First Leonardo, If that's your real consumer secret, you're going to want to go and regenerate your API keys *ASAP*.
Looking at what you've sent along, it looks like you're pretty close to getting this right. Your timestamp is verbose as far as the OAuth standard is concerned -- it should be in seconds and not in milliseconds. Also ensure that your server time is in sync with Twitter's: we return our current server time in a header on every response. I notice you have your signature base string at the end of the email: is this being sent as a POST body or is it just in your email? It shouldn't be sent, if so. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles < [email protected]> wrote: > Hello gentlemans, > > I'm working on a client twitter that uses HTTP proxy in Java. I struggling > with the OAuth request_token that returns me HTTP 401 Unauthorized. > > Consumer key="3P1dah6urSdAo9voKDJDA" > > twitterURL=[https://api.twitter.com/oauth/request_token] > > authorizationData=[OAuth realm="api.twitter.com", > oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA", > oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", > oauth_signature_method="HMAC-SHA1", > oaut > h_timestamp="1276235403668", oauth_version="1.0", > oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"] > > basedata=[POST&https%3A%2F%2Fapi.twitter.com > %2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me > thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] > > And it returns the error: errorStream=[Failed to validate oauth signature > and token] > > In order to check what I'm sending, I create a HttpListener and redirected > the "api.twitter.com" to localhost:8000 and here is the header. > > Any suggestion is very welcome. > > POST /oauth/request_token HTTP/1.1 > Authorization: OAuth realm="api.twitter.com", oauth_callback="oob", > oauth_consumer_key="3P1dah6urSdAo9voKDJDA", > oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594", > oauth_version="1.0", > oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D" > User-Agent: Java/1.6.0_20 > Host: localhost:8000 > Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 > Connection: keep-alive > Content-type: application/x-www-form-urlencoded > Content-Length: 266 > > > POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau > th_version%3D1.0. > > Best regards, > Leo Meirelles >
