > HMAC.sign(toSign, consumerSecret + '&' + tokenSecret)
> > > >   Note: toSign is the request with the following headers :
> > > > oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce,
> > > > oauth_consumer_key
> > > > 6. Send the request.
> >
> > > > Also if helpfull, i am using following values
> > > > oauth_nonce=MD5.hexHash(getTimestampInSeconds())
> > > > oauth_signature_method=HMAC-SHA1
> > > > oauth_version=1.0
> >
> > > > I have verified most of the things and looks good to me, also there
> is
> > > > very less possibility of generating wrong signature as I have used
> the
> > > > same signature to get the access token and was able to successfully
> > > > receive it.
> >
> > > > Any pointers highly appreciated.
> >
> > > > Thanks,
> > > > Rahul
>

Reply via email to