Hey,

Looking at your example basestring it looks like you have your OAuth steps 
confused. In your example you are sending an oauth_token with your request to 
/oauth/request_token when you shouldn't be.

You can read more on the OAuth flow on our developer site:
    http://dev.twitter.com/pages/auth

The specific section about request_token is here:
    http://dev.twitter.com/pages/auth#request-token

Best
@themattharris

On Apr 20, 2011, at 9:10, galeyte <gaetan...@gmail.com> wrote:

> Is it possible to have any help ?
> here is the base string i'm generating :
> 
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost
> %253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id
> %253D11%26oauth_consumer_key%3DVqqupffO63SXe1pt70gqDA%26oauth_nonce
> %3DbIMeZu%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1303315938%26oauth_token%3D278460982-
> BLIgYJ81sbHYUYg9JYodKM75fxCM1v1NrG9GuzIJ%26oauth_version%3D1.0
> 
> the signature :
> 2sxwv2R1Q+taksgof+QGFlUwqmw=
> 
> and the "AUTHORIZATION" header field i'm transmiting to
> https://api.twitter.com/oauth/request_token :
> 
> OAuth oauth_nonce="bIMeZu",oauth_callback="http%3A%2F%2Flocalhost
> %3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id
> %3D11",oauth_signature_method="HMAC-
> SHA1",oauth_timestamp="1303315938",oauth_consumer_key="VqqupffO63SXe1pt70gqDA",oauth_signature="2sxwv2R1Q
> %2Btaksgof%2BQGFlUwqmw%3D",oauth_version="1.0"
> 
> I'm still getting the same response whereas the tools i check my work
> with say my basestring and signature are ok.
> 
> Thanks.
> 
> On 19 avr, 18:01, galeyte <gaetan...@gmail.com> wrote:
>> Hi again,
>> 
>> So i've deleted my previous code, and started again to respect
>> twitter's doc and oauth thing i've seen before.
>> Here is my new code, header-based, calling the good endpoint url :
>> 
>> function getSignature() {
>>     var nonce = OAuth.nonce(31);
>>     var time = OAuth.timestamp();
>>     var parameters = ["oauth_token="+oauth_token,
>> "oauth_consumer_key="+consumer_key, "oauth_nonce="+nonce,
>> "oauth_signature_method=HMAC-SHA1",
>> "oauth_timestamp="+time,"oauth_version=1.0"];
>>     parameters = parameters.sort();
>>     var join = parameters.join("&");
>>     var joindparameters = encodeURIComponent(join);
>>     var baseString = "POST&"+encodeURIComponent(request_token_url)+
>> "&" + joindparameters;
>>     var signature = b64_hmac_sha1(consumer_secret + "&" +
>> oauth_token_secret, baseString);
>>     console.log(signature);
>>     request_maker = new XMLHttpRequest();
>>     request_maker.open("POST", request_token_url);
>>     request_maker.setRequestHeader("Content-Type", "application/x-www-
>> form-urlencoded");
>>     request_maker.onreadystatechange = oth_func;
>>     var data = "OAuth oauth_nonce=\""+nonce+"\",
>> oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\""+time+"\",
>> oauth_consumer_key=\""+consumer_key+"\", oauth_signature=
>> \""+encodeURIComponent(signature)+"\", oauth_version=\"1.0\"";
>>     console.log(data);
>>     request_maker.setRequestHeader("Authorization", data);
>>     request_maker.send();
>> 
>> }
>> 
>> I'm totally sure about my basestring and my signature (checked 
>> withhttp://oauth.googlecode.com/svn/code/javascript/example/signature.html)
>> I've tried with 2 composite signing key :
>> first : consumer_secret + "&" + oauth_token_secret
>> second: consumer_secret + "&"
>> but it did not change anything.
>> 
>> On Apr 19, 3:47 pm, galeyte <gaetan...@gmail.com> wrote:
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> And i stop using OAuth javascript library, and i'm getting the same
>>> basestring and signature as oauth library examples
>> 
>>> Here is the authorization header i send :
>>> OAuth realm='', oauth_nonce=1W3hagbtydTy8GBfkqxS3imJUDUfINi,
>>> oauth_timestamp=1303220837, oauth_consumer_key=[CONSUMER_KEY],
>>> oauth_signature_method=HMAC-SHA1, oauth_version=1.0,
>>> oauth_signature=ik0d0OV6JzLxQ/yeddowfSQCQgg=
>> 
>>> On 19 avr, 14:44, galeyte <gaetan...@gmail.com> wrote:
>> 
>>>> Ok so i've stopped using OAuth javascript library
>> 
>>>> Here is my new code :
>>>> function getSignature() {
>>>>     var nonce = OAuth.nonce(31);
>>>>     var time = OAuth.timestamp();
>>>>     var parameters = [encodeURIComponent("oauth_token="+oauth_token),
>>>> encodeURIComponent("oauth_consumer_key="+consumer_key),
>>>> encodeURIComponent("oauth_nonce="+nonce),
>>>>         encodeURIComponent("oauth_signature_method=HMAC-
>>>> SHA1"),encodeURIComponent("oauth_timestamp="+time),
>>>> encodeURIComponent("oauth_version=1.0")];
>>>>     parameters = parameters.sort();
>>>>     var join = parameters.join("&");
>>>>     var joindparameters = encodeURIComponent(join);
>>>>     var baseString = "POST&"+encodeURIComponent(request_token_url)+
>>>> "&" + joindparameters;
>>>>     console.log("baseString = " + baseString);
>>>>     var signature = b64_hmac_sha1(consumer_secret +
>>>> "&"+oauth_token_secret, baseString);
>>>>     console.log(signature);
>>>>     request_maker = new XMLHttpRequest();
>>>>     request_maker.open("POST", request_token_url);
>>>>     var data = "OAuth realm='', oauth_nonce="+nonce+",
>>>> oauth_timestamp="+time+", oauth_consumer_key="+consumer_key+",
>>>> oauth_signature_method=HMAC-SHA1, oauth_version=1.0,
>>>> oauth_signature="+signature;
>>>>     console.log(data);
>>>>     request_maker.setRequestHeader("Authorization", data);
>>>>     request_maker.onreadystatechange = oth_func;
>>>>     request_maker.send();
>> 
>>>> }
>> 
>>>> and here is the BaseString it generates :
>>>> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
>>>> %2Frequest_token&oauth_consumer_key%253D[OAUTH_CONSUMER_KEY]
>>>> %26oauth_nonce%253D9HQfzLWlhqFpZAaURHNHr5bkpvMlweg
>>>> %26oauth_signature_method%253DHMAC-SHA1%26oauth_timestamp
>>>> %253D1303216955%26oauth_token%253DOAUTH_TOKEN%26oauth_version%253D1.0
>> 
>>>> and here is the signature :
>>>> N2K3D1ZjAd7h8urLAjeyUSTWFUU=
>> 
>>>> I've tried generate the signature with composite signing key :
>>>> "consumer_secret" + "&" + "token_secret" and without the token_secret
>> 
>>>> On 19 avr, 11:08, galeyte <gaetan...@gmail.com> wrote:
>> 
>>>>> Hi,
>> 
>>>>> Thanks for answering my question.
>>>>> I've tried a lot of things to reach oauth/request_token, and i've
>>>>> tried :
>>>>> request_maker.open("POST", "https://api.twitter.com/oauth/
>>>>> request_token")
>>>>> but nothing has changed !
>> 
>>>>> here is my new code :
>> 
>>>>> function signForm() {
>>>>>     accessor = { consumerSecret: consumer_secret
>>>>>         , tokenSecret   : oauth_token_secret};
>>>>>     message = { action: "https://api.twitter.com/oauth/request_token";
>>>>>         , method: "POST"
>>>>>         , parameters: []
>>>>>     };
>>>>>     message.parameters.push(["oauth_consumer_key=", consumer_key]);
>>>>>     message.parameters.push(["oauth_callback=", oauth_callback]);
>>>>>     message.parameters.push(["oauth_signature_method=",
>>>>> signature_method]);
>>>>>     OAuth.setTimestampAndNonce(message);
>>>>>     message.parameters.push(["oauth_version=", oauth_version]);
>>>>>     OAuth.SignatureMethod.sign(message, accessor);
>>>>>     return true;
>> 
>>>>> }
>> 
>>>>> function getSignature() {
>>>>>     signForm();
>>>>>     console.log(OAuth.SignatureMethod.getBaseString(message));
>>>>>     console.log(OAuth.getParameter(message.parameters,
>>>>> "oauth_signature"));
>>>>>     request_maker = new XMLHttpRequest();
>>>>>     request_maker.open("POST", "https://api.twitter.com/oauth/
>>>>> request_token");
>>>>>     request_maker.setRequestHeader("Host", "api.twitter.com");
>>>>>     request_maker.setRequestHeader("Content-type", "application/x-www-
>>>>> form-urlencoded");
>>>>>     request_maker.setRequestHeader("Authorization", "OAuth
>>>>> "+"oauth_signature_method="+signature_method
>>>>> +"&oauth_timestamp="+OAuth.getParameter(message.parameters,
>>>>> "oauth_timestamp")
>>>>> +"&oauth_nonce="+OAuth.getParameter(message.parameters, "oauth_nonce")
>>>>> +"&oauth_signature="+OAuth.getParameter(message.parameters,
>>>>> "oauth_signature"));
>>>>>     request_maker.onreadystatechange = oth_func;
>>>>>     request_maker.send("oauth_signature_method="+signature_method
>>>>> +"&oauth_timestamp="+OAuth.getParameter(message.parameters,
>>>>> "oauth_timestamp")
>>>>> +"&oauth_nonce="+OAuth.getParameter(message.parameters, "oauth_nonce")
>>>>> +"&oauth_signature="+escape(OAuth.getParameter(message.parameters,
>>>>> "oauth_signature")));
>> 
>>>>> }
>> 
>>>>> At first i thought it was my signature but i've checked again and it
>>>>> appears to be ok. maybe it's about base64 thing.
>>>>> I've also seen that when i checked request_token with that tool 
>>>>> :http://oauth.googlecode.com/svn/code/javascript/example/requestToken....
>>>>> Request_token succees on https but fails on http.
>> 
>>>>> On 18 avr, 21:14, Matt Harris <thematthar...@twitter.com> wrote:
>> 
>>>>>> Hi,
>> 
>>>>>> Looking at your code this line:
>>>>>>    request_maker.open("POST", "https://api.twitter.com/oauth";);
>> 
>>>>>> makes it look like you are making a request to:
>>>>>>    https://api.twitter.com/oauth
>> 
>>>>>> Double check you are sending the user to the correct endpoint. At this 
>>>>>> point
>>>>>> of your flow I think you mean to make a request 
>>>>>> tohttps://api.twitter.com/oauth/request_token.
>> 
>>>>>> Best
>>>>>> @themattharris
>>>>>> Developer Advocate, Twitterhttp://twitter.com/themattharris
>> 
>>>>>> On Fri, Apr 15, 2011 at 4:51 AM, galeyte <gaetan...@gmail.com> wrote:
>>>>>>> I don't have a 401 anymore but i recieve a "you are being redirected"
>>>>>>> page, so i can't get my request_token
>>>>>>> here is my code :
>> 
>>>>>>> function getSignature() {
>>>>>>>    var accessor = { consumerSecret: consumer_secret,
>>>>>>>        tokenSecret: oauth_token_secret
>>>>>>>    };
>>>>>>>    var message = { method: "POST",
>>>>>>>         action: "/request_token",
>>>>>>>         parameters: []
>>>>>>>    };
>>>>>>>    message.parameters.push(["oauth_callback",
>>>>>>> OAuth.formEncode(oauth_callback)]);
>>>>>>>    message.parameters.push(["oauth_consumer_key",
>>>>>>> OAuth.formEncode(consumer_key)]);
>>>>>>>    message.parameters.push(["oauth_nonce", OAuth.nonce(32)]);
>>>>>>>     message.parameters.push(["oauth_signature_method",
>>>>>>> signature_method]);
>>>>>>>    message.parameters.push(["oauth_timestamp", OAuth.timestamp()]);
>>>>>>>    OAuth.completeRequest(message, accessor);
>>>>>>>    OAuth.SignatureMethod.sign(message, accessor);
>>>>>>>    console.log(OAuth.getParameter(message.parameters,
>>>>>>> "oauth_signature"));
>>>>>>>     var data = "Oauth oauth_consumer_key="+consumer_key
>>>>>>> +"&oauth_signature_method="+signature_method
>>>>>>> +"&oauth_callback="+OAuth.getParameter(message.parameters,
>>>>>>> "oauth_callback")
>>>>>>>        +"&oauth_timestamp="+OAuth.getParameter(message.parameters,
>>>>>>> "oauth_timestamp")
>>>>>>> +"&oauth_nonce="+OAuth.getParameter(message.parameters, "oauth_nonce")
>>>>>>> +"&oauth_signature="+OAuth.getParameter(message.parameters,
>>>>>>> "oauth_signature");
>>>>>>>    console.log(data);
>>>>>>>    request_maker = new XMLHttpRequest();
>>>>>>>     request_maker.open("POST", "https://api.twitter.com/oauth";);
>>>>>>>     request_maker.setRequestHeader("Authorization", data);
>>>>>>>    request_maker.onreadystatechange = oth_func;
>>>>>>>     request_maker.send("Authorization OAuth" + data);
>>>>>>> }
>> 
>>>>>>> I don't
>> 
>> ...
>> 
>> plus de détails »
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to