First Leonardo,

If that's your real consumer secret, you're going to want to go and
regenerate your API keys *ASAP*.

Looking at what you've sent along, it looks like you're pretty close to
getting this right.

Your timestamp is verbose as far as the OAuth standard is concerned -- it
should be in seconds and not in milliseconds. Also ensure that your server
time is in sync with Twitter's: we return our current server time in a
header on every response.

I notice you have your signature base string at the end of the email: is
this being sent as a POST body or is it just in your email? It shouldn't be
sent, if so.

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles <
pite...@gmail.com> wrote:

> Hello gentlemans,
>
> I'm working on a client twitter that uses HTTP proxy in Java. I struggling
> with the OAuth request_token that returns me HTTP 401 Unauthorized.
>
> Consumer key="3P1dah6urSdAo9voKDJDA"
>
> twitterURL=[https://api.twitter.com/oauth/request_token]
>
> authorizationData=[OAuth realm="api.twitter.com",
> oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA",
> oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", 
> oauth_signature_method="HMAC-SHA1",
> oaut
> h_timestamp="1276235403668", oauth_version="1.0",
> oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"]
>
> basedata=[POST&https%3A%2F%2Fapi.twitter.com
> %2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me
> thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0]
>
> And it returns the error: errorStream=[Failed to validate oauth signature
> and token]
>
> In order to check what I'm sending, I create a HttpListener and redirected
> the "api.twitter.com"  to localhost:8000 and here is the header.
>
> Any suggestion is very welcome.
>
> POST /oauth/request_token HTTP/1.1
> Authorization: OAuth realm="api.twitter.com", oauth_callback="oob",
> oauth_consumer_key="3P1dah6urSdAo9voKDJDA",
> oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594",
> oauth_version="1.0",
> oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D"
> User-Agent: Java/1.6.0_20
> Host: localhost:8000
> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
> Connection: keep-alive
> Content-type: application/x-www-form-urlencoded
> Content-Length: 266
>
>
> POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau
> th_version%3D1.0.
>
> Best regards,
> Leo Meirelles
>

Reply via email to