Well, I see. First of all oauth_signature is HMAC hash of your
properly encoded query parameters, not oauth_token_secret. The idea is
that only your app and Twitter may know it. Don't ever send it!

Request token is like an authorization session ID, which you would
exchange for an access token (You may not know access token before
that, actually.) So, doublecheck
http://dev.twitter.com/doc/post/oauth/request_token, it requires no
authentication. All you need is to fetch oauth_request_token and
oauth_request_secret. If you already have an access token, like in
your example, you can work with all API's methods right away, but
don't forget provide valid oauth_signature.

Here's easily explained routine: http://dev.twitter.com/pages/auth
And more in-depth OAuth 1.0 info: http://tools.ietf.org/html/rfc5849

On Wed, Nov 24, 2010 at 10:38 AM, rajat <rajat.triu...@gmail.com> wrote:
> I am sending AJAX request to acquire a request token but getting 403
> Forbidden error. I am putting following example to show my approach
>
> Available info :
> ---------------------------------------------------
> 1. Consumer Key : abckey
> 2. Consumer secret : xyzsecret
> 3. Request token URL : https://api.twitter.com/oauth/request_token
> 4. Registered OAuth Callback URL : http://127.0.0.1/twitter/index.html
> 5. Access Token (oauth_token) : 1234-efghaccess
> 6. Access Token Secret (oauth_token_secret) : mnopqrstaccesssecret
>
> My Javascript code
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------
> var today = new Date();
> var ts = Math.round(today.getTime()/1000.0);
>
> xmlhttp=getxmlhttobject();
> url = "http://api.twitter.com/oauth/request_token";;
> xmlhttp.open("POST", url, true);
> xmlhttp.setRequestHeader("Authorization","OAuth oauth_nonce=
> \"126weOPUDSBLS02dXTlp5tYjv434FE9ALwKILYFIU\", oauth_signature_method=
> \"HMAC-SHA1\", oauth_timestamp=\""+ ts +"\", oauth_consumer_key=
> \"abckey\", oauth_token=\"1234-efghaccess\", oauth_signature=
> \"mnopqrstaccesssecret\" , oauth_version=\"1.0\"");
> xmlhttp.send(null);
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
> When i check live headers in mozilla i get status as 403 Forbidden
> error.
>
> Can anyone guide me where i am doing wrong..
>
> Thank you.
>
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to