http://dev.twitter.com/pages/auth, section "Signing Requests", states :
> Then, you take all query parameters and POST body parameters (when the POST 
> body is of the URL-encoded type, otherwise the POST body is ignored), 
> including the OAuth parameters necessary for negotiation with the request at 
> hand, and sort them in lexicographical order by first parameter name and then 
> parameter value (for duplicate parameters), all the while ensuring that both 
> the key and the value for each parameter are URL encoded in isolation. 
> Instead of using the equals ("=") sign to mark the key/value relationship, 
> you use the URL-encoded form of "%3D". Each parameter is then joined by the 
> URL-escaped ampersand sign, "%26".

Also, the OAuth RFC states :
<http://tools.ietf.org/html/rfc5849>
   2.  The parameters are sorted by name, using ascending byte value
       ordering.  If two or more parameters share the same name, they
       are sorted by their value.

Tom


On 9/22/10 12:41 AM, Tzanko Stefanov wrote:
> Great - works now! Thank you very much!
> 
> I am wondering why such 'intricacies' are not mentioned in the
> documentation. I mean, how can one figure out the the optional
> parameter in_reply_to_status_id has to come in front of the oauth
> parameters in the base string? Or maybe there is some sort of a
> convention that I am not aware of?
> 
> Thanks again.
> 
> On Tue, Sep 21, 2010 at 4:47 PM, Taylor Singletary
> <taylorsinglet...@twitter.com> wrote:
>> Can you share what the various states are in your request?
>>
>> To save some time, here's an example of a few steps of updating a
>> status in this way. This example replies to tweet 23241674011 with the
>> status "@oauth_dancer test"
>>
>> Signature Base String
>> POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml&in_reply_to_status_id%3D23241674011%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DyuUeiE2vPilVqaQp7XYqCQHbiEEklS5Bz9fYjNZP0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1285101894%26oauth_token%3D119476949-gF0B5O1Wwa2UqqIwopAhQtQVTzmfSIOSiHQS7Vf8%26oauth_version%3D1.0%26status%3D%2540oauth_dancer%2520test
>>
>> Authorization Header
>> OAuth oauth_nonce="yuUeiE2vPilVqaQp7XYqCQHbiEEklS5Bz9fYjNZP0",
>> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1285101894",
>> oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ",
>> oauth_token="119476949-gF0B5O1Wwa2UqqIwopAhQtQVTzmfSIOSiHQS7Vf8",
>> oauth_signature="NXOcu3OzXxoVK0PV4YxYu9cFXO0%3D", oauth_version="1.0"
>>
>> POST Body
>> status=%40oauth_dancer%20test&in_reply_to_status_id=23241674011
>>
>> Taylor
>>
>> On Tue, Sep 21, 2010 at 1:38 PM, Tzanko <tzanko.stefa...@gmail.com> wrote:
>>> Hello,
>>>
>>> When I post to statuses/update with in_reply_to_status_id parameter, I
>>> get "Incorrect signature".
>>>
>>> However,  statuses/update works fine when in_reply_to_status_id is
>>> missing. Could someone please help? How do we need to pass this
>>> parameter?
>>>
>>> Thank you in advance!
>>>
>>> --
>>> Twitter developer documentation and resources: http://dev.twitter.com/doc
>>> API updates via Twitter: http://twitter.com/twitterapi
>>> Issues/Enhancements Tracker: 
>>> http://code.google.com/p/twitter-api/issues/list
>>> Change your membership to this group: 
>>> http://groups.google.com/group/twitter-development-talk?hl=en
>>>
>>
>> --
>> Twitter developer documentation and resources: http://dev.twitter.com/doc
>> API updates via Twitter: http://twitter.com/twitterapi
>> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
>> Change your membership to this group: 
>> http://groups.google.com/group/twitter-development-talk?hl=en
>>
> 
> 
> 

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to