We are converting our Twitter interfaces to oAuth and from the advise
on http://twittervb.codeplex.com/wikipage?title=XAuth we are heading
down the path of xAuth for our desk top applications that use Twitter.

We opted not to use TwitterVB.dll for backward compatibility of older
sites, so we are faced with a DIY situation.

Even though we are intending to use xAuth, we have had to build
libraries that will handle the authentication and signature of the
messages, so as a first step we are attempting to replicate the
request token as explained in http://dev/twitter.com/pages/auth .

We have build libraries that correctly assemble the post parameters,
we are using ChilKat Crypt to create the signature, and to prove they
are working we copy / paste the POST parameters from the example on
http://dev/twitter.com/pages/auth and pass it to our library methods,
the returned signature and post is exactly the same as the examples on

Then using our consumber key etc we create the POST and is formatted
exactly the same as the example on http://dev/twitter.com/pages/auth,
except of course it uses our consumer_key, oauth_nonce/timetamp etc.

So the package we are sending looks perfect, we dumped it to
Notepad.exe and copy / pasted in dev.twitter.com example to compare
character by character and confirmed the only difference being the
oauth_consumer_key, signature etc.

YET, regardless of if we send it through MS XMLHTTP or convert it to a
URL and copy / paste into a Web browser we still get the message
"Failed to validate oauth signature and token".

We have exausted all the on line web blogs and resources we can find.
We have used sites like 
to try to reconstruct the post and compare the results against what
our application produces, and we are at a loss. It looks like we have
the wrong consumer keys or something stupid, but beleive me we have
copy / pasted those in as well to make sure there was no error.

Remember we have used the parameters in your example on
http://dev.twitter.com/pages/auth and the signature and resulting
posts our software produces are the same as the examples on
dev.twitter.com, so it looks like our software using our libraries is
working correctly.

Here are the two posts, with the example from dev.Twitter.com followed
by the one produced by our site :

Sample 1 - From our software but using values from 
OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance
oauth_consumer_key="GDdmIQH6jhtmLUypg82g"  ,
oauth_signature_method="HMAC-SHA1", oauth_timestamp="12723230",

Sample 2 - From our software using our consumer keys etc
OAuth oauth_callback="oob",
oauth_signiture_method="HMAC-SHA1", oauth_timestamp="53697279",

ALSO: I noted if we use the URL 
it also returns the same message so the API needs a little more
diagnostic capability or perhaps you can provide a diagnostic tool or
sandbox environment to help developers know whats wrong with the

What can we do from here...

Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to