Hi folks,

I have been banging my head against the wall trying to figure out why
I keep getting 'failed to validate oauth signature and token' when
requesting the access token using xauth.  I did get xauth enabled,
however I should point out there is nothing indicating this in the
app's detail page. Should there be?

For sake of debugging, I am using the xAuth tutorial fields located
here:
http://dev.twitter.com/pages/xauth
it looks quite identical.  I understand the timestamps, keys, and
nonce would be invalid, I just wanted to check things out:

Body:
x_auth_username=oauth_test_exec&x_auth_password=twitter-
xauth&x_auth_mode=client_auth

Authorization header field:
oauth_consumer_key="JvyS7DO2qd6NNTsXJ4E7zA",
oauth_signature_method="HMAC-SHA1",
oauth_signature="1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D",
oauth_timestamp="1284565601",
oauth_nonce="6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo",
oauth_version="1.0"

Signature base string:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA
%26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec


URL:
https://api.twitter.com/oauth/access_token


If I turn all the fields to 'real' I will get the same error as the
above code does.  Hearing that time can cause this I can say that my
clock is only off a few seconds from my cell phone and I am using
time(null) to snag the value.  I assume that is seconds since 1970
without timezone interference.

Any ideas?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to