Mike,

We're going to be a lot more informative on signature generation errors in
the near future -- we have a newer implementation of OAuth 1.0a waiting in
the wings that will provide the signature base string we generated on a
failed request. More details when the staggered release of that is drawing
near.

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Fri, May 21, 2010 at 1:14 PM, Mike Dice <mikedice...@gmail.com> wrote:

> quickly one more thing, i twould also be cool to get some more details
> about what exactly went wrong when the server side validation of the
> signature fails. All you get now is 'Invalid Signature' and there are quite
> a few things you could get wrong in developing that signature.
>
>
> On Fri, May 21, 2010 at 1:11 PM, Mike Dice <mikedice...@gmail.com> wrote:
>
>> I think you have the same problem I posted about yesterday. In your base
>> string the '%' chars of the status are supposed to also be escaped. Here is
>> an example from my app
>>
>> My status update string
>>
>> timestamp:1274472570 Rejoice! I am done debugging :-).
>>
>> POST&http%3A%2F%2Fapi.twitter.com <http://2fapi.twitter.com/>
>> %2F1%2Fstatuses%2Fupdate.xml&oauth_consumer_key%xxxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26oauth_version%3D1.0%26status%3Dtimestamp
>> %253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
>> See how the '%' char is also escaped to %25?
>>
>>   On Fri, May 21, 2010 at 11:34 AM, DWF <dwfr...@pivotallabs.com> wrote:
>>
>>> We're having lots of success with OAuth now, which is great.  So far
>>> it looks like all our GETs are working just fine.  And some of our
>>> POSTs - but not all.
>>>
>>> Here's a POST that works (deleting a user's tweet):
>>>
>>> url: https://api.twitter.com/1/statuses/destroy.json
>>>
>>> parameters: {"id": 12532480661}
>>>
>>> Base String:
>>> POST&https%3A%2F%2Fapi.twitter.com <http://2fapi.twitter.com/>
>>> %2F1%2Fstatuses%2Fdestroy.json&id
>>> %3D12532480661%26oauth_consumer_key%3D-----%26oauth_nonce
>>> %3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
>>> SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-----
>>> %26oauth_version%3D1.0
>>>
>>> AuthHeader:
>>> Authorization = OAuth oauth_signature_method="HMAC-SHA1",
>>> oauth_nonce="1274466742322abc143248", oauth_timestamp="1274466742",
>>> oauth_consumer_key="-----", oauth_version="1.0", oauth_token="-----",
>>> oauth_signature="mg23Yowg9Y40imqcOH9SibMHSHE%3D"
>>>
>>>
>>> And here's one that's NOT working (updating a status):
>>>
>>> url: https://api.twitter.com/1/statuses/update.json
>>> parameters: {"source": "tweed", "status": "Tweet"}
>>>
>>> BaseString:
>>> POST&https%3A%2F%2Fapi.twitter.com <http://2fapi.twitter.com/>
>>> %2F1%2Fstatuses
>>> %2Fupdate.json&oauth_consumer_key%3D-----------%26oauth_nonce
>>> %3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
>>> SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-------------
>>> %26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
>>>
>>> AuthHeader:
>>> Authorization = OAuth oauth_signature_method="HMAC-SHA1",
>>> oauth_nonce="1274466366892abc252116", oauth_timestamp="1274466366",
>>> oauth_consumer_key="--------", oauth_version="1.0",
>>> oauth_token="---------", oauth_signature="V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
>>> %3D"
>>>
>>> The error we get is:
>>> {
>>>  status: 401,
>>>  responseText: {"request":"/1/statuses/
>>> update.json","error":"Incorrect signature"}
>>> }
>>>
>>> Thoughts?
>>>
>>
>>
>

Reply via email to