Hello Taylor, Dana,

    Thanks to both of you for the reply, after this change, my twitter
client is working with OAuth.

     It might be good to update the oauth guide on the twitter site
with this information, I tried for a few hours before I gave up and
posted here, and it might save others the pain.

Miguel.

On May 21, 1:16 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Miguel,
>
> Your signature base string is off by just a little bit here -- you're
> globbing the query parameter "count" on to the original URL when it should
> be separated out.. the query string part of the URL should be represented
> only as key/value pairs, sorted with the other OAuth parameters. Your
> sorting here is correct, it's just that you're including the encoded "?"
> mark here. Had this been a parameter that would have started with a "p", for
> example, you'd have that parameter following the oauth_* parameters.
>
> Here's an example of a signature base string with this encoded correctly
> (though using different keys):
>
> GET&http%3A%2F%2Fapi.twitter.com
> %2F1%2Fstatuses%2Fhome_timeline.json&count%3D200%26oauth_consumer_key%3Dri8 
> JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DcafnvEsPqnuVgXbqDqaw1X2SFvTSd9wYjpF5ZtH 
> ruFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274462075%26 
> oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_vers 
> ion%3D1.0
>
> Hope this helps!
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
>
> On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
> <miguel.de.ic...@gmail.com>wrote:
>
>
>
> > Hello folks,
>
> >    I have my client speaking OAuth to twitter for the entire initial
> > dance up to getting my access token.
>
> >    But once I try using the access token to call:
> >http://api.twitter.com/1/statuses/mentions.json?count=200
>
> >    All I get from twitter is a 401 with the following body:
>
> > {"request":"/1/statuses/mentions.json?count=200","error":"Incorrect
> > signature"}
>
> >    I followed the steps described here:http://dev.twitter.com/pages/
> > auth and just assumed that since there is no content, the value for
> > computing the signature is not needed.
>
> > GET&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
> > %3Fcount%3D200&oauth_consumer_key%3D***********%26oauth_nonce
> > %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**********
> > %26oauth_version%3D1.0
>
> > My composite signature is made of my consumer secret (from the twitter
> > app page) and the oauth_token_secret returned by the acquire access
> > token process
>
> > This is what ends up in the HTTP traffic, when I  append the
> > oauth_signature:
> > GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
> > authorization: OAuth
>
> > oauth_consumer_key="******",oauth_nonce="r3cy0enwrqeq1qns",oauth_signature_ 
> > method="HMAC-
> > SHA1",oauth_timestamp="1274461098",oauth_token="823083-
> > *******",oauth_version="1.0",oauth_signature="dGhefwoSaiSQ0XMSswJ1UdPtkeI
> > %3D"
> > Connection: keep-alive
> > Host: api.twitter.com
>
> > Any ideas on what I am doing wrong?

Reply via email to