Hi Mostafa,

What environment are you trying to execute this code in? Javascript in most
use cases is not an appropriate vehicle for performing OAuth operations --
unless you "are" the web browser or another kind of application development
environment in which Javascript is a bit more secure.

That said, I helped a developer through a Javascript OAuth implementation
last week and after much bashing of the head against the desk, it was found
that the HMAC_SHA1 algorithm being used was not doing the right thing and
using the wrong kind of padding.

Are you able to reproduce the signatures (given exactly the same inputs) as
detailed on http://dev.twitter.com/pages/auth ?

Have you traced the request to ensure that your authorization header is
actually being sent properly? How are you avoiding cross-domain issues?

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Thu, May 6, 2010 at 5:13 PM, mostafa farghaly <keepon...@gmail.com>wrote:

> every time i get "failed to validate outh token and signature" :(
> here's my simple code
>
>                        var username = "username",
>                                password = "password",
>                                url= "
> https://api.twitter.com/oauth/access_token";,
>                                key = "key",
>                                timestamp = +new Date,
>                                nonce = "thisismynoncce" + timestamp;
>
>                var access_token = "oauth_consumer_key=" + key +
>                        "&oauth_nonce=" + nonce +
>                        "&oauth_signature_method=HMAC_SHA1" +
>                        "&oauth_timestamp=" + timestamp +
>                        "&oauth_version=1.0" +
>                        "&x_auth_mode=client_auth" +
>                        "&x_auth_password=" + password +
>                        "&x_auth_username=" + username;
>
>                        var base_string = "POST&" + encodeURIComponent(url)
> + "&" +
> encodeURIComponent(access_token);
>
>                        var oauth_signature = b64_hmac_sha1("token_secret&",
> base_string);
>
>
>                        var auth_header = 'OAuth oauth_nonce="' + nonce +
> '"' +
>                        ', oauth_signature_method="HMAC-SHA1"' +
>                        ', oauth_timestamp="' + timestamp + '"' +
>                        ', oauth_consumer_key="' + key + '"' +
>                        ', oauth_signature="' + oauth_signature + '"' +
>                        ', oauth_version="1.0"';
>
>
>                      $.ajax({
>                                url:url,
>                                method: "POST",
>                                data: {
>                                        x_auth_username: username,
>                                        x_auth_password: password,
>                                        x_auth_mode: "client_auth"
>                                },
>                                beforeSend: function(xhr){
>
>  xhr.setRequestHeader("Authorization", auth_header);
>                                },
>                                success: function(data){
>                                        alert(data);
>                                },
>                                error: function(xhr){
>                                        alert(xhr.responseText);
>                                }
>                        })
>

Reply via email to