Hi Martin, In the example you give the timestamp you are using converts to one from the year 1971 so you want to check how you are creating that. The correct timestamp value is the current epoch time in seconds.
Without seeing your basestring it is difficult to know what could be going wrong. One thing to check is that your signing key is correct. The signing key format is "YOUR_CONSUMER_SECRET&THE_USER_SECRET". When requesting a token you don't have a user secret so the signing key becomes "YOUR_CONSUMER_KEY&". Also make sure you are not sending the OAuth parameters more than once. As the parameters are in the Authorization header they shouldn't be included in any GET or POST parameters. Best @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Wed, Oct 6, 2010 at 4:37 PM, Martin Hannah <mhan...@coresoft.com.au> wrote: > We are converting our Twitter interfaces to oAuth and from the advise > on http://twittervb.codeplex.com/wikipage?title=XAuth we are heading > down the path of xAuth for our desk top applications that use Twitter. > > We opted not to use TwitterVB.dll for backward compatibility of older > sites, so we are faced with a DIY situation. > > Even though we are intending to use xAuth, we have had to build > libraries that will handle the authentication and signature of the > messages, so as a first step we are attempting to replicate the > request token as explained in http://dev/twitter.com/pages/auth . > > We have build libraries that correctly assemble the post parameters, > we are using ChilKat Crypt to create the signature, and to prove they > are working we copy / paste the POST parameters from the example on > http://dev/twitter.com/pages/auth and pass it to our library methods, > the returned signature and post is exactly the same as the examples on > http://dev/twitter.com/pages/auth. > > Then using our consumber key etc we create the POST and is formatted > exactly the same as the example on http://dev/twitter.com/pages/auth, > except of course it uses our consumer_key, oauth_nonce/timetamp etc. > > So the package we are sending looks perfect, we dumped it to > Notepad.exe and copy / pasted in dev.twitter.com example to compare > character by character and confirmed the only difference being the > oauth_consumer_key, signature etc. > > YET, regardless of if we send it through MS XMLHTTP or convert it to a > URL and copy / paste into a Web browser we still get the message > "Failed to validate oauth signature and token". > > We have exausted all the on line web blogs and resources we can find. > We have used sites like > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ > to try to reconstruct the post and compare the results against what > our application produces, and we are at a loss. It looks like we have > the wrong consumer keys or something stupid, but beleive me we have > copy / pasted those in as well to make sure there was no error. > > Remember we have used the parameters in your example on > http://dev.twitter.com/pages/auth and the signature and resulting > posts our software produces are the same as the examples on > dev.twitter.com, so it looks like our software using our libraries is > working correctly. > > Here are the two posts, with the example from dev.Twitter.com followed > by the one produced by our site : > > Sample 1 - From our software but using values from > http://dev.twitter.com/pages/auth > OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance > %2Fprocess_callback%3Fservice_provider_id%", > oauth_consumer_key="GDdmIQH6jhtmLUypg82g" , > oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", > oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="12723230", > oauth_version="1.0" > > Sample 2 - From our software using our consumer keys etc > OAuth oauth_callback="oob", > oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ", > oauth_nonce="ZcVmkYA3KYlVwN0kRaNHcsxiPbl4m16KZSHeyZfGF1v", > oauth_signature="0XXxEzENnco46hxIrgIG%2FvfK9Wk%3D", > oauth_signiture_method="HMAC-SHA1", oauth_timestamp="53697279", > oauth_version="1.0" > > ALSO: I noted if we use the URL > https://api.twitter.com/oauth/request_token?bla_bla_bla > it also returns the same message so the API needs a little more > diagnostic capability or perhaps you can provide a diagnostic tool or > sandbox environment to help developers know whats wrong with the > posts. > > > What can we do from here... > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk