Another test unsuccessful: I was reading a post that spoke of Consumer key becoming "poisen" so I tried adding another application consumer/secret key combination to the twitter account and using these new Consumer and Secret keys, but I still cant get a response from twitter when requesting and access token...
NOTE: This same program was working before oAuth xAuth came in... so the problem is with the xAuth credentials validation. AND: When I use the values in Twitter documentation it produces the same base string, signature and authorization parameters as displayed in dev.twitter.com/pages/xauth .? Can anyone help ..? On Oct 24, 9:55 am, Martin Hannah <mhan...@coresoft.com.au> wrote: > Hi Matt, > > Thanks for the response, I went back and looked closely at the > possible trouble spots you suggested (the epoch time, the consumer > key, the parameters not repeated) and its all fine. > > I used the program to produce epoc time and compared these > tohttp://unixtimestamp.com/index.phpand was producing the same number > as that website at the same moment in time. > > I beleive my signature generator is working as well, because when I > use the values from the examples inhttp://dev.twitter.com/pages/xauth > orhttp://dev.twitter.com/pages/authI get the same number produced as > on those twitter doco web pages. > > I then tried to use xAuth in the hope that it would provide some > insight. I sent email to twitter and they enabled xAuth for me. > > Next step was to use the same variables fromhttp://dev.twitter.com/pages/xauth > and copy/paste the actual results fromhttp://dev.twitter.com/pages/xauth > to variables and running my procedure, and then inside the procedure > do string character comparison at various points in the program to the > values that twitter suggested would be produced > onhttp://dev.twitter.com/pages/xauth > to confirm my program produced the same thing (and it did). > > I then inserted my Consumer key, use name, password etc and sent the > post tohttps://api.twitter.com/oauth/access_tokenand I get no > response (literally nothing, not even an error message). > > The base string is : > POST&https%3A%2F%2Fapi.twitter.com%2Foauth > %2Faccess_token&oauth_consumer_key%3DTY0Js5vMc04HNqmqIkNEnQ > %26oauth_nonce%3DRiu39H4LlIeFbEgExKFAGnZk4AhNP05Kvz87Xeu6pyN > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > %3D1287877307%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth > %26x_auth_password%3Dxxxxxxxx%26x_auth_username%3Dxxxxxxxxx > > The program paramaters generated are: > v-params = OAuth oauth_consumer_key="TY0Js5vMc04HNxxxxxxxxx", > oauth_nonce="lJUAbSfIQY3ybDkkTITFGj2tga0ZCsFKxrTjEo9Sz7L", > oauth_signature="EdFxq%2B7cT1ilXDva4QCZhfXlRfo%3D", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1287876800", > oauth_version="1.0" > (The order of the Authorization header parameters shown above differs > from the examples in tritter documentation but I changed to the exact > same order as in Twitter doco and it did not work) > > My post code is: > define var objHTTP as com-handle. > Create "Microsoft.XMLHTTP" objHTTP . > > objHTTP:open("POST",api-atokin, false, api-username, api- > password). > objHTTP:setRequestHeader('Authorization', v-params). > > objHTTP:send(""). > > v-response = objHTTP:responseText . > > I am stumped, and would appreciate any suggestions as to where to go > from here... > > > > Matt Harris wrote: > > Hi Martin, > > > In the example you give the timestamp you are using converts to one > > from the year 1971 so you want to check how you are creating that. The > > correct timestamp value is the current epoch time in seconds. > > > Without seeing your basestring it is difficult to know what could be > > going wrong. One thing to check is that your signing key is correct. > > The signing key format is "YOUR_CONSUMER_SECRET&THE_USER_SECRET". When > > requesting a token you don't have a user secret so the signing key > > becomes "YOUR_CONSUMER_KEY&". > > > Also make sure you are not sending the OAuth parameters more than > > once. As the parameters are in the Authorization header they shouldn't > > be included in any GET or POST parameters. > > > Best > > > @themattharris > > Developer Advocate, Twitter > >http://twitter.com/themattharris > > > On Wed, Oct 6, 2010 at 4:37 PM, Martin > > Hannahbegin_of_the_skype_highlighting end_of_the_skype_highlighting<mhan...@coresoft.com.au> > > wrote: > > > We are converting our Twitter interfaces to oAuth and from the advise > > > onhttp://twittervb.codeplex.com/wikipage?title=XAuthwe are heading > > > down the path of xAuth for our desk top applications that use Twitter. > > > > We opted not to use TwitterVB.dll for backward compatibility of older > > > sites, so we are faced with a DIY situation. > > > > Even though we are intending to use xAuth, we have had to build > > > libraries that will handle the authentication and signature of the > > > messages, so as a first step we are attempting to replicate the > > > request token as explained inhttp://dev/twitter.com/pages/auth. > > > > We have build libraries that correctly assemble the post parameters, > > > we are using ChilKat Crypt to create the signature, and to prove they > > > are working we copy / paste the POST parameters from the example on > > >http://dev/twitter.com/pages/authand pass it to our library methods, > > > the returned signature and post is exactly the same as the examples on > > >http://dev/twitter.com/pages/auth. > > > > Then using our consumber key etc we create the POST and is formatted > > > exactly the same as the example onhttp://dev/twitter.com/pages/auth, > > > except of course it uses our consumer_key, oauth_nonce/timetamp etc. > > > > So the package we are sending looks perfect, we dumped it to > > > Notepad.exe and copy / pasted in dev.twitter.com example to compare > > > character by character and confirmed the only difference being the > > > oauth_consumer_key, signature etc. > > > > YET, regardless of if we send it through MS XMLHTTP or convert it to a > > > URL and copy / paste into a Web browser we still get the message > > > "Failed to validate oauth signature and token". > > > > We have exausted all the on line web blogs and resources we can find. > > > We have used sites > > > likehttp://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... > > > to try to reconstruct the post and compare the results against what > > > our application produces, and we are at a loss. It looks like we have > > > the wrong consumer keys or something stupid, but beleive me we have > > > copy / pasted those in as well to make sure there was no error. > > > > Remember we have used the parameters in your example on > > >http://dev.twitter.com/pages/authand the signature and resulting > > > posts our software produces are the same as the examples on > > > dev.twitter.com, so it looks like our software using our libraries is > > > working correctly. > > > > Here are the two posts, with the example from dev.Twitter.com followed > > > by the one produced by our site : > > > > Sample 1 - From our software but using values > > > fromhttp://dev.twitter.com/pages/auth > > > OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance > > > %2Fprocess_callback%3Fservice_provider_id%", > > > oauth_consumer_key="GDdmIQH6jhtmLUypg82g" , > > > oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", > > > oauth_signature="8wUi7m5HFQy76nowoCThusfgB%2BQ%3D", > > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="12723230", > > > oauth_version="1.0" > > > > Sample 2 - From our software using our consumer keys etc > > > OAuth oauth_callback="oob", > > > oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ", > > > oauth_nonce="ZcVmkYA3KYlVwN0kRaNHcsxiPbl4m16KZSHeyZfGF1v", > > > oauth_signature="0XXxEzENnco46hxIrgIG%2FvfK9Wk%3D", > > > oauth_signiture_method="HMAC-SHA1", oauth_timestamp="53697279", > > > oauth_version="1.0" > > > > ALSO: I noted if we use the > > > URLhttps://api.twitter.com/oauth/request_token?bla_bla_bla > > > it also returns the same message so the API needs a little more > > > diagnostic capability or perhaps you can provide a diagnostic tool or > > > sandbox environment to help developers know whats wrong with the > > > posts. > > > > What can we do from here... > > > > -- > > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > > API updates via Twitter:http://twitter.com/twitterapi > > > Issues/Enhancements > > > Tracker:http://code.google.com/p/twitter-api/issues/list > > > Change your membership to this > > > group:http://groups.google.com/group/twitter-development-talk- Hide > > > quoted text - > > - Show quoted text - -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
