On 8/11/10 8:38 PM, isaiah1112 wrote:
> Ok... here is what I cam up with using the keys and secrets you
> provided in your previous post
> 
> Base String is:
> 
> GET&https%3A%2F%2Fapi.twitter.com%2F1%2Faccount
> %2Fverify_credentials.json&oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g
> %26oauth_nonce
> %3D702fab381be61bb60f210dd07d80be722da33f05%26oauth_signature_method
> %3DHMAC-SHA1%26oauth_token%3D819797-
> Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw%26oauth_timestamp
> %3D1281551596%26oauth_version%3D1.0
> 
> consumersecret&usersecret is:
> MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98&J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA
> 
> Thus the non-url encoded signature would be:
> XUNmLwpiC2W0xyrxPs4yAMmHO9c=
> 
> And the HTTP header would be (signature is URL encoded):
> 
> Authorization: OAuth oauth_consumer_key="GDdmIQH6jhtmLUypg82g",
> oauth_nonce="702fab381be61bb60f210dd07d80be722da33f05",
> oauth_signature_method="HMAC-SHA1",
> oauth_signature="XUNmLwpiC2W0xyrxPs4yAMmHO9c%3D",
> oauth_token="819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw",
> oauth_timestamp="1281551596",
> oauth_version="1.0"
> 
> Let me know if you came up with the same thing
> 
> 
> On Aug 11, 10:00 am, Tom van der Woerdt <i...@tvdw.eu> wrote:
>> On 8/11/10 5:52 PM, isaiah1112 wrote:
>>
>>
>>
>>
>>
>>> I have been developing a complete OAuth Library for Twitter in
>>> AppleScript (I know, some people thought it was impossible but it
>>> isn't).  The trouble is, I can authorize OAuth and get my token and
>>> secret from Twitter without any issues. However, once I try to make a
>>> call to the API the script will not validate my signature.  I am using
>>> the exact same methods to create my base string and signature that I
>>> used to authorize OAuth so I know it has to be an issue with either my
>>> header or base string parameters for this call...  If someone could
>>> look this over and tell me if everything checks out that would be
>>> great!
>>
>>> This is a simple call to gethttps://api.twitter.com/1/direct_messages.xml
>>> api....
>>
>>> Base string is
>>
>>> GET&https%3A%2F%2Fapi.twitter.com
>>> %2F1%2Fdirect_messages.xml&oauth_consumer_key%3D2qKWThvrdoDBKeQCmIMA2w
>>> %26oauth_nonce
>>> %3D28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1%26oauth_signature_method
>>> %3DHMAC-SHA1%26oauth_token%3D90908405-
>>> B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ%26oauth_timestamp
>>> %3D1281541844%26oauth_version%3D1.0
>>
>>> The header for this call is listed as
>>
>>> Authorization: OAuth oauth_consumer_key="2qKWThvrdoDBKeQCmIMA2w",
>>> oauth_nonce="28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1",
>>> oauth_signature_method="HMAC-SHA1",
>>> oauth_signature="%2B8UDpXZN9SwZsUBsFNv%2B518sLg0%3D",
>>> oauth_token="90908405-B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ",
>>> oauth_timestamp="1281541844",
>>> oauth_version="1.0"
>>
>>> If you would like any other information to test this out for yourself
>>> please let me know!
>>
>> If your code works with non-authorized requests and not with authorized
>> ones, then I think that the issue would have to be with generating your
>> "key". Make sure that you use <consumer secret>&<user secret>.
>>
>> If this is not the case, then please try generating a signature for
>> verify_credentials.json, using the consumer key "GDdmIQH6jhtmLUypg82g",
>> consumer secret "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", user
>> token "819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw" and user
>> secret "J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA". Please post the base
>> string and the signature which you generate.
>>
>> Tom
>>
>> PS: Those keys which I named aren't actual keys, I took them from
>> dev.twitter.com.

Hi,

Using exactly the same values as you provided (including the base
string), I got XUNmLwpiC2W0xyrxPs4yAMmHO9c= as well.

However, when I applied sort(), I got zKLhRH6fz/p7UtVsS25KPQGJWD0=

Apparently, your oauth_token and oauth_timestamp are in the wrong order ;-)

Tom

Reply via email to