Actually, it looks very much wrong.

You are including your secret in the Base String and POST. Don't.

Tom


On 8/30/10 11:44 PM, Taylor Singletary wrote:
> Hi João,
> 
> Can you share the code you use to actually execute the request? I'd like
> to make sure that all the OAuth-related parameters are being sent in the
> HTTP header, the x_auth_* parameters should be in the POST body. You
> shouldn't have any x_auth parameters in your authorization header, and
> you shouldn't have any oauth_* parameters in your POST body. 
> 
> On first glance, your signature base string appears correct. Have you
> also verified that the timestamp on the machine executing the requests
> is in sync with our clock?
> 
> Thanks,
> Taylor
> 
> 
> 
> 2010/8/30 João Paulo Sabino de Moraes <jona...@gmail.com
> <mailto:jona...@gmail.com>>
> 
>     Hi Everyone,
> 
>     I´ve got an application account that has already an xAuth access.
>     But I still got 401 Error saying : "Failed to validate oauth
>     signature and token";
> 
>     I thinks I´m not missing any parameter, the code is in as3 but you
>     can see the parameteres and more below the encoded signstring .
> 
>     request = ACCESS;
>     var vars:String = "";
>     var urlRequest:URLRequest = new
>     URLRequest("https://api.twitter.com/oauth/access_token";);
>     var params : URLVariables = new URLVariables();
>        params.oauth_consumer_key = consumerKey;
>     vars += "oauth_consumer_key="+consumerKey;
>        params.oauth_consumer_secret = consumerSecret;
>     vars += "&oauth_consumer_secret="+consumerSecret;
>     var temp = nonce;
>        params.oauth_nonce = temp;
>     vars += "&oauth_nonce="+temp;
>        params.oauth_signature_method = "HMAC-SHA1";
>     vars += "&oauth_signature_method=HMAC-SHA1";
>     var temp = time;
>        params.oauth_timestamp = temp;
>        vars += "&oauth_timestamp="+temp;
>     params.oauth_version = "1.0";
>        vars += "&oauth_version=1.0";
>     params.x_auth_mode = "client_auth";
>        vars += "&x_auth_mode=client_auth";
>     params.x_auth_password = password;
>        vars += "&x_auth_password="+password;
>     params.x_auth_username = user;
>     vars += "&x_auth_username="+user;
>     var signString:String = "POST&" +
>     encodeURIComponent("https://api.twitter.com/oauth/access_token";) +
>     "&" + encodeURIComponent(vars);
>     var hmac:HMAC =  Crypto.getHMAC("sha1");
>     var key:ByteArray = Hex.toArray(
>     Hex.fromString(encodeURIComponent(consumerSecret) + "&" +
>     encodeURIComponent(oauthTokenSecret)));
>     var data:ByteArray = Hex.toArray( Hex.fromString( signString ) );
>     var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) );
>     trace(signString);
>     params.oauth_signature = encodeURIComponent(sha);
> 
> 
> 
>     
> oauth_consumer_key=31NPH6FNUQi5HsWHzSbjQ&oauth_consumer_secret=jSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI&oauth_nonce=94252&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1283202704&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=passWordTest&x_auth_username=usernameTest
> 
>     Ecoded SignString:
> 
>     POST&https%3A%2F%2Fapi.twitter.com
>     
> <http://2Fapi.twitter.com>%2Foauth%2Faccess_token&oauth_consumer_key%3D31NPH6FNUQi5HsWHzSbjQ%26oauth_consumer_secret%3DjSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI%26oauth_nonce%3D94252%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283202704%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DpassWordTest%26x_auth_username%3DusernameTest
> 
> 
>     thanks
> 
> 
> 
>     -- 
>     João Paulo S. de Moraes
>     +55 81 3432 3804
>     +55 81 9189 3814 (mobile)
> 
>     -- 
>     Twitter developer documentation and resources:
>     http://dev.twitter.com/doc
>     API updates via Twitter: http://twitter.com/twitterapi
>     Issues/Enhancements Tracker:
>     http://code.google.com/p/twitter-api/issues/list
>     Change your membership to this group:
>     http://groups.google.com/group/twitter-development-talk?hl=en
> 
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk?hl=en

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to