Hi Ivan,

Everything is working server side, but OAuth is a picky beast sometimes.

That your signature generation is repeatedly valid is great. You can dismiss
that from the list of things that can go wrong.

What else could go wrong?
  * Your system clock could be considerably behind or ahead of our servers.
We return the current time in a response header to every request. Take that
time, compare it to the clock on your computer and adjust as needed.
  * Some other problem with how your request is being issued and sent. Are
you setting a Content-Type header of application/x-www-form-urlencoded? Do
you have any linebreaks in your HTTP header? Are you really sending a POST?
Are you sending any kind of a POST body with the request?

Taylor


On Tue, Jul 27, 2010 at 2:28 PM, ivan_m5 <i.mis...@gmail.com> wrote:

> OK, I just substituted sample OAuth parameters found here
> http://dev.twitter.com/pages/auth
> to my application, and I get exactly the same oauth_signature string:
>
>        key=MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98&
>         text=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost
> %253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id
> %253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce
> %3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method
> %3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
>        DIGEST=8wUi7m5HFQy76nowoCThusfgB+Q=
>
> POST https://api.twitter.com/oauth/request_token
> Authorization: OAuth realm="https://api.twitter.com/oauth/
> request_token",
>         oauth_consumer_key="GDdmIQH6jhtmLUypg82g",
>         oauth_signature_method="HMAC-SHA1",
>         oauth_timestamp="1272323042",
>        oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk",
>        oauth_version="1.0",
>        oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance
> %2Fprocess_callback%3Fservice_provider_id%3D11",
>        oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D"
>
> And the response:
> 401 unauthorized
> X-Transaction=1280265543-37398-24961
> Failed to validate oauth signature and token
>
> So I calculate oauth_signature correctly.
>
> Could anyone please confirm everything is fine on server side?
>
> Thank you very much.
>
>
> On Jul 27, 9:14 pm, ivan_m5 <i.mis...@gmail.com> wrote:
> > Hi Taylor,
> > Thank you for your prompt reply.
> > Yes, I'm typically not sending oauth_callback in query string. I
> > adapted my example so that it produces exactly the same digest string
> > as tool on hueniverse.com site does.
> > If I remove these parameters from query string and add oauth_callback
> > to Authorization header,
> > then the request looks like:
> >
> >         key=T5GW1w.....ez20Risxc&
> >         text=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Fx-
> > oauth-mobile-success%252F%26oauth_consumer_key%3Dg4kGtt9OflmGNGfEPQAaw
> > %26oauth_nonce%3D9373543318877%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1280253286%26oauth_version%3D1.0
> >         DIGEST=LXjNC7POr5UvNJkGY1n0kT0eoxI=
> >
> > POSThttps://api.twitter.com/oauth/request_token
> > Authorization: OAuth realm="https://api.twitter.com/oauth/
> > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw",
> > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280253286",
> > oauth_nonce="9373543318877", oauth_version="1.0", oauth_callback="http
> > %3A%2F%2Flocalhost%2Fx-oauth-mobile-success%2F",
> > oauth_signature="LXjNC7POr5UvNJkGY1n0kT0eoxI%3D"
> >
> > but the the response is still
> > 401 unauthorized
> > X-Transaction=1280253382-1460-49113
> > Failed to validate oauth signature and token
> >
> > (I'm using temporary application and will reset its consumer secret
> > key shortly, so no need to worry. I'm just trying to provide as much
> > data as possible so that request could be validated if this could help
> > solving issue)
> >
> > Any ideas?
> > Are there working Twitter apps currently which use OAuth?
> >
> > Thanks a lot!
> >
> > On Jul 27, 8:30 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> > wrote:
> >
> > > Hi Ivan,
> >
> > > With OAuth you have to choose either to use header-based auth or
> > > query-string auth. Here you're doing both simultaneously. Your POST to
> > > api.twitter.com/oauth/request_token shouldn't include any of the
> oauth_*
> > > parameters. Also worth noting that the force_login=true parameter does
> not
> > > apply to the request token step and should be omitted.
> >
> > > Hope this helps,
> > > Taylor
> >
> > > On Tue, Jul 27, 2010 at 10:23 AM, ivan_m5 <i.mis...@gmail.com> wrote:
> > > > Hi everybody,
> >
> > > > I have my own Objective-C OAuth library. It's working pretty well for
> > > > habrahabr.ru and hyves.nl currently.
> > > > But I'm unable to get it work with Twitter.
> > > > I've come across a lot of postings around here regarding users unable
> > > > to obtain temporary request token.
> >
> > > > I've validated my request at
> > > >
> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> > > > and signature is calculated OK.
> >
> > > > Here's my POST data (adapted so that I can validate request at the
> > > > page above):
> >
> > > > POST
> > > >
> https://api.twitter.com/oauth/request_token?force_login=true&oauth_ca...
> > > > consumer_secret="T5GW1wAGewlFY9CIyYXmYvGApQQHM3cez20Risxc"
> > > > base_string=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > > %2Frequest_token&force_login%3Dtrue%26oauth_callback%3Dhttp%253A%252F
> > > > %252Flocalhost%252Fx-oauth-mobile-success%252F%26oauth_consumer_key
> > > > %3Dg4kGtt9OflmGNGfEPQAaw%26oauth_nonce
> > > > %3D37071428662683%26oauth_signature_method%3DHMAC-
> > > > SHA1%26oauth_timestamp%3D1280250833%26oauth_token%3D%26oauth_version
> > > > %3D1.0
> > > > DIGEST=eZg+qEBXeFDSfFq6Chxyt9/3pvU=
> >
> > > > And the header:
> > > > Authorization: OAuth realm="https://api.twitter.com/oauth/
> > > > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw",
> > > > oauth_token="", oauth_signature_method="HMAC-SHA1",
> > > > oauth_timestamp="1280250833", oauth_nonce="37071428662683",
> > > > oauth_version="1.0", oauth_signature="eZg%2BqEBXeFDSfFq6Chxyt9%2F3pvU
> > > > %3D"
> >
> > > > And the response is:
> > > > =========================================
> > > > 401 unauthorized
> > > > Server=hi
> > > > Vary=Accept-Encoding
> > > > Last-Modified=Tue, 27 Jul 2010 17:15:31 GMT
> > > > Cache-Control=no-cache, no-store, must-revalidate, pre-check=0, post-
> > > > check=0
> > > > X-Revision=DEV
> > > > Status=401 Unauthorized
> > > > Date=Tue, 27 Jul 2010 17:15:31 GMT
> > > > Expires=Tue, 31 Mar 1981 05:00:00 GMT
> > > > Pragma=no-cache
> > > > X-Runtime=0.00686
> > > > X-Transaction=1280250931-50619-29066
> > > > Set-
> >
> > > >
> Cookie=_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNrj5hQqASIKZmxhc2hJQzonQWN0aW9uQ29u
> > > > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWUx
> > > > %250ANTY3YmQ0MTdmOGY3ZDQxMWY1NDNjNDIzOThmNDRl--
> > > > eeba367f81559ae97d63fddfa8df09251ceab44f; domain=.twitter.com;
> path=/
> > > > Content-Encoding=gzip
> > > > Content-Length=62
> > > > Content-Type=text/html; charset=utf-8
> > > > Connection=close
> >
> > > > Failed to validate oauth signature and token
> > > > =========================================
> >
> > > > Are there issues on server-side? Thanks in advance.
> >
> >
>

Reply via email to