OK, I just substituted sample OAuth parameters found here http://dev.twitter.com/pages/auth to my application, and I get exactly the same oauth_signature string:
key=MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98& text=POST&https%3A%2F%2Fapi.twitter.com%2Foauth %2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost %253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id %253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce %3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0 DIGEST=8wUi7m5HFQy76nowoCThusfgB+Q= POST https://api.twitter.com/oauth/request_token Authorization: OAuth realm="https://api.twitter.com/oauth/ request_token", oauth_consumer_key="GDdmIQH6jhtmLUypg82g", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272323042", oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", oauth_version="1.0", oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance %2Fprocess_callback%3Fservice_provider_id%3D11", oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D" And the response: 401 unauthorized X-Transaction=1280265543-37398-24961 Failed to validate oauth signature and token So I calculate oauth_signature correctly. Could anyone please confirm everything is fine on server side? Thank you very much. On Jul 27, 9:14 pm, ivan_m5 <i.mis...@gmail.com> wrote: > Hi Taylor, > Thank you for your prompt reply. > Yes, I'm typically not sending oauth_callback in query string. I > adapted my example so that it produces exactly the same digest string > as tool on hueniverse.com site does. > If I remove these parameters from query string and add oauth_callback > to Authorization header, > then the request looks like: > > key=T5GW1w.....ez20Risxc& > text=POST&https%3A%2F%2Fapi.twitter.com%2Foauth > %2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Fx- > oauth-mobile-success%252F%26oauth_consumer_key%3Dg4kGtt9OflmGNGfEPQAaw > %26oauth_nonce%3D9373543318877%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1280253286%26oauth_version%3D1.0 > DIGEST=LXjNC7POr5UvNJkGY1n0kT0eoxI= > > POSThttps://api.twitter.com/oauth/request_token > Authorization: OAuth realm="https://api.twitter.com/oauth/ > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280253286", > oauth_nonce="9373543318877", oauth_version="1.0", oauth_callback="http > %3A%2F%2Flocalhost%2Fx-oauth-mobile-success%2F", > oauth_signature="LXjNC7POr5UvNJkGY1n0kT0eoxI%3D" > > but the the response is still > 401 unauthorized > X-Transaction=1280253382-1460-49113 > Failed to validate oauth signature and token > > (I'm using temporary application and will reset its consumer secret > key shortly, so no need to worry. I'm just trying to provide as much > data as possible so that request could be validated if this could help > solving issue) > > Any ideas? > Are there working Twitter apps currently which use OAuth? > > Thanks a lot! > > On Jul 27, 8:30 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > > Hi Ivan, > > > With OAuth you have to choose either to use header-based auth or > > query-string auth. Here you're doing both simultaneously. Your POST to > > api.twitter.com/oauth/request_token shouldn't include any of the oauth_* > > parameters. Also worth noting that the force_login=true parameter does not > > apply to the request token step and should be omitted. > > > Hope this helps, > > Taylor > > > On Tue, Jul 27, 2010 at 10:23 AM, ivan_m5 <i.mis...@gmail.com> wrote: > > > Hi everybody, > > > > I have my own Objective-C OAuth library. It's working pretty well for > > > habrahabr.ru and hyves.nl currently. > > > But I'm unable to get it work with Twitter. > > > I've come across a lot of postings around here regarding users unable > > > to obtain temporary request token. > > > > I've validated my request at > > >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... > > > and signature is calculated OK. > > > > Here's my POST data (adapted so that I can validate request at the > > > page above): > > > > POST > > >https://api.twitter.com/oauth/request_token?force_login=true&oauth_ca... > > > consumer_secret="T5GW1wAGewlFY9CIyYXmYvGApQQHM3cez20Risxc" > > > base_string=POST&https%3A%2F%2Fapi.twitter.com%2Foauth > > > %2Frequest_token&force_login%3Dtrue%26oauth_callback%3Dhttp%253A%252F > > > %252Flocalhost%252Fx-oauth-mobile-success%252F%26oauth_consumer_key > > > %3Dg4kGtt9OflmGNGfEPQAaw%26oauth_nonce > > > %3D37071428662683%26oauth_signature_method%3DHMAC- > > > SHA1%26oauth_timestamp%3D1280250833%26oauth_token%3D%26oauth_version > > > %3D1.0 > > > DIGEST=eZg+qEBXeFDSfFq6Chxyt9/3pvU= > > > > And the header: > > > Authorization: OAuth realm="https://api.twitter.com/oauth/ > > > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw", > > > oauth_token="", oauth_signature_method="HMAC-SHA1", > > > oauth_timestamp="1280250833", oauth_nonce="37071428662683", > > > oauth_version="1.0", oauth_signature="eZg%2BqEBXeFDSfFq6Chxyt9%2F3pvU > > > %3D" > > > > And the response is: > > > ========================================= > > > 401 unauthorized > > > Server=hi > > > Vary=Accept-Encoding > > > Last-Modified=Tue, 27 Jul 2010 17:15:31 GMT > > > Cache-Control=no-cache, no-store, must-revalidate, pre-check=0, post- > > > check=0 > > > X-Revision=DEV > > > Status=401 Unauthorized > > > Date=Tue, 27 Jul 2010 17:15:31 GMT > > > Expires=Tue, 31 Mar 1981 05:00:00 GMT > > > Pragma=no-cache > > > X-Runtime=0.00686 > > > X-Transaction=1280250931-50619-29066 > > > Set- > > > > Cookie=_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNrj5hQqASIKZmxhc2hJQzonQWN0aW9uQ29u > > > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWUx > > > %250ANTY3YmQ0MTdmOGY3ZDQxMWY1NDNjNDIzOThmNDRl-- > > > eeba367f81559ae97d63fddfa8df09251ceab44f; domain=.twitter.com; path=/ > > > Content-Encoding=gzip > > > Content-Length=62 > > > Content-Type=text/html; charset=utf-8 > > > Connection=close > > > > Failed to validate oauth signature and token > > > ========================================= > > > > Are there issues on server-side? Thanks in advance. > >