Good eye, Tom. Thanks -- missed that in my quick once-over.

João -- I had to regenerate your consumer key and secret. You'll want to go
to your application on dev.twitter.com to obtain your keys again.

Thanks,
Taylor



On Mon, Aug 30, 2010 at 2:46 PM, Tom van der Woerdt <i...@tvdw.eu> wrote:

> Actually, it looks very much wrong.
>
> You are including your secret in the Base String and POST. Don't.
>
> Tom
>
>
> On 8/30/10 11:44 PM, Taylor Singletary wrote:
> > Hi João,
> >
> > Can you share the code you use to actually execute the request? I'd like
> > to make sure that all the OAuth-related parameters are being sent in the
> > HTTP header, the x_auth_* parameters should be in the POST body. You
> > shouldn't have any x_auth parameters in your authorization header, and
> > you shouldn't have any oauth_* parameters in your POST body.
> >
> > On first glance, your signature base string appears correct. Have you
> > also verified that the timestamp on the machine executing the requests
> > is in sync with our clock?
> >
> > Thanks,
> > Taylor
> >
> >
> >
> > 2010/8/30 João Paulo Sabino de Moraes <jona...@gmail.com
> > <mailto:jona...@gmail.com>>
> >
> >     Hi Everyone,
> >
> >     I´ve got an application account that has already an xAuth access.
> >     But I still got 401 Error saying : "Failed to validate oauth
> >     signature and token";
> >
> >     I thinks I´m not missing any parameter, the code is in as3 but you
> >     can see the parameteres and more below the encoded signstring .
> >
> >     request = ACCESS;
> >     var vars:String = "";
> >     var urlRequest:URLRequest = new
> >     URLRequest("https://api.twitter.com/oauth/access_token";);
> >     var params : URLVariables = new URLVariables();
> >        params.oauth_consumer_key = consumerKey;
> >     vars += "oauth_consumer_key="+consumerKey;
> >        params.oauth_consumer_secret = consumerSecret;
> >     vars += "&oauth_consumer_secret="+consumerSecret;
> >     var temp = nonce;
> >        params.oauth_nonce = temp;
> >     vars += "&oauth_nonce="+temp;
> >        params.oauth_signature_method = "HMAC-SHA1";
> >     vars += "&oauth_signature_method=HMAC-SHA1";
> >     var temp = time;
> >        params.oauth_timestamp = temp;
> >        vars += "&oauth_timestamp="+temp;
> >     params.oauth_version = "1.0";
> >        vars += "&oauth_version=1.0";
> >     params.x_auth_mode = "client_auth";
> >        vars += "&x_auth_mode=client_auth";
> >     params.x_auth_password = password;
> >        vars += "&x_auth_password="+password;
> >     params.x_auth_username = user;
> >     vars += "&x_auth_username="+user;
> >     var signString:String = "POST&" +
> >     encodeURIComponent("https://api.twitter.com/oauth/access_token";) +
> >     "&" + encodeURIComponent(vars);
> >     var hmac:HMAC =  Crypto.getHMAC("sha1");
> >     var key:ByteArray = Hex.toArray(
> >     Hex.fromString(encodeURIComponent(consumerSecret) + "&" +
> >     encodeURIComponent(oauthTokenSecret)));
> >     var data:ByteArray = Hex.toArray( Hex.fromString( signString ) );
> >     var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) );
> >     trace(signString);
> >     params.oauth_signature = encodeURIComponent(sha);
> >
> >
> >
> >
> oauth_consumer_key=31NPH6FNUQi5HsWHzSbjQ&oauth_consumer_secret=jSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI&oauth_nonce=94252&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1283202704&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=passWordTest&x_auth_username=usernameTest
> >
> >     Ecoded SignString:
> >
> >     POST&https%3A%2F%2Fapi.twitter.com
> >     <http://2Fapi.twitter.com
> >%2Foauth%2Faccess_token&oauth_consumer_key%3D31NPH6FNUQi5HsWHzSbjQ%26oauth_consumer_secret%3DjSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI%26oauth_nonce%3D94252%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283202704%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DpassWordTest%26x_auth_username%3DusernameTest
> >
> >
> >     thanks
> >
> >
> >
> >     --
> >     João Paulo S. de Moraes
> >     +55 81 3432 3804
> >     +55 81 9189 3814 (mobile)
> >
> >     --
> >     Twitter developer documentation and resources:
> >     http://dev.twitter.com/doc
> >     API updates via Twitter: http://twitter.com/twitterapi
> >     Issues/Enhancements Tracker:
> >     http://code.google.com/p/twitter-api/issues/list
> >     Change your membership to this group:
> >     http://groups.google.com/group/twitter-development-talk?hl=en
> >
> >
> > --
> > Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > API updates via Twitter: http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> > http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> > http://groups.google.com/group/twitter-development-talk?hl=en
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk?hl=en
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to