OK, I just substituted sample OAuth parameters found here
http://dev.twitter.com/pages/auth
to my application, and I get exactly the same oauth_signature string:
key=MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98&
text=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost
%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id
%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce
%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
DIGEST=8wUi7m5HFQy76nowoCThusfgB+Q=
POST https://api.twitter.com/oauth/request_token
Authorization: OAuth realm="https://api.twitter.com/oauth/
request_token",
oauth_consumer_key="GDdmIQH6jhtmLUypg82g",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1272323042",
oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk",
oauth_version="1.0",
oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance
%2Fprocess_callback%3Fservice_provider_id%3D11",
oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D"
And the response:
401 unauthorized
X-Transaction=1280265543-37398-24961
Failed to validate oauth signature and token
So I calculate oauth_signature correctly.
Could anyone please confirm everything is fine on server side?
Thank you very much.
On Jul 27, 9:14 pm, ivan_m5 <i.mis...@gmail.com> wrote:
> Hi Taylor,
> Thank you for your prompt reply.
> Yes, I'm typically not sending oauth_callback in query string. I
> adapted my example so that it produces exactly the same digest string
> as tool on hueniverse.com site does.
> If I remove these parameters from query string and add oauth_callback
> to Authorization header,
> then the request looks like:
>
> key=T5GW1w.....ez20Risxc&
> text=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Fx-
> oauth-mobile-success%252F%26oauth_consumer_key%3Dg4kGtt9OflmGNGfEPQAaw
> %26oauth_nonce%3D9373543318877%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1280253286%26oauth_version%3D1.0
> DIGEST=LXjNC7POr5UvNJkGY1n0kT0eoxI=
>
> POSThttps://api.twitter.com/oauth/request_token
> Authorization: OAuth realm="https://api.twitter.com/oauth/
> request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280253286",
> oauth_nonce="9373543318877", oauth_version="1.0", oauth_callback="http
> %3A%2F%2Flocalhost%2Fx-oauth-mobile-success%2F",
> oauth_signature="LXjNC7POr5UvNJkGY1n0kT0eoxI%3D"
>
> but the the response is still
> 401 unauthorized
> X-Transaction=1280253382-1460-49113
> Failed to validate oauth signature and token
>
> (I'm using temporary application and will reset its consumer secret
> key shortly, so no need to worry. I'm just trying to provide as much
> data as possible so that request could be validated if this could help
> solving issue)
>
> Any ideas?
> Are there working Twitter apps currently which use OAuth?
>
> Thanks a lot!
>
> On Jul 27, 8:30 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>
> > Hi Ivan,
>
> > With OAuth you have to choose either to use header-based auth or
> > query-string auth. Here you're doing both simultaneously. Your POST to
> > api.twitter.com/oauth/request_token shouldn't include any of the oauth_*
> > parameters. Also worth noting that the force_login=true parameter does not
> > apply to the request token step and should be omitted.
>
> > Hope this helps,
> > Taylor
>
> > On Tue, Jul 27, 2010 at 10:23 AM, ivan_m5 <i.mis...@gmail.com> wrote:
> > > Hi everybody,
>
> > > I have my own Objective-C OAuth library. It's working pretty well for
> > > habrahabr.ru and hyves.nl currently.
> > > But I'm unable to get it work with Twitter.
> > > I've come across a lot of postings around here regarding users unable
> > > to obtain temporary request token.
>
> > > I've validated my request at
> > >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> > > and signature is calculated OK.
>
> > > Here's my POST data (adapted so that I can validate request at the
> > > page above):
>
> > > POST
> > >https://api.twitter.com/oauth/request_token?force_login=true&oauth_ca...
> > > consumer_secret="T5GW1wAGewlFY9CIyYXmYvGApQQHM3cez20Risxc"
> > > base_string=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Frequest_token&force_login%3Dtrue%26oauth_callback%3Dhttp%253A%252F
> > > %252Flocalhost%252Fx-oauth-mobile-success%252F%26oauth_consumer_key
> > > %3Dg4kGtt9OflmGNGfEPQAaw%26oauth_nonce
> > > %3D37071428662683%26oauth_signature_method%3DHMAC-
> > > SHA1%26oauth_timestamp%3D1280250833%26oauth_token%3D%26oauth_version
> > > %3D1.0
> > > DIGEST=eZg+qEBXeFDSfFq6Chxyt9/3pvU=
>
> > > And the header:
> > > Authorization: OAuth realm="https://api.twitter.com/oauth/
> > > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw",
> > > oauth_token="", oauth_signature_method="HMAC-SHA1",
> > > oauth_timestamp="1280250833", oauth_nonce="37071428662683",
> > > oauth_version="1.0", oauth_signature="eZg%2BqEBXeFDSfFq6Chxyt9%2F3pvU
> > > %3D"
>
> > > And the response is:
> > > =========================================
> > > 401 unauthorized
> > > Server=hi
> > > Vary=Accept-Encoding
> > > Last-Modified=Tue, 27 Jul 2010 17:15:31 GMT
> > > Cache-Control=no-cache, no-store, must-revalidate, pre-check=0, post-
> > > check=0
> > > X-Revision=DEV
> > > Status=401 Unauthorized
> > > Date=Tue, 27 Jul 2010 17:15:31 GMT
> > > Expires=Tue, 31 Mar 1981 05:00:00 GMT
> > > Pragma=no-cache
> > > X-Runtime=0.00686
> > > X-Transaction=1280250931-50619-29066
> > > Set-
>
> > > Cookie=_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNrj5hQqASIKZmxhc2hJQzonQWN0aW9uQ29u
> > > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWUx
> > > %250ANTY3YmQ0MTdmOGY3ZDQxMWY1NDNjNDIzOThmNDRl--
> > > eeba367f81559ae97d63fddfa8df09251ceab44f; domain=.twitter.com; path=/
> > > Content-Encoding=gzip
> > > Content-Length=62
> > > Content-Type=text/html; charset=utf-8
> > > Connection=close
>
> > > Failed to validate oauth signature and token
> > > =========================================
>
> > > Are there issues on server-side? Thanks in advance.
>
>
