Hi,

I've seen several things:
1. I *think* that your URL encode function is slightly wrong - this is
what my PHP OAuth site has :
return str_replace(
      '+',
      ' ',
      str_replace('%7E', '~', rawurlencode($input))
    );

2. You seem to be lucky that the sort order is right, but your code is
wrong. "$params_encoded = urlencode2(encode_params($oauth_params) . '&'
. $post_body);" is not the correct way - all fields are supposed to be
sorted, not only oauth_params. The Base String itself seems fine.

3. After some testing, I couldn't find anything else wrong. However,
when I looked again, I saw that you were posting the consumer secret in
the OAuth header. You MUST NOT do that. ;-)

4. You aren't sending an Authorization header.

5. You are sending $post_body urlencoded as postfields.

Tom



On 8/14/10 10:54 AM, hgc2002 wrote:
> Hi,
> 
> I have been unable to get the access token for xAuth. I've been
> granted xAuth but now I need to use it, so that's why I'm requesting
> your help.
> 
> This is the output I'm getting:
> 
> HTTP/1.1 401 Unauthorized Date: Fri, 13 Aug 2010 17:34:58 GMT Server:
> hi Status:
> 401 Unauthorized X-Transaction: 1281720898-35403-17857 Last-Modified:
> Fri, 13
> Aug 2010 17:34:58 GMT X-Runtime: 0.00533 Content-Type: text/html;
> charset=utf-8
> Content-Length: 1 Pragma: no-cache X-Revision: DEV Expires: Tue, 31
> Mar 1981
> 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-
> check=0,
> post-check=0 Set-Cookie: k=85.49.242.96.1281720898265953; path=/;
> expires=Fri,
> 20-Aug-10 17:34:58 GMT; domain=.twitter.com Set-Cookie:
> guest_id=128172089870928288; path=/; expires=Sun, 12 Sep 2010 17:34:58
> GMT
> Set-Cookie:
> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJfUhGwqAToHaWQiJTRlMzA4NDJlZGMwZDc3%250AMGRhMDY1MjFlODlkNTI2ZjBmIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--3a67a3c1703e00892ec25ae058be95a4476ecb61;
> domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close
> 
> Can you help me find out what's wrong with this simple example?
> Thank!
> Regards,
> Herman.
> 
> Here is my code in PHP 5. It generates an output file (output.html) so
> you'll be able to check every step in there.
> Just change 4 things: user, password, consumer key and consumer secret
> to run it.
> 
> <?php
> /**
> * Test based in http://dev.twitter.com/pages/xauth
> * Herman Gomez C. - herman_inter...@yahoo.es
> * Madrid, 13-Aug-2010.
> */
> unlink('output.html');
> /**
> * Encode a string according to the RFC3986
> */
> function urlencode2($s) {
> return ($s === false ? $s : str_replace('%7E','~',rawurlencode($s)));
> }
> /**
> * Create sequences like param1=encodevalue1&param2=value2 and so on,
> where
> values are urlrawencoded.
> * It's used for post body and signature base.
> */
> function encode_params($params) {
> $res = '';
> foreach($params as $index => $value) $res = $res . $index . '=' .
> urlencode2($value) . '&';
> return substr($res,0,strlen($res)-1);
> }
> /**
> * Create sequences like param1="value1", param2="value2" and so on.
> It's used
> for oAuth header.
> */
> function enquote_params($params) {
> $res = '';
> foreach($params as $index => $value) $res = $res . $index . '="' .
> urlencode2($value) . '", ';
> return substr($res,0,strlen($res)-2);
> }
> /**
> * debug var
> */
> function debug_var($name,$var) {
> $output = "<b>$name</b><br><pre>" . print_r($var,true) . "</pre>\n\n
> \n"; echo
> $output;
> file_put_contents('output.html',$output,FILE_APPEND);
> }
> /**
> * Creating post body
> */
> $x_auth_params = array();
> $x_auth_params['x_auth_password'] = "password"; //change this
> $x_auth_params['x_auth_username'] = "username"; //change this
> $x_auth_params['x_auth_mode'] = "client_auth";
> ksort($x_auth_params);
> $post_body = encode_params($x_auth_params);
> debug_var('post_body',$post_body);
> /***
> * Creating signature base
> */
> $url = "https://api.twitter.com/oauth/access_token";;
> $url_encoded = urlencode2($url);
> $oauth_params = array();
> $oauth_params['oauth_consumer_key'] = "consumer key"; ///change this
> $oauth_params['oauth_nonce'] = md5(uniqid(rand(), true));
> $oauth_params['oauth_timestamp'] = time();
> $oauth_params['oauth_signature_method'] = "HMAC-SHA1";
> $oauth_params['oauth_version'] = "1.0";
> ksort($oauth_params);
> $params_encoded = urlencode2(encode_params($oauth_params) . '&' .
> $post_body);
> $signature_base = "POST&$url_encoded&$params_encoded";
> debug_var('signature_base',$signature_base);
> /**
> * Creating signature
> */
> $oauth_params['oauth_consumer_secret'] = "consumer secret"; //change
> this
> $key = $oauth_params['oauth_consumer_secret'] . '&';
> $oauth_params['oauth_signature'] =
> urlencode2(base64_encode(hash_hmac("sha1",$signature_base,
> $key,true)));
> /**
> * Creating OAuth header
> */
> ksort($oauth_params);
> $oauth_header = 'OAuth ' . enquote_params($oauth_params);
> debug_var('oauth_header',$oauth_header);
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_HEADER, true);
> curl_setopt($ch, CURLOPT_HTTPHEADER, array($oauth_header));
> curl_setopt($ch, CURLOPT_URL, $url);
> curl_setopt($ch, CURLOPT_POST, true);
> curl_setopt($ch, CURLOPT_POSTFIELDS, urlencode2($post_body));
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
> 
> $exec = curl_exec($ch);
> $info = curl_getinfo($ch);
> curl_close($ch);
> 
> debug_var('info',$info);
> debug_var('exec',$exec);
> ?>

Reply via email to