Re: [twitter-dev] Invalid signature - but it's fine

Tue, 22 Jun 2010 12:32:54 -0700 

Hi Tom,

I'm happy to help diagnose this, but need a couple pieces more information
-- you may want to use more "fake details" to make this process easy for me
to replicate -- in addition to the access token, the access token secret
would be necessary to recreate this request (are you utilizing the access
token secret when generating your signature?)

Your signature base string and authorization header look otherwise correct.

Taylor



On Tue, Jun 22, 2010 at 11:12 AM, Tom <allerleiga...@gmail.com> wrote:

> Hi all,
>
> I'm trying to write a simple Twitter client but so far I'm not making
> a lot of progress.
>
> I already got as far as retrieving the timeline, but I seem to be
> unable to sign the request. When I re-calculate the signature with a
> different application, it's exactly the same. Yet Twitter reports that
> it's wrong! ("Incorrect signature" with a 401 error)
>
> Of course, I'm using a proper secret and not the one below, but that
> one was used to calculate the signature for the request below.
>
> Can anyone confirm that I'm using the proper signature? Information is
> below.
>
> Debug information :
> URL: http://api.twitter.com/1/statuses/home_timeline.json
> Token: 18911703-HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU
> Customer key: QetEw0FtIfvaNyBfgxRYmw
> Secret: this_has_been_used_as_the_secret
> Nonce: jOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE
> Time: 1277230019
> Version: 1.0
>
> Signature: aiUvshdfeRz2Z6G6a9DkYDbXJEc=
> Str1: GET&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> %2Fhome_timeline.json&oauth_consumer_key%3DQetEw0FtIfvaNyBfgxRYmw
> %26oauth_nonce%3DjOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1277230019%26oauth_token%3D18911703-
> HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU%26oauth_version%3D1.0
> Str2: OAuth oauth_signature="aiUvshdfeRz2Z6G6a9DkYDbXJEc%3D",
> oauth_version="1.0", oauth_signature_method="HMAC-SHA1",
> oauth_nonce="jOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE",
> oauth_consumer_key="QetEw0FtIfvaNyBfgxRYmw",
> oauth_timestamp="1277230019", oauth_token="18911703-
> HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU"
> No post body.
>
> Tom
>

Reply via email to