Yes, I will generate a new pair of keys (I was aware of it when I put it on the email), thanks for the reminder. So far I'm the only real user.
You help is really appreciate, I did two mistakes (well pointed out - in case someone else fall in the same problem): timestamp in millis instead of seconds and POST body (I was really send the post data). Thanks a lot Taylor! On Fri, Jun 11, 2010 at 10:19 AM, Taylor Singletary < taylorsinglet...@twitter.com> wrote: > First Leonardo, > > If that's your real consumer secret, you're going to want to go and > regenerate your API keys *ASAP*. > > Looking at what you've sent along, it looks like you're pretty close to > getting this right. > > Your timestamp is verbose as far as the OAuth standard is concerned -- it > should be in seconds and not in milliseconds. Also ensure that your server > time is in sync with Twitter's: we return our current server time in a > header on every response. > > I notice you have your signature base string at the end of the email: is > this being sent as a POST body or is it just in your email? It shouldn't be > sent, if so. > > Taylor Singletary > Developer Advocate, Twitter > http://twitter.com/episod > > > On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles < > pite...@gmail.com> wrote: > >> Hello gentlemans, >> >> I'm working on a client twitter that uses HTTP proxy in Java. I struggling >> with the OAuth request_token that returns me HTTP 401 Unauthorized. >> >> Consumer key="3P1dah6urSdAo9voKDJDA" >> >> twitterURL=[https://api.twitter.com/oauth/request_token] >> >> authorizationData=[OAuth realm="api.twitter.com", >> oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA", >> oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", >> oauth_signature_method="HMAC-SHA1", >> oaut >> h_timestamp="1276235403668", oauth_version="1.0", >> oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"] >> >> basedata=[POST&https%3A%2F%2Fapi.twitter.com >> %2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me >> thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] >> >> And it returns the error: errorStream=[Failed to validate oauth signature >> and token] >> >> In order to check what I'm sending, I create a HttpListener and redirected >> the "api.twitter.com" to localhost:8000 and here is the header. >> >> Any suggestion is very welcome. >> >> POST /oauth/request_token HTTP/1.1 >> Authorization: OAuth realm="api.twitter.com", oauth_callback="oob", >> oauth_consumer_key="3P1dah6urSdAo9voKDJDA", >> oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd", >> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594", >> oauth_version="1.0", >> oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D" >> User-Agent: Java/1.6.0_20 >> Host: localhost:8000 >> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 >> Connection: keep-alive >> Content-type: application/x-www-form-urlencoded >> Content-Length: 266 >> >> >> POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau >> th_version%3D1.0. >> >> Best regards, >> Leo Meirelles >> > > -- Do you know the difference between look something amazing and touch it? Think about Jennifer Aniston... (K.V.)