Hi Ivan, With OAuth you have to choose either to use header-based auth or query-string auth. Here you're doing both simultaneously. Your POST to api.twitter.com/oauth/request_token shouldn't include any of the oauth_* parameters. Also worth noting that the force_login=true parameter does not apply to the request token step and should be omitted.
Hope this helps, Taylor On Tue, Jul 27, 2010 at 10:23 AM, ivan_m5 <i.mis...@gmail.com> wrote: > Hi everybody, > > I have my own Objective-C OAuth library. It's working pretty well for > habrahabr.ru and hyves.nl currently. > But I'm unable to get it work with Twitter. > I've come across a lot of postings around here regarding users unable > to obtain temporary request token. > > I've validated my request at > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ > and signature is calculated OK. > > Here's my POST data (adapted so that I can validate request at the > page above): > > POST > https://api.twitter.com/oauth/request_token?force_login=true&oauth_callback=http%3A//localhost/x-oauth-mobile-success/ > consumer_secret="T5GW1wAGewlFY9CIyYXmYvGApQQHM3cez20Risxc" > base_string=POST&https%3A%2F%2Fapi.twitter.com%2Foauth > %2Frequest_token&force_login%3Dtrue%26oauth_callback%3Dhttp%253A%252F > %252Flocalhost%252Fx-oauth-mobile-success%252F%26oauth_consumer_key > %3Dg4kGtt9OflmGNGfEPQAaw%26oauth_nonce > %3D37071428662683%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1280250833%26oauth_token%3D%26oauth_version > %3D1.0 > DIGEST=eZg+qEBXeFDSfFq6Chxyt9/3pvU= > > And the header: > Authorization: OAuth realm="https://api.twitter.com/oauth/ > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw", > oauth_token="", oauth_signature_method="HMAC-SHA1", > oauth_timestamp="1280250833", oauth_nonce="37071428662683", > oauth_version="1.0", oauth_signature="eZg%2BqEBXeFDSfFq6Chxyt9%2F3pvU > %3D" > > And the response is: > ========================================= > 401 unauthorized > Server=hi > Vary=Accept-Encoding > Last-Modified=Tue, 27 Jul 2010 17:15:31 GMT > Cache-Control=no-cache, no-store, must-revalidate, pre-check=0, post- > check=0 > X-Revision=DEV > Status=401 Unauthorized > Date=Tue, 27 Jul 2010 17:15:31 GMT > Expires=Tue, 31 Mar 1981 05:00:00 GMT > Pragma=no-cache > X-Runtime=0.00686 > X-Transaction=1280250931-50619-29066 > Set- > > Cookie=_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNrj5hQqASIKZmxhc2hJQzonQWN0aW9uQ29u > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWUx > %250ANTY3YmQ0MTdmOGY3ZDQxMWY1NDNjNDIzOThmNDRl-- > eeba367f81559ae97d63fddfa8df09251ceab44f; domain=.twitter.com; path=/ > Content-Encoding=gzip > Content-Length=62 > Content-Type=text/html; charset=utf-8 > Connection=close > > Failed to validate oauth signature and token > ========================================= > > Are there issues on server-side? Thanks in advance. >