Hi Matt, Thanks for the response, I went back and looked closely at the possible trouble spots you suggested (the epoch time, the consumer key, the parameters not repeated) and its all fine.
I used the program to produce epoc time and compared these to http://unixtimestamp.com/index.php and was producing the same number as that website at the same moment in time. I beleive my signature generator is working as well, because when I use the values from the examples in http://dev.twitter.com/pages/xauth or http://dev.twitter.com/pages/auth I get the same number produced as on those twitter doco web pages. I then tried to use xAuth in the hope that it would provide some insight. I sent email to twitter and they enabled xAuth for me. Next step was to use the same variables from http://dev.twitter.com/pages/xauth and copy/paste the actual results from http://dev.twitter.com/pages/xauth to variables and running my procedure, and then inside the procedure do string character comparison at various points in the program to the values that twitter suggested would be produced on http://dev.twitter.com/pages/xauth to confirm my program produced the same thing (and it did). I then inserted my Consumer key, use name, password etc and sent the post to https://api.twitter.com/oauth/access_token and I get no response (literally nothing, not even an error message). The base string is : POST&https%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_token&oauth_consumer_key%3DTY0Js5vMc04HNqmqIkNEnQ %26oauth_nonce%3DRiu39H4LlIeFbEgExKFAGnZk4AhNP05Kvz87Xeu6pyN %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1287877307%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth %26x_auth_password%3Dxxxxxxxx%26x_auth_username%3Dxxxxxxxxx The program paramaters generated are: v-params = OAuth oauth_consumer_key="TY0Js5vMc04HNxxxxxxxxx", oauth_nonce="lJUAbSfIQY3ybDkkTITFGj2tga0ZCsFKxrTjEo9Sz7L", oauth_signature="EdFxq%2B7cT1ilXDva4QCZhfXlRfo%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1287876800", oauth_version="1.0" (The order of the Authorization header parameters shown above differs from the examples in tritter documentation but I changed to the exact same order as in Twitter doco and it did not work) My post code is: define var objHTTP as com-handle. Create "Microsoft.XMLHTTP" objHTTP . objHTTP:open("POST",api-atokin, false, api-username, api- password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:send(""). v-response = objHTTP:responseText . I am stumped, and would appreciate any suggestions as to where to go from here... Matt Harris wrote: > Hi Martin, > > In the example you give the timestamp you are using converts to one > from the year 1971 so you want to check how you are creating that. The > correct timestamp value is the current epoch time in seconds. > > Without seeing your basestring it is difficult to know what could be > going wrong. One thing to check is that your signing key is correct. > The signing key format is "YOUR_CONSUMER_SECRET&THE_USER_SECRET". When > requesting a token you don't have a user secret so the signing key > becomes "YOUR_CONSUMER_KEY&". > > Also make sure you are not sending the OAuth parameters more than > once. As the parameters are in the Authorization header they shouldn't > be included in any GET or POST parameters. > > Best > > @themattharris > Developer Advocate, Twitter > http://twitter.com/themattharris > > > > On Wed, Oct 6, 2010 at 4:37 PM, Martin Hannah <mhan...@coresoft.com.au> wrote: > > We are converting our Twitter interfaces to oAuth and from the advise > > on http://twittervb.codeplex.com/wikipage?title=XAuth we are heading > > down the path of xAuth for our desk top applications that use Twitter. > > > > We opted not to use TwitterVB.dll for backward compatibility of older > > sites, so we are faced with a DIY situation. > > > > Even though we are intending to use xAuth, we have had to build > > libraries that will handle the authentication and signature of the > > messages, so as a first step we are attempting to replicate the > > request token as explained in http://dev/twitter.com/pages/auth . > > > > We have build libraries that correctly assemble the post parameters, > > we are using ChilKat Crypt to create the signature, and to prove they > > are working we copy / paste the POST parameters from the example on > > http://dev/twitter.com/pages/auth and pass it to our library methods, > > the returned signature and post is exactly the same as the examples on > > http://dev/twitter.com/pages/auth. > > > > Then using our consumber key etc we create the POST and is formatted > > exactly the same as the example on http://dev/twitter.com/pages/auth, > > except of course it uses our consumer_key, oauth_nonce/timetamp etc. > > > > So the package we are sending looks perfect, we dumped it to > > Notepad.exe and copy / pasted in dev.twitter.com example to compare > > character by character and confirmed the only difference being the > > oauth_consumer_key, signature etc. > > > > YET, regardless of if we send it through MS XMLHTTP or convert it to a > > URL and copy / paste into a Web browser we still get the message > > "Failed to validate oauth signature and token". > > > > We have exausted all the on line web blogs and resources we can find. > > We have used sites like > > http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ > > to try to reconstruct the post and compare the results against what > > our application produces, and we are at a loss. It looks like we have > > the wrong consumer keys or something stupid, but beleive me we have > > copy / pasted those in as well to make sure there was no error. > > > > Remember we have used the parameters in your example on > > http://dev.twitter.com/pages/auth and the signature and resulting > > posts our software produces are the same as the examples on > > dev.twitter.com, so it looks like our software using our libraries is > > working correctly. > > > > Here are the two posts, with the example from dev.Twitter.com followed > > by the one produced by our site : > > > > Sample 1 - From our software but using values from > > http://dev.twitter.com/pages/auth > > OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance > > %2Fprocess_callback%3Fservice_provider_id%", > > oauth_consumer_key="GDdmIQH6jhtmLUypg82g" , > > oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", > > oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D", > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="12723230", > > oauth_version="1.0" > > > > Sample 2 - From our software using our consumer keys etc > > OAuth oauth_callback="oob", > > oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ", > > oauth_nonce="ZcVmkYA3KYlVwN0kRaNHcsxiPbl4m16KZSHeyZfGF1v", > > oauth_signature="0XXxEzENnco46hxIrgIG%2FvfK9Wk%3D", > > oauth_signiture_method="HMAC-SHA1", oauth_timestamp="53697279", > > oauth_version="1.0" > > > > ALSO: I noted if we use the URL > > https://api.twitter.com/oauth/request_token?bla_bla_bla > > it also returns the same message so the API needs a little more > > diagnostic capability or perhaps you can provide a diagnostic tool or > > sandbox environment to help developers know whats wrong with the > > posts. > > > > > > What can we do from here... > > > > -- > > Twitter developer documentation and resources: http://dev.twitter.com/doc > > API updates via Twitter: http://twitter.com/twitterapi > > Issues/Enhancements Tracker: > > http://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > > http://groups.google.com/group/twitter-development-talk > > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk