We just coded up a simple Ruby script to make the same request,
building our post body by hand into a string to ensure the escaping
(or not) of the params.

So we know that going into Net::HTTP the underscores are underscores
and NOT %5F's.

Same response from the server.

--dwf



On May 12, 11:14 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Just eyeballing this: your POST body is over-URL encoded. Your POST body
> should be simply:
> x_auth_username=XXXXX&x_auth_password=XXXXX&x_auth_mode=client_auth
>
> But the values of each key should be URL escaped (so if there's an email
> address, username, or password with non-URL safe characters, they would be
> URL encoded -- and double URL encoded in your signature base string)
>
> Otherwise, at first glance anyway, this looks pretty close to right.
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
>
>
>
> On Wed, May 12, 2010 at 10:58 AM, DWF <dwfr...@pivotallabs.com> wrote:
> > We're trying this out now & think we're approved.  But we're still
> > seeing 401s when requesting a user token.
>
> > (username & password hidden with XXXXXX below)
>
> > Here's our base string:
>
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Faccess_token&oauth_consumer_key%3DWFKpuxJsIdVbesPtUAN6w
> > %26oauth_nonce%3DMTowOjk1NDE2ODEyNzM2ODY1OTM4Mjc%3D
> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > %3D1273686593%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> > %26x_auth_password%3DXXXXX%26x_auth_username%3DXXXXX
>
> > Here's our POST (using hurl.it as it looks like twurl doesn't support
> > this API endpoint yet):
>
> > -----
> > POST /oauth/access_token HTTP/1.1
> > Host: api.twitter.com
> > Authorization: OAuth oauth_signature_method="HMAC-SHA1",
> > oauth_nonce="MToxOjEyMzcxNzEyNzM2ODY1OTM4Mjc%3D",
> > oauth_timestamp="1273686593",
> > oauth_consumer_key="WFKpuxJsIdVbesPtUAN6w", oauth_version="1.0",
> > oauth_signature="4f23193590c2b66c5ea23ce5deae9c767998a902"
> > Accept: application/json
> > Content-Length: 93
> > Content-Type: application/x-www-form-urlencoded
>
> > x%5Fauth%5Fusername=XXXXX&x%5Fauth%5Fpassword=XXXXX&x%5Fauth
> > %5Fmode=client%5Fauth
>
> > -----
>
> > And we're getting this response (sad panda):
>
> > -----
> > HTTP/1.1 401 Unauthorized
> > Date: Wed, 12 May 2010 17:52:11 GMT
> > Server: hi
> > Status: 401 Unauthorized
> > X-Transaction: 1273686731-92894-17698
> > Last-Modified: Wed, 12 May 2010 17:52:11 GMT
> > X-Runtime: 0.03752
> > Content-Type: text/html; charset=utf-8
> > Content-Length: 44
> > Pragma: no-cache
> > X-Revision: DEV
> > Expires: Tue, 31 Mar 1981 05:00:00 GMT
> > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> > check=0
> > Set-Cookie: k=74.207.226.80.1273686729321903; path=/; expires=Wed, 19-
> > May-10 17:52:09 GMT; domain=.twitter.com
> > Set-Cookie: guest_id=127368673134928431; path=/; expires=Fri, 11 Jun
> > 2010 17:52:11 GMT
> > Set-Cookie:
> > _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCFUqpY0oAToRdHJhbnNfcHJvbXB0MDoHaWQi
> > %250AJTc1OGJjN2ZjODIwYWNhYzY3NjJlZGQzYWFjNTFlYmEyIgpmbGFzaElDOidB
> > %250AY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
> > ab999812f9cfb9a01a8095a2e3d0f84fd9c1e0d7; domain=.twitter.com; path=/
> > Vary: Accept-Encoding
> > Connection: close
>
> > Failed to validate oauth signature and token
>
> > ----
>
> > This look familiar to anyone?
>
> > Thanks,
> > --dwf

Reply via email to