...and I see Taylor beat me to it. ;)

On Fri, May 21, 2010 at 10:34 AM, Dana Contreras <d...@twitter.com> wrote:
> When you're constructing your signature base string, don't include the
> query parameters in the URL. The query parameters do need to be
> included in the next part of the signature base string though. Here's
> what the base string in your example should look like:
>
> GET&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json&count%3D200%26oauth_consumer_key%3D***********%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**********%26oauth_version%3D1.0
>
> "%3Fcount%3D200" has been removed, and "count%3D200%26" has been
> inserted after the second ampersand.
>
> On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
> <miguel.de.ic...@gmail.com> wrote:
>> Hello folks,
>>
>>    I have my client speaking OAuth to twitter for the entire initial
>> dance up to getting my access token.
>>
>>    But once I try using the access token to call:
>> http://api.twitter.com/1/statuses/mentions.json?count=200
>>
>>    All I get from twitter is a 401 with the following body:
>>
>> {"request":"/1/statuses/mentions.json?count=200","error":"Incorrect
>> signature"}
>>
>>    I followed the steps described here:http://dev.twitter.com/pages/
>> auth and just assumed that since there is no content, the value for
>> computing the signature is not needed.
>>
>> GET&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
>> %3Fcount%3D200&oauth_consumer_key%3D***********%26oauth_nonce
>> %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
>> SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**********
>> %26oauth_version%3D1.0
>>
>> My composite signature is made of my consumer secret (from the twitter
>> app page) and the oauth_token_secret returned by the acquire access
>> token process
>>
>> This is what ends up in the HTTP traffic, when I  append the
>> oauth_signature:
>> GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
>> authorization: OAuth
>> oauth_consumer_key="******",oauth_nonce="r3cy0enwrqeq1qns",oauth_signature_method="HMAC-
>> SHA1",oauth_timestamp="1274461098",oauth_token="823083-
>> *******",oauth_version="1.0",oauth_signature="dGhefwoSaiSQ0XMSswJ1UdPtkeI
>> %3D"
>> Connection: keep-alive
>> Host: api.twitter.com
>>
>>
>> Any ideas on what I am doing wrong?
>>
>>
>
>
>
> --
> Dana Contreras
> Twitter Platform Team
> http://twitter.com/DanaDanger
>



-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

Reply via email to