Hi Andy,

Have you tried posting the x_auth_* parameters in the actual POST body of
the request instead of on the query string?

Are there any characters in your login or password that might need to be
escaped? (I don't see an explicit escape on those values here).

When using xAuth, you don't have an oauth_token or oauth_token_secret and
those parameters should not be included or considered. This type of access
token request is a two-legged request.

Your signing secret should be simply  "consumerSecret&"

Hope this helps.

Taylor

On Fri, Sep 17, 2010 at 12:56 AM, andy <andreas-wilkeme...@andreazw.de>wrote:

> Hello everyone,
>
> I have problems to use xAuth in a own Twitter application. I have
> register an Application and was activated for xauth. I have develop an
> Adobe AIR Application which used ActionScript 3.0. In addition, I use
> the ActionScript 3 library for oAuth, which is refer in the Twitter
> docomentation for ActionScript developers. (http://code.google.com/p/
> oauth-as3/ <http://code.google.com/p/oauth-as3/>)
> Unfortunately I can not get a successful response from the twitter
> server. I would describe you to my approach and I hope that everyone
> can give me a help.
>
> At first time, I create my parameters. For this I used the
> "OAuthRequestClass" from the oauth-as3 library. This class, I have
> added the xauth parameter. In the following a Code-snipped:
>
>                        var curDate:Date = new Date();
>                        var uuid:String = UIDUtil.getUID(curDate);
>
>                        _requestParams["oauth_consumer_key"] =
> _consumer.key;
>                        _requestParams["oauth_consumer_secret"] =
> _consumer.secret;
>                        _requestParams["oauth_nonce"] = uuid;
>                        _requestParams["oauth_signature_method"] =
> signatureMethod.name;
>                        _requestParams["oauth_timestamp"] =
> String(curDate.time).substring(0, 10);
>                        _requestParams["oauth_version"] = "1.0";
>                        _requestParams["x_auth_mode"] = "client_auth";
>                        _requestParams["x_auth_password"] = password;
>                        _requestParams["x_auth_username"] = user;
>
>                        _requestParams["oauth_token"] = _token.key;
>                        _requestParams["oauth_token_secret"] =
> _token.secret;
>
>                        // generate the signature
>                        var signature:String =
> signatureMethod.signRequest(this);
>                        _requestParams["oauth_signature"] = signature;
>
> The Signantur is determined by the following function throw the class
> "OAuthSignatureMethod_HMAC_SHA1" from the oauth-as3 library:
>
>                public function signRequest(request:OAuthRequest):String {
>                        // get the signable string
>                        var toBeSigned:String = request.getSignableString();
>
>                        // get the secrets to encrypt with
>                        var sSec:String =
> URLEncoding.encode(request.consumer.secret) + "&"
>                        if (request.token)
>                                sSec +=
> URLEncoding.encode(request.token.secret);
>
>                        // hash them
>                        var hmac:HMAC = Crypto.getHMAC("sha1");
>                        var key:ByteArray =
> Hex.toArray(Hex.fromString(sSec));
>                        var message:ByteArray =
> Hex.toArray(Hex.fromString(toBeSigned));
>
>                        var result:ByteArray = hmac.compute(key,message);
>                        var ret:String = Base64.encodeByteArray(result);
>
>                        return ret;
>                }
>
> In the variable "toBeSigned" is included my OAuth signature base
> string:
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3D..myConsumerKey...%26oauth_nonce
> %3D5653B8B9-87E3-89DA-3857-1E9E70C56F5C%26oauth_signature_method
> %3DHMAC-SHA1%26oauth_timestamp%3D1284708921%26oauth_version
> %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password
> %3D..myTwitterUsername..%26x_auth_username%3D..myTwitterPassword..
>
> Additionally, I have at this point trying to use the parameters
> oauth_consumer_secret and oauth_token.
>
> In my variable "aSec" is including. "myConsumerKey+"&"+myOAuthToken".
>
> For the variable "aSec" I have test following combinations:
> "myConsumerKey+"&"+myOAuthToken"
> "myConsumerKey+"&"+myOAuthTokenSecret"
> "myConsumerSecret+"&"+myOAuthToken"
> "myConsumerSecret+"&"+myOAuthTokenSecret"
>
> Since the Twitter documentation to the oauth-as3 library reference, I
> assume that runs the encryption correctly.
> Perhaps at this point but made a mistake. Can everyone encrypt one
> time the words "hello", "world" and tell me how this would look like
> encrypted, which is also in use xauth? My result after the above code
> would look like: ijqEvNDQBl6X8XXTcER8fQLgCXM=
>
> After this I create my OAuth HTTP Authorisation header. The header
> name is "Authorization" and the header value is the following:
> OAuth oauth_nonce="5653B8B9-87E3-89DA-3857-1E9E70C56F5C",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1284708921",
> oauth_consumer_key="...myConsumerKey...",
> oauth_signature="...myCreatedSignanture...", oauth_version="1.0"
>
>
> I send a Request with this url to the twitter server:
>
> https://api.twitter.com/oauth/access_token?x_auth_mode=client_auth&x_auth_password=..myTwitterPassword&x_auth_username=..MyTwitterUsername.
> ..
>
> In the following
>
> In the following my ActionScript code by I make my request to your
> server.
>
>                                var postVariables:String = "?
> x_auth_mode=client_auth&x_auth_password="+password
> +"&x_auth_username="+user;
>
>                                var params:URLVariables = new
> URLVariables();
>                                params.x_auth_mode = "client_auth";
>                                params.x_auth_password = password;
>                                params.x_auth_username = user;
>
>                                var request:URLRequest = new URLRequest("
> https://api.twitter.com/
> oauth/access_token <https://api.twitter.com/oauth/access_token>
> "+postVariables);
>
>                                request.method = URLRequestMethod.POST;
>                                request.requestHeaders = new Array(header);
>                                request.contentType =
> "application/x-www-form-urlencoded";
>                                //request.data = params;
>
>                                var loader:URLLoader = new URLLoader();
>                                loader.addEventListener(Event.COMPLETE,
> onComplete);
>
>  loader.addEventListener(IOErrorEvent.IO_ERROR, onFailed);
>                                loader.load(request);
>
>
> Unfortunately I do not get an successful response. I get the Error-
> Message "Failed to validate oauth signature and token", the HTTP
> status code 401 and following Error-description:
> "Error #2032: Stream Error. URL:
>
> https://api.twitter.com/oauth/access_token?x_auth_mode=client_auth&x_auth_password=myPassword&x_auth_username=myUsername
> "
>
> I am grateful for any help
> andy
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk?hl=en
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to