Hi,
   I've been trying to work through the OAuth steps presented at
http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for
base-string generation is given as

httpMethod + "&" +
 url_encode(  base_uri ) + "&" +
 sorted_query_params.each  { | k, v |
     url_encode ( k ) + "%3D" +
     url_encode ( v )
 }.join("%26")

 But, this doesn't seem to work with the params on the example. The example
has baseString = POST&https%3A%2F%2Fapi.twitter.com
%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0

With the above algorithm, wouldn't the baseString end up as
"...&oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D..."?
The %3A seems to be getting encoded somehow to %253A in the example. I have
been able to get my result to match the example result by modifying the
algorithm to be

httpMethod + "&" +
 url_encode(  base_uri ) + "&" +
 url_encode(sorted_query_params.each  { | k, v |
     url_encode ( k ) + "=" +
     url_encode ( v )
 }.join("&"))

  Reading the comments at
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/,
it seems we should be doing a double url-encode? Is that right or am I
missing something (and this workaround is just working in this example)?


Regards
George

Reply via email to