Great, now we can home in on the problem.

- Have you verified that in each environment you are testing in that your
clock is within 5 minutes of the clock on api.twitter.com? (Returned in a
Date header for every request).
- I noticed that you're including an oauth_token= parameter in your request
token request. There is no oauth_token on this step, and you shouldn't
include the parameter as a result.

How are you presenting the request to Twitter? Are you using header-based
OAuth or query-string OAuth or POST-body OAuth? Are you presenting any of
the oauth_* parameters in more than one place at the same time? It's best to
stick with header-based OAuth, as in this context you never have to send any
oauth_* parameter in the POST body or query string and ONLY have to put it
within the authorization header -- this minimizes the possible avenues of
error.

Taylor

On Fri, Aug 20, 2010 at 5:26 PM, Mukha Mudra <chandran.biju...@gmail.com>wrote:

>
> Hello Taylor,
>                   I did as instructed.
> I ensured that the my application makes the same signature as in
>
> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
> when i put in my data. I tested around 10 rounds and all gave me
> accurate match.
> For the last one.
> My base url is
> POST&http%3A%2F%2Fapi.twitter.com%3A%2Foauth
> %2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key
> %3DN3jplhm1n1ypCzg2eWEg2w%26oauth_nonce%3DMnt1UWDYvHtA
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1282348605%26oauth_token%3D%26oauth_version%3D1.0
>
> And my signature is
> S7hJdJeFE3sFf7qOID3pwModxAw%3D
>
> But again i get the same results
> On emulator i get 'Failed to validate oauth signature and token'
> On device i get '401 unauthorized'
>
> :(
> On Aug 20, 8:00 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
> > The callback will be *executed *following the authorization step, but
> > defining what that callback should be happens on the request token step.
> >
> > Taylor
> >
> > On Fri, Aug 20, 2010 at 7:53 AM, Mukha Mudra <chandran.biju...@gmail.com
> >wrote:
> >
> >
> >
> > >http://oauth.net/core/1.0/#anchor9
> > > This states that the callback parameter will come in for the
> > > Authorization step once the request token is obtained.
> > > Is the doc outdated or am i misinterpreting it?
> >
> > > On Aug 20, 7:19 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> > > wrote:
> > > > It sounds like your HMAC-SHA1 signature generation is not correct. I
> > > would
> > > > recommend going to the most basic examples in the OAuth specification
> (
> > > best
> > > > walked through here:
> > >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin..
> .)
> > > >  and make sure you can create the same signatures as the examples --
> > > > without ever making an actual API call -- before proceeding further.
> >
> > > > Once you are sure your signature generation algorithm can handle the
> > > basic
> > > > examples in the specification, move on to Twitter-specific requests.
> > > Attempt
> > > > exotic requests, like status updates with UTF-8 characters and
> spaces.
> >
> > > > Also important to note that the OAuth specification requires an
> > > > oauth_callback to be provided on the request_token step, regardless
> of
> > > > whether you've pre-specified it in your application record or not. If
> > > you're
> > > > not doing a URL-based callback, you should be providing
> > > oauth_callback=oob.
> >
> > > > Taylor
> >
> > > > On Fri, Aug 20, 2010 at 2:40 AM, Mukha Mudra <
> chandran.biju...@gmail.com
> > > >wrote:
> >
> > > > > I STILL AM NOT ABLE TO GET THIS DONE
> > > > > The base url is
> > > > > POST&http%3A%2F%2Fapi.twitter.com%2Foauth
> > > > > %2Frequest_token&oauth_consumer_key%3DN3jplhm1n1ypCzg2eWEg2w
> > > > > %26oauth_nonce%3Dkh1282296538%26oauth_signature_method%3DHMAC-
> > > > > SHA1%26oauth_timestamp%3D1282296538%26oauth_version%3D1.0
> >
> > > > > The signature created is somewhat like this
> > > > > yIVws5LaQmJq+ysYrKXLZ0l01wI
> >
> > > > > It is without = in the end. Is it mandatory to append it.
> > > > > I am referring this site.
> > >http://hueniverse.com/2008/10/beginners-guide-
> > > > > to-oauth-part-iv-signing-requests/
> > > > > When i put my values, the base url is same that is generated. But
> the
> > > > > signature created by my program is different.
> >
> > > > > On emulator i get 'Failed to validate oauth signature and token'
> > > > > On device i get '401 unauthorized'
> >
> > > > > Has anyone tried it on Symbian before??
> > > > > Plz help....
> >
> > > > > On Aug 19, 3:15 pm, Tom van der Woerdt <i...@tvdw.eu> wrote:
> > > > > > Yes, it is, and although this is one of the three forms you can
> use,
> > > the
> > > > > > header authorization is preferred.
> >
> > > > > > Tom
> >
> > > > > > On 8/19/10 10:06 AM, Mukha Mudra wrote:
> >
> > > > > > > I read in the documentation example the following.
> > > > > > >  Authorization: OAuth realm="http://photos.example.net/";,
> > > > > > >                 oauth_consumer_key="dpf43f3p2l4k3l03",
> > > > > > >                 oauth_token="nnch734d00sl2jdk",
> > > > > > >                 oauth_signature_method="HMAC-SHA1",
> > > > > > >
> oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM
> > > > > > > %3D",
> > > > > > >                 oauth_timestamp="1191242096",
> > > > > > >                 oauth_nonce="kllo9940pd9333jh",
> > > > > > >                 oauth_version="1.0"
> >
> > > > > > > Is this header required?
> >
> > > > > > > On Aug 19, 11:23 am, Mukha Mudra <chandran.biju...@gmail.com>
> > > wrote:
> > > > > > >> Ok tried that.
> > > > > > >> Base url
> > > > > > >> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > > > > >> %2Frequest_token&oauth_consumer_key
> >
> > > > >
> %3D*******************************************%26oauth_signature_method
> > > > > > >> %3DHMAC-SHA1%26oauth_nonce%3Dkh2147483647%26oauth_timestamp
> > > > > > >> %3D1282198197%26oauth_version%3D1.0
> >
> > > > > > >> When i use https i get Twitter Is Over Capacity
> > > > > > >> When i use http i get 401 Unauthorised
> > > > > > >> I am trying to access from a SYmbian Http client.Will that
> make
> > > any
> > > > > > >> difference?
> > > > > > >> The User Agent in header is "SimpleClient 1.0"
> >
> > > > > > >> On Aug 19, 11:05 am, Mukha Mudra <chandran.biju...@gmail.com>
> > > wrote:
> >
> > > > > > >>> Thanks Matt let me try that.. I read in the documentation
> that
> > > > > > >>> oauth_version is OPTIONAL and if not submitted the Service
> > > Provider
> > > > > > >>> will take it as 1.0. Anyways will try that. Also can you tell
> me
> > > > > > >>> should be using just http or https for url?
> >
> > > > > > >>> On Aug 19, 10:43 am, Matt Harris <thematthar...@twitter.com>
> > > wrote:
> >
> > > > > > >>>> Hi Mukha,
> >
> > > > > > >>>> Your base string and API seems to be missing the
> oauth_version
> > > > > parameter
> > > > > > >>>> which you should be setting to 1.0. Also, the URL in your
> base
> > > > > string is
> > > > > > >>>> seems to be missing the protocol 'http'. Yours starts
> > > POST&%3A%2F%2F
> > > > > when it
> > > > > > >>>> should be POST&http%3A%2F%2F
> >
> > > > > > >>>> Hope that helps,
> > > > > > >>>> Matt
> >
> > > > > > >>>> On Wed, Aug 18, 2010 at 8:53 PM, Mukha Mudra <
> > > > > chandran.biju...@gmail.com>wrote:
> >
> > > > > > >>>>> Thanks Taylor.
> > > > > > >>>>> I changed that and base string is now like this
> > > > > > >>>>> POST&%3A%2F%2Fapi.twitter.com%2Foauth
> > > > > > >>>>>
> %2Frequest_token&oauth_consumer_key%3D*************************
> > > > > > >>>>> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > > > > > >>>>> %3D1282189027%26oauth_nonce%3Dkh432142249
> >
> > > > > > >>>>> I call the url with query parameters according to the Jane
> > > example
> > > > > > >>>>> provided in Appendix of documentation.
> >
> > > > >
> http://api.twitter.com/oauth/request_token?oauth_consumer_key=*******.
> > > ..
> >
> > > > > > >>>>> But now i get "401 Unauthorized"
> > > > > > >>>>> I have checked my consumer key and secret key.They seem to
> be
> > > > > > >>>>> alright.What could be happening?
> > > > > > >>>>> Should open another post for this?
> >
> > > > > > >>>>> On Aug 19, 12:17 am, Taylor Singletary <
> > > > > taylorsinglet...@twitter.com>
> > > > > > >>>>> wrote:
> > > > > > >>>>>> There are many elements to Twitter, the API, and the stack
> the
> > > > > runs the
> > > > > > >>>>>> whole site. It is possible, though rare, that you'll see
> this
> > > > > error in
> > > > > > >>>>> other
> > > > > > >>>>>> conditions.
> >
> > > > > > >>>>>> Looking at your signature base string here, I notice that
> you
> > > > > don't
> > > > > > >>>>> include
> > > > > > >>>>>> a separator between the URL you are executing and the
> > > parameters
> > > > > -- that
> > > > > > >>>>>> first %26 you have in your signature base string shouldn't
> be
> > > > > encoded..
> > > > > > >>>>> it
> > > > > > >>>>>> should just be "&" as it works as a separator between
> > > portions:
> >
> > > > > > >>>>>> $HTTP_METHOD + "&" percent_encoded($REQUEST_URI) + "&"
> > > > > > >>>>>> percent_encoded($URL_ENCODED_PARAMETERS)
> >
> > > > > > >>>>>> Taylor
> >
> > > > > > >>>>>> On Wed, Aug 18, 2010 at 12:03 PM, Tom van der Woerdt <
> > > > > i...@tvdw.eu>
> > > > > > >>>>> wrote:
> >
> > > > > > >>>>>>> On 8/18/10 8:24 PM, Mukha Mudra wrote:
> > > > > > >>>>>>>> Hi All,
> > > > > > >>>>>>>>           I just began to connect a Symbian application
> to
> > > > > Twitter
> > > > > > >>>>> via
> > > > > > >>>>>>>> the REST API.
> >
> > > > > > >>>>>>>> The base URL used in signature is as follows
> > > > > > >>>>>>>> POST&%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token
> > > > > > >>>>>>>> %26oauth_consumer_key%3D***************************
> > > > > > >>>>>>>> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > > > > > >>>>>>>> %3D1282155396%26oauth_nonce%3Dkh511263264
> >
> > > > > > >>>>>>>> In response i get the Twitter Over Capacity html page.
> >
> > > > > > >>>>>>>> Since I have just begun , I am not sure that apart from
> > > server
> > > > > > >>>>>>>> overloading , by any chance, does a wrong invocation of
> the
> > > API
> > > > > also
> > > > > > >>>>>>>> gives this error.
> >
> > > > > > >>>>>>>> Regards
> > > > > > >>>>>>>> Biju
> >
> > > > > > >>>>>>> It does not.
> >
> > > > > > >>>>>>> Tom
> >
> > > > > > >>>> --
> >
> > > > > > >>>> Matt Harris
> > > > > > >>>> Developer Advocate, Twitterhttp://twitter.com/themattharris
>

Reply via email to