We had an application successfully talking to twitter for a few years prior to oAuth, and now converting this application to xAuth and cant get past the first step.
The application gets a 401 "Unauthorized" response when attempting to get the access token. Have confirmed our program when provided with the same consumer_key and Secret key as on twitter documentation page http://dev.twitter.com/pages/xauth produces exactly the same Singature, parameters, base string as on http://dev.twitter.com/pages/xauth doco page. (i.e. have done detailed string comparisons of output at each step to the twitter documentation http://dev.twitter.com/pages/xauth by placing the twitter values in a string variable and comparing to the values produced by our program, so confident these are the same) . Using our consumer and secret keys in the test site http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests and compared the base string and signature results to our program and again they are exactly the same. Have checked the time stamp is producing correct time (based on enoch time) by comparing against against http://unixtimestamp.com/index.php Passing my consumer_secret with & at end into signature generator (which as I said above seems to be producing correct results because we used values in http://dev.twitter.com/pages/xauth and it generated the same oauth_signature value) Base string: POST&https%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_token&oauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ %26oauth_nonce %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dxxxxxxxx %26x_auth_username%3Dxxxxxxxx Authorization header parameters: OAuth oauth_nonce="uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288131701", oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ", oauth_signature="VQYSXdvrEtlvugqUpTXbCjYTNa0%3D", oauth_version="1.0" Twitter response: Status= 401 StatusTxt= Unauthorized Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT Server: hi Status: 401 Unauthorized X-Transaction: 1288128121-92836-33309 Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT X-Runtime: 0.00473 Content-Type: text/html; charset=utf-8 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa %252BorASIKZmxhc2hJQzonQWN0aW9uQ29u %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl %250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw-- f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/ Connection: close The actual Send procedure is: (tried procedure using both both blank and valid p-username and p-password) define var objHTTP as com-handle. Create "Microsoft.XMLHTTP" objHTTP . objHTTP:open("POST",api-atokin, false, p-username, p-password). objHTTP:setRequestHeader('Authorization', v-params). objHTTP:SetRequestHeader("Content-Type","application/x-www-form- urlencoded"). objHTTP:send(). v-response = 'Response= ' + objHTTP:responseText + chr(10) + 'Status= ' + objHTTP:status + chr(10) + 'StatusTxt= ' + objHTTP:statusText + chr(10) + 'Headers= ' + objHTTP:getAllResponseHeaders() + chr(10) . I have emailed api.twitter.com and asked for them to check that I have xAuth enabled and they responded: "I can confirm that your application, client ID xxxxxxx, has xAuth access and I just refreshed its permissions and consumer keys for good measure. If you still get 401 errors when trying to use xAuth with these new keys, please post about it in our Developer Talk Group: http://groups.google.com/group/twitter-development-talk . Our developer advocates have been tracking some issues like these and will be happy to help you out there, as well as use any information you provide to debug any possible related issues on our side. I apologize for the inconvenience." I am stumped, and my team has been on this for 3 weeks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk