Thanks, I know how xAuth works. ;-) This isn't xAuth though.

The Base String consists of all parameters you send to Twitter. You
aren't sending x_auth_username/x_auth_password (nor should you) so it
shouldn't be in the Base String.

You may be confused between xAuth and OAuth here: xAuth is simply an
extension to OAuth, so that Desktop applications can easily exchange
usernames/passwords for credentials. However, a call to any other
endpoint than access_token is not at all related to xAuth, so you should
not be sending the username and/or password. That's what credentials are
for :-)


On 9/20/10 8:35 PM, andy wrote:
> I use xauth, so I can log in directly from my application for Twitter.
> For pure OAuth it läft an extra URL on Twitter and you get a pin code
> with which I return to my application needs.
> The xauth-i parameter to give, as it is described in the Twitter
> documentation.
> Would in my GET request, the parameters are passed with xauth?
> On 20 Sep., 20:23, Tom van der Woerdt <> wrote:
>> No, that's no problem.
>> What I *did* just notice is that the parameters in your Base String
>> don't match the parameters in your GET. Why are you sending x_auth_*?
>> Tom
>> On 9/20/10 8:21 PM, andy wrote:
>>> Thank you for the quick help, I've just seen that the parameters
>>> since_id, since_date, max_id, count, page I have not supplied.
>>> Can there be a problem because in the absence of these?
>>> On 20 Sep., 20:10, Tom van der Woerdt <> wrote:
>>>> Yes, OAuth is the authentication layer. If you are asked for a password,
>>>> just click cancel (but really, it shouldn't ask you for one).
>>>> Tom
>>>> On 9/20/10 8:07 PM, andy wrote:
>>>>> Hello Tom,
>>>>> I get an successfull response with the oauthToken, oauthSecret,
>>>>> userId, Screenname.
>>>>> My basestring to generate my signature ist this:
>>>>> POST&
>>>>> %2Faccess_token&oauth_consumer_key%3D...myKey...%26oauth_nonce
>>>>> %3D4093828128%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
>>>>> %3D1284991785%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
>>>>> %26x_auth_password%3D...myTwitterPassword....%26x_auth_username
>>>>> %3D...myTwitterUserName...
>>>>> When I send a request with GET-Parameter it will open a Window, where
>>>>> should I enter my user data. After this I will get following XML-Code:
>>>>> <hash>
>>>>>   -
>>>>>     <request>
>>>>>        /1/statuses/home_timeline.xml?
>>>>> oauth_timestamp=1284991785&oauth_token=..myOauthToken..&oauth_consumer_key=...myConsumer_Key...&oauth_signature_method=HMAC-
>>>>> SHA1&oauth_version=1.0&
>>>>> oauth_nonce=0EEC37AC-3B39-9DC5-4316-2F7A999B057B&oauth_signature=..myGeneratedSignanture
>>>>>      </request>
>>>>>      <error>Could not authenticate you.</error>
>>>>> </hash>
>>>>> The Signantur is indeed meant to be autentifizieren the user, or not?

Twitter developer documentation and resources:
API updates via Twitter:
Issues/Enhancements Tracker:
Change your membership to this group:

Reply via email to