On 9/2/10 6:46 PM, Ryan wrote:
> Spent the day trying to get OAuth working with PHP, curse August the
> 31st, first time I've heard of it, etc,etc. Anyhow I need some help to
> see where I'm going wrong with this code to retireve the auth token
>  Please...
> 
> <?php
>   function CalcHmacSha1($data,$key) {
> 
>     $blocksize = 64;
>     $hashfunc = 'sha1';
>     if (strlen($key) > $blocksize) {
>       $key = pack('H*', $hashfunc($key));
>     }
>     $key = str_pad($key, $blocksize, chr(0x00));
>     $ipad = str_repeat(chr(0x36), $blocksize);
>     $opad = str_repeat(chr(0x5c), $blocksize);
>     $hmac = pack(
>                     'H*', $hashfunc(
>                             ($key^$opad).pack(
>                                     'H*', $hashfunc(
>                                             ($key^$ipad).$data
>                                     )
>                             )
>                     )
>                 );
>     return $hmac;
>   }
> 
> 
> define("TWITTER_CONSUMER_KEY", "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
> define("TWITTER_CONSUMER_SECRET",
> "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
> 
> define("TWITTER_OAUTH_HOST","https://api.twitter.com";);
> define("TWITTER_REQUEST_TOKEN_URL", TWITTER_OAUTH_HOST . "/oauth/
> request_token");
> define("TWITTER_AUTHORIZE_URL", TWITTER_OAUTH_HOST . "/oauth/
> authorize");
> define("TWITTER_ACCESS_TOKEN_URL", TWITTER_OAUTH_HOST . "/oauth/
> access_token");
> define("TWITTER_PUBLIC_TIMELINE_API", TWITTER_OAUTH_HOST . "/statuses/
> public_timeline.json");
> define("TWITTER_UPDATE_STATUS_API", TWITTER_OAUTH_HOST . "/statuses/
> update.json");
> 
> $oauth_callback="http://www.refreshcreations.co.uk/twittertest/ryan-
> oauth.php";
> define("OAUTH_SIGNATURE_METHOD", "HMAC-SHA1");
> $oauth_timestamp = date("YmdHis");
> define("OAUTH_VERSION", "1.0");
> $oauth_nonce = md5(microtime());
> $timestamp = date("YmdHis");
> 
> $post_data = "oauth_callback=".$oauth_callback;
> $post_data.= "&oauth_consumer_key=".TWITTER_CONSUMER_KEY;
> $post_data.= "&oauth_nonce=".$oauth_nonce;
> $post_data.= "&oauth_signature_method=".OAUTH_SIGNATURE_METHOD;
> $post_data.= "&auth_timestamp=".$oauth_timestamp;
> $post_data.= "&oauth_version=".OAUTH_VERSION;
> 
> $post_data=rawurlencode($post_data);
> $post_data.=rawurlencode("&oauth_signature=".CalcHmacSha1($post_data,
> TWITTER_CONSUMER_SECRET."&"));
> 
> 
> $auth_header ="X-Verify-Credentials-Authorization: OAuth realm=
> \"http://api.twitter.com\",";;
> $auth_header.="OAuth oauth_nonce=\"".$oauth_nonce."\", ";
> $auth_header.="oauth_callback=\"".$oauth_callback."\", ";
> $auth_header.="oauth_signature_method=\"".OAUTH_SIGNATURE_METHOD."\",
> ";
> $auth_header.="oauth_timestamp=\"".$oauth_timestamp."\", ";
> $auth_header.="oauth_consumer_key=\"".TWITTER_CONSUMER_KEY."\", ";
> $auth_header.="oauth_signature=\"".CalcHmacSha1($post_data,
> TWITTER_CONSUMER_SECRET."&")."\", ";
> $auth_header.="oauth_version=\"".OAUTH_VERSION."\", ";
> 
> $curl = curl_init();
> curl_setopt($curl, CURLOPT_URL, TWITTER_REQUEST_TOKEN_URL);
> curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header));
> $curlresponse = curl_exec($curl);
> curl_exec($curl);
> 
> 
> //GET CURL VALUES BACK.
> 
> $info = curl_getinfo($curl);
> 
> echo "<dl>";
>       foreach($info as $key =>$value){
>       echo "<dt>".$key."</dt><dd>".$value."</dd>";
>       }
> echo "</dl>\n";
> 
> 
> ?>
> 
> returns: "Failed to validate oauth signature and token"
> any ideas?
> 

Multiple.

1. PHP has the hash_hmac function which can do hmac-sha1 for you.
2. Timestamp should be time(), not some date() combination
3. This doesn't look like the normal OAuth stuff, but like OAuth Echo
4. "TWITTER_PUBLIC_TIMELINE_API" and "TWITTER_UPDATE_STATUS_API" point
to non-existent pages (missing the version part).
5. I'd recommend using uniqid() for generating a nonce instead of
md5'ing the microtime. It won't cause trouble, but uniqid() is more unique.
6. rawurlencode() isn't the proper function for URL encoding, but I
can't give you a better one right now.
7. You are generating a "post_data" variable but you don't post it ;-)

Tom

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to