We are converting our Twitter interfaces to oAuth and from the advise on http://twittervb.codeplex.com/wikipage?title=XAuth we are heading down the path of xAuth for our desk top applications that use Twitter.
We opted not to use TwitterVB.dll for backward compatibility of older sites, so we are faced with a DIY situation. Even though we are intending to use xAuth, we have had to build libraries that will handle the authentication and signature of the messages, so as a first step we are attempting to replicate the request token as explained in http://dev/twitter.com/pages/auth . We have build libraries that correctly assemble the post parameters, we are using ChilKat Crypt to create the signature, and to prove they are working we copy / paste the POST parameters from the example on http://dev/twitter.com/pages/auth and pass it to our library methods, the returned signature and post is exactly the same as the examples on http://dev/twitter.com/pages/auth. Then using our consumber key etc we create the POST and is formatted exactly the same as the example on http://dev/twitter.com/pages/auth, except of course it uses our consumer_key, oauth_nonce/timetamp etc. So the package we are sending looks perfect, we dumped it to Notepad.exe and copy / pasted in dev.twitter.com example to compare character by character and confirmed the only difference being the oauth_consumer_key, signature etc. YET, regardless of if we send it through MS XMLHTTP or convert it to a URL and copy / paste into a Web browser we still get the message "Failed to validate oauth signature and token". We have exausted all the on line web blogs and resources we can find. We have used sites like http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ to try to reconstruct the post and compare the results against what our application produces, and we are at a loss. It looks like we have the wrong consumer keys or something stupid, but beleive me we have copy / pasted those in as well to make sure there was no error. Remember we have used the parameters in your example on http://dev.twitter.com/pages/auth and the signature and resulting posts our software produces are the same as the examples on dev.twitter.com, so it looks like our software using our libraries is working correctly. Here are the two posts, with the example from dev.Twitter.com followed by the one produced by our site : Sample 1 - From our software but using values from http://dev.twitter.com/pages/auth OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance %2Fprocess_callback%3Fservice_provider_id%", oauth_consumer_key="GDdmIQH6jhtmLUypg82g" , oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="12723230", oauth_version="1.0" Sample 2 - From our software using our consumer keys etc OAuth oauth_callback="oob", oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ", oauth_nonce="ZcVmkYA3KYlVwN0kRaNHcsxiPbl4m16KZSHeyZfGF1v", oauth_signature="0XXxEzENnco46hxIrgIG%2FvfK9Wk%3D", oauth_signiture_method="HMAC-SHA1", oauth_timestamp="53697279", oauth_version="1.0" ALSO: I noted if we use the URL https://api.twitter.com/oauth/request_token?bla_bla_bla it also returns the same message so the API needs a little more diagnostic capability or perhaps you can provide a diagnostic tool or sandbox environment to help developers know whats wrong with the posts. What can we do from here... -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk