Ok... here is what I cam up with using the keys and secrets you
provided in your previous post

Base String is:

GET&https%3A%2F%2Fapi.twitter.com%2F1%2Faccount
%2Fverify_credentials.json&oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g
%26oauth_nonce
%3D702fab381be61bb60f210dd07d80be722da33f05%26oauth_signature_method
%3DHMAC-SHA1%26oauth_token%3D819797-
Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw%26oauth_timestamp
%3D1281551596%26oauth_version%3D1.0

consumersecret&usersecret is:
MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98&J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA

Thus the non-url encoded signature would be:
XUNmLwpiC2W0xyrxPs4yAMmHO9c=

And the HTTP header would be (signature is URL encoded):

Authorization: OAuth oauth_consumer_key="GDdmIQH6jhtmLUypg82g",
oauth_nonce="702fab381be61bb60f210dd07d80be722da33f05",
oauth_signature_method="HMAC-SHA1",
oauth_signature="XUNmLwpiC2W0xyrxPs4yAMmHO9c%3D",
oauth_token="819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw",
oauth_timestamp="1281551596",
oauth_version="1.0"

Let me know if you came up with the same thing


On Aug 11, 10:00 am, Tom van der Woerdt <i...@tvdw.eu> wrote:
> On 8/11/10 5:52 PM, isaiah1112 wrote:
>
>
>
>
>
> > I have been developing a complete OAuth Library for Twitter in
> > AppleScript (I know, some people thought it was impossible but it
> > isn't).  The trouble is, I can authorize OAuth and get my token and
> > secret from Twitter without any issues. However, once I try to make a
> > call to the API the script will not validate my signature.  I am using
> > the exact same methods to create my base string and signature that I
> > used to authorize OAuth so I know it has to be an issue with either my
> > header or base string parameters for this call...  If someone could
> > look this over and tell me if everything checks out that would be
> > great!
>
> > This is a simple call to gethttps://api.twitter.com/1/direct_messages.xml
> > api....
>
> > Base string is
>
> > GET&https%3A%2F%2Fapi.twitter.com
> > %2F1%2Fdirect_messages.xml&oauth_consumer_key%3D2qKWThvrdoDBKeQCmIMA2w
> > %26oauth_nonce
> > %3D28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1%26oauth_signature_method
> > %3DHMAC-SHA1%26oauth_token%3D90908405-
> > B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ%26oauth_timestamp
> > %3D1281541844%26oauth_version%3D1.0
>
> > The header for this call is listed as
>
> > Authorization: OAuth oauth_consumer_key="2qKWThvrdoDBKeQCmIMA2w",
> > oauth_nonce="28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1",
> > oauth_signature_method="HMAC-SHA1",
> > oauth_signature="%2B8UDpXZN9SwZsUBsFNv%2B518sLg0%3D",
> > oauth_token="90908405-B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ",
> > oauth_timestamp="1281541844",
> > oauth_version="1.0"
>
> > If you would like any other information to test this out for yourself
> > please let me know!
>
> If your code works with non-authorized requests and not with authorized
> ones, then I think that the issue would have to be with generating your
> "key". Make sure that you use <consumer secret>&<user secret>.
>
> If this is not the case, then please try generating a signature for
> verify_credentials.json, using the consumer key "GDdmIQH6jhtmLUypg82g",
> consumer secret "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", user
> token "819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw" and user
> secret "J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA". Please post the base
> string and the signature which you generate.
>
> Tom
>
> PS: Those keys which I named aren't actual keys, I took them from
> dev.twitter.com.

Reply via email to