Hi, I have been unable to get the access token for xAuth. I've been granted xAuth but now I need to use it, so that's why I'm requesting your help.
This is the output I'm getting: HTTP/1.1 401 Unauthorized Date: Fri, 13 Aug 2010 17:34:58 GMT Server: hi Status: 401 Unauthorized X-Transaction: 1281720898-35403-17857 Last-Modified: Fri, 13 Aug 2010 17:34:58 GMT X-Runtime: 0.00533 Content-Type: text/html; charset=utf-8 Content-Length: 1 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre- check=0, post-check=0 Set-Cookie: k=85.49.242.96.1281720898265953; path=/; expires=Fri, 20-Aug-10 17:34:58 GMT; domain=.twitter.com Set-Cookie: guest_id=128172089870928288; path=/; expires=Sun, 12 Sep 2010 17:34:58 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJfUhGwqAToHaWQiJTRlMzA4NDJlZGMwZDc3%250AMGRhMDY1MjFlODlkNTI2ZjBmIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--3a67a3c1703e00892ec25ae058be95a4476ecb61; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close Can you help me find out what's wrong with this simple example? Thank! Regards, Herman. Here is my code in PHP 5. It generates an output file (output.html) so you'll be able to check every step in there. Just change 4 things: user, password, consumer key and consumer secret to run it. <?php /** * Test based in http://dev.twitter.com/pages/xauth * Herman Gomez C. - [email protected] * Madrid, 13-Aug-2010. */ unlink('output.html'); /** * Encode a string according to the RFC3986 */ function urlencode2($s) { return ($s === false ? $s : str_replace('%7E','~',rawurlencode($s))); } /** * Create sequences like param1=encodevalue1¶m2=value2 and so on, where values are urlrawencoded. * It's used for post body and signature base. */ function encode_params($params) { $res = ''; foreach($params as $index => $value) $res = $res . $index . '=' . urlencode2($value) . '&'; return substr($res,0,strlen($res)-1); } /** * Create sequences like param1="value1", param2="value2" and so on. It's used for oAuth header. */ function enquote_params($params) { $res = ''; foreach($params as $index => $value) $res = $res . $index . '="' . urlencode2($value) . '", '; return substr($res,0,strlen($res)-2); } /** * debug var */ function debug_var($name,$var) { $output = "<b>$name</b><br><pre>" . print_r($var,true) . "</pre>\n\n \n"; echo $output; file_put_contents('output.html',$output,FILE_APPEND); } /** * Creating post body */ $x_auth_params = array(); $x_auth_params['x_auth_password'] = "password"; //change this $x_auth_params['x_auth_username'] = "username"; //change this $x_auth_params['x_auth_mode'] = "client_auth"; ksort($x_auth_params); $post_body = encode_params($x_auth_params); debug_var('post_body',$post_body); /*** * Creating signature base */ $url = "https://api.twitter.com/oauth/access_token";; $url_encoded = urlencode2($url); $oauth_params = array(); $oauth_params['oauth_consumer_key'] = "consumer key"; ///change this $oauth_params['oauth_nonce'] = md5(uniqid(rand(), true)); $oauth_params['oauth_timestamp'] = time(); $oauth_params['oauth_signature_method'] = "HMAC-SHA1"; $oauth_params['oauth_version'] = "1.0"; ksort($oauth_params); $params_encoded = urlencode2(encode_params($oauth_params) . '&' . $post_body); $signature_base = "POST&$url_encoded&$params_encoded"; debug_var('signature_base',$signature_base); /** * Creating signature */ $oauth_params['oauth_consumer_secret'] = "consumer secret"; //change this $key = $oauth_params['oauth_consumer_secret'] . '&'; $oauth_params['oauth_signature'] = urlencode2(base64_encode(hash_hmac("sha1",$signature_base, $key,true))); /** * Creating OAuth header */ ksort($oauth_params); $oauth_header = 'OAuth ' . enquote_params($oauth_params); debug_var('oauth_header',$oauth_header); $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array($oauth_header)); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, urlencode2($post_body)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $exec = curl_exec($ch); $info = curl_getinfo($ch); curl_close($ch); debug_var('info',$info); debug_var('exec',$exec); ?>
