You can't just send a header that's placed on a website - the
timestamp is old (127xxx series = VERY old) and the values used in the
request were most likely fake.

What I meant is that you should feed the values on that page into your
class/library, and then check whether oauth_signature is the same.

Tom


On Jul 31, 3:48 am, Stephen <jackroof...@gmail.com> wrote:
> Just going to chime in that I'm having the same problem with my own
> implementation, despite following the documentation exactly. Even
> sending the exact header that Tom linked to, "OAuth
> oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk",
> oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance
> %2Fprocess_callback%3Fservice_provider_id%3D11",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272323042",
> oauth_consumer_key="GDdmIQH6jhtmLUypg82g",
> oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D",
> oauth_version="1.0"", I'm still getting 401 Unauthorized returns from
> the server. The same thing happens when I try to use an existing
> library, which is why I turned to trying to make one myself to figure
> out what's causing this error.
>
> I've got my own post on this group with further details into my
> specific problem, but getting an answer to this one would help me as
> well.
>
> Stephen
>
> On Jul 30, 4:46 am, Andy Dixon <andy.di...@zxcreative.com> wrote:
>
>
>
>
>
>
>
> > Hello,
>
> > I'm trying to migrate my code across to using oAuth, and there is no class 
> > for oAuth in the language I use, so I'm having to drop in at the deep end.
>
> > At the moment, I am a bit stuck, I keep getting a 401 when I request a 
> > token.
>
> > I have created this as my signature base string:
>
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3DAXpCOWR4c2IZVlSGNXvdZg%26auth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26auth_signature_method%3DHMAC-SHA1%26auth_timestamp%3D1280511571%26auth_version%3D1.0
>
> > Created a signed hash of this, using my Consumer Secret
>
> > Base-64 encoded the hash since it was non-unicode
>
> > URL Encoded the Base-64 string
>
> > which then gives me:
>
> > oAuth oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", 
> > oauth_callback="oob", oauth_signature_method="HMAC-SHA1", 
> > oauth_timestamp="1280511571", oauth_consumer_key="AXpCOWR4c2IZVlSGNXvdZg", 
> > oauth_signature="4zCns2DZTQzmo2HpYY99dhJVl5A%3D", oauth_version="1.0"
>
> > But when I make the POST request with the above set, I still get a 401 
> > Unauthorised.
>
> > Could someone steer me in the right direction please?
>
> > Thanks :)
>
> > Andy

Reply via email to