Thanks Raffi,

I'll check that library out. I didn't know there were libraries I
could use.

On Jul 6, 7:23 am, Raffi Krikorian <ra...@twitter.com> wrote:
> hi carlos.
>
> i'm sorry that i'm not sure i can help to debug this code right now.  if you
> are going to insist on creating your own functions to do the oauth
> signature, please 
> consulthttp://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> its a great interactive walk through.  however, i would
> *strongly* recommend using a library if possible.  a simple google search
> turned uphttp://oauth.riaforge.org/.
>
> On Mon, Jul 5, 2010 at 10:42 AM, Carlos Villarreal Mora 
> <cvm...@gmail.com>wrote:
>
>
>
> > Hello I've been trying to solve this since Friday to no avail. I've
> > searched and used tips from a bunch of other discussions here but I
> > still haven't gotten it right.
>
> > I'm using ColdFusion 8 to generate my OAuth signature. These are the
> > tweaks I've done from tips in this discussion list:
> > 1) For the timestamp I convert to UTC time with this function:
> >        var nowUTC = dateConvert('local2UTC', now());
> >        var epochStart = CreateDateTime('1970','1','1','00','00','00');
> >        var timestamp = dateDiff("s", epochStart, nowUTC);
>
> >        This results in these values:
> >        nowUTC = {ts '2010-07-05 17:22:30'}
> >        epochStart = {ts '1970-01-01 00:00:00'}
> >        timestamp = 1278346950
>
> > 2) For the Nonce I use ColdFusion's createUUID function and then,
> > based on this (http://www.cflib.org/udf/CreateGUID) from CFLib.org I
> > convert that UUID into a GUID like so:
> >        var uuid = createUUID();
> >        //Convert the UUID to a GUID by inserting a dash in the 23rd
> > position
> >        var nonce = insert("-", uuid, 23);
>
> >        This is an example of a resulting nonce:
> >        A3A1648E-F1F0-4032-75F4-712F676BE7E6
>
> > 3) The most difficult part, and where I'm sure the error is, is the
> > SHA1 hashing, ColdFusion sucks at it so I'm using Java in the
> > function:
> >        <cffunction name="javaHMAC" returntype="string" access="public"
> > output="false">
> >                <cfargument name="signKey"       type="string"
> > required="true" />
> >                <cfargument name="signMessage" type="string" required="true"
> > />
> >                <cfscript>
> >                        var jMsg =
> > javaCast("string",arguments.signMessage).getBytes("UTF8");
> >                        var jKey =
> > javaCast("string",arguments.signKey).getBytes("UTF8");
> >                        var key  =
> > createObject("java","javax.crypto.spec.SecretKeySpec");
> >                        var mac  = createObject("java","javax.crypto.Mac");
> >                        var ret  = "";
>
> >                        key = key.init(jKey,"HmacSHA1");
> >                        mac = mac.getInstance(key.getAlgorithm());
> >                        mac.init(key);
> >                        mac.update(jMsg);
>
> >                        ret = lCase(binaryEncode(mac.doFinal(), 'Hex'));
>
> >                        return(ret);
> >                </cfscript>
> >        </cffunction>
>
> > When I sign the base using my Consumer Secret appended by a "&" using
> > this function the result is something like this:
> > 01eb730a110b1e09ccc9bbff9dbca73c5047f4d4
>
> > Here's the Signature Base and the Header I create (my consumer key is
> > masked for security reasons):
> > - Signature Base:
> > POST&https%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest
> > %5Ftoken&oauth_callback%3Dhttp%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom
> > %2FTwitter%2FoAuth%2Ecfm%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxx
> > %26oauth_nonce%3DA394B8B8-
> > F1F0-4032-72C8-701CEC482A20%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1278328119
>
> > - OAuht Authorization Header:
> > OAuth oauth_nonce="A394B8B8-F1F0-4032-72C8-701CEC482A20",
> > oauth_callback="http%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom%2FTwitter
> > %2FoAuth%2Ecfm", oauth_signature_method="HMAC-SHA1",
> > oauth_timestamp="1278328119", oauth_consumer_key="xxxxxxxxxxx",
> > oauth_signature="4799dd5a6891474d603a3546c14e9b41ea47088d",
> > oauth_version="1.0"
>
> > There are no line breaks in either of them btw. Can anybody help me
> > with this? Try as I might I haven't been able to get beyond the
> > "Failed to validate oauth signature and token" response.
>
> > Thank you.
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi

Reply via email to