[twitter-dev] failed to validate oauth signature and token
Hi again ! I'm trying to develop a desktop-application javascript based. I'm actually trying to get the request_token from twitter. I'm using OAuth js library, and after testing their examples, i'm trying to do the same thing as http://oauth.googlecode.com/svn/code/javascript/example/requestToken.html do, because it seems to work and twitter respond with a valuable request_token and secret. To complete the exactly same request, i've been wiresharking my http request and form the same strings with XMLHttpRequest in my code. The only response i get is 401 - failed to validate oauth signature or token, so i assume i make a mistake in basestring generation or basstring signature. my code : function signForm() { accessor = { consumerSecret: consumer_secret , tokenSecret : oauth_token_secret}; message = { action: /request_token , method: POST , parameters: []}; message.parameters.push([oauth_consumer_key, consumer_key]); message.parameters.push([oauth_signature_method, signature_method]); OAuth.setTimestampAndNonce(message); OAuth.SignatureMethod.sign(message, accessor); return true; } function getSignature() { signForm(); console.log(OAuth.getParameter(message.parameters, oauth_signature)); OAuth.completeRequest(message, accessor); request_maker = new XMLHttpRequest(); request_maker.open(POST, http://api.twitter.com/oauth/ request_token); request_maker.setRequestHeader(Host, api.twitter.com); request_maker.setRequestHeader(Content-type, application/x-www- form-urlencoded); request_maker.onreadystatechange = oth_func; request_maker.send(oauth_consumer_key=+consumer_key +oauth_signature_method=+signature_method +oauth_timestamp=+OAuth.getParameter(message.parameters, oauth_timestamp) +oauth_nonce=+OAuth.getParameter(message.parameters, oauth_nonce) +oauth_signature=+encodeURI(OAuth.getParameter(message.parameters, oauth_signature))); } I've seen some base64 encoding in some twitter client sources, but since it's not mentioned in twitter api doc, i don't use base64. If you have any clue to help me go through this issue, i'd be gratefull ! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] failed to validate oauth signature and token
I'm posting this because I couldn't find it anywhere, and I'm sure it has come up in the past. When URL encoding, use only uppercase characters for the URL codes. Granted, depending on your scripting language and how you're assembling the signature base string, this won't be an issue. However, in my case, I had '%3d' instead of '%3D' in one location. Per RFC3986, this is not a meaningful difference.* In fact, my signature base string passed the base string tester at http://quonos.nl/oauthTester with the lowercase 'd'. The problem is that the OAuth validator seems to work by constructing a copy of the base signature off of the authorization header, requested URL, and HTTP method (excluding the 'oauth_signature' name/ value pair in the authorization header). It then performs an HMAC-SHA1 hash on the base signature string it has constructed from those values and compares it with the submitted signature. When the validator constructs its own base signature string it uses all uppercase characters in the URL escape codes, and that will create a different signature than one derived from mixed case escape codes. Anyway, I hope this helps someone. I sure could've used it about half a day ago. *http://tools.ietf.org/html/rfc3986#section-2.1 -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Failed to validate oauth signature and token
Please check your Base String at http://quonos.nl/oauthTester/. You seem to be missing the between the parameters. I also see other issues, but the signature checker will reveal those to you as well. Tom On 2/9/11 12:15 AM, Dale wrote: I am attempting to set up a ColdFusion script to do auto updates to Twitter when a new article is posted to our CMS. I have been having trouble getting the request token and keep getting the Failed to validate oauth signature and token error message when making attempts. Here is my request string... POSThttp%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest%5Ftoken%26oauth %5Fconsumer%5Fkey%XXX%26oauth%5Fsignature%5Fmethod%3DHMAC %2DSHA1%26oauth%5Ftimestamp%3D1297206414%26oauth%5Fversion %3D1%2E0%26oauth%5Fnonce%3D556979%2E9534 I have verified that the time stamp is the the correct epoch time in my time zone (PST). Any help would be appreciated. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Failed to validate oauth signature and token
I am attempting to set up a ColdFusion script to do auto updates to Twitter when a new article is posted to our CMS. I have been having trouble getting the request token and keep getting the Failed to validate oauth signature and token error message when making attempts. Here is my request string... POSThttp%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest%5Ftoken%26oauth %5Fconsumer%5Fkey%XXX%26oauth%5Fsignature%5Fmethod%3DHMAC %2DSHA1%26oauth%5Ftimestamp%3D1297206414%26oauth%5Fversion %3D1%2E0%26oauth%5Fnonce%3D556979%2E9534 I have verified that the time stamp is the the correct epoch time in my time zone (PST). Any help would be appreciated. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Failed to validate oauth signature and token
Hello, I am using Twitter Oauth library for signing in to Twitter getting access token for posting tweets programatically. But when I am trying to run the application on my server it is giving me error like Failed to validate oauth signature and token I tried to move the application on another server it is working. So what should be the problem behind this? Is there any configuration required for the server in order to make this work? Please help me. Thanks in advance. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Failed to validate oauth signature and token
Your servers clock needs to be properly synced using NTP. http://en.wikipedia.org/wiki/Network_Time_Protocol Abraham - Abraham Williams | Hacker Advocate | abrah.am @abraham https://twitter.com/abraham | github.com/abraham | blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Thu, Nov 11, 2010 at 05:36, computerzworld meat2...@gmail.com wrote: Hello, I am using Twitter Oauth library for signing in to Twitter getting access token for posting tweets programatically. But when I am trying to run the application on my server it is giving me error like Failed to validate oauth signature and token I tried to move the application on another server it is working. So what should be the problem behind this? Is there any configuration required for the server in order to make this work? Please help me. Thanks in advance. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Failed to validate oauth signature and token
I have two browser-based applications. One has been running for a week but today is getting Failed to validate oauth signature and token error. I made no changes. Using the EPITwitter library. Even reset the tokens. EpiTwitter Object ( [requestTokenUrl:protected] = http://twitter.com/oauth/request_token [accessTokenUrl:protected] = http://twitter.com/oauth/access_token [authorizeUrl:protected] = http://twitter.com/oauth/authorize [apiUrl:protected] = http://twitter.com [version] = 1.0 [consumerKey:protected] = x [consumerSecret:protected] = x [token:protected] = [tokenSecret:protected] = [signatureMethod:protected] = HMAC-SHA1 [curl] = EpiCurl Object ( [mc:private] = Resource id #8 [msgs:private] = [running:private] = [requests:private] = Array ( [Resource id #9] = Resource id #9 ) [responses:private] = Array ( [Resource id #9] = Array ( [data] = Failed to validate oauth signature and token [code] = 401 [time] = 0.249076 [length] = 44 [type] = text/html; charset=utf-8 ) ) [properties:private] = Array ( [code] = 2097154 [time] = 3145731 [length] = 3145743 [type] = 1048594 ) ) ) The other application is a clone but under another account, using different key and tokens of course. That one authenticates and tries to send tweets (post_statusesUpdate), gets no error responses but the tweets never appear in the account. Any ideas on either? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Failed to validate oauth signature and token
The URLs in that object are very old. You should always use api.twitter.com, and if possible, https://. I cannot tell you why you are getting this error without seeing more info about the request, like the complete HTTP request, and some information about the signature generation. Tom On 10/28/10 7:54 PM, kprobe wrote: I have two browser-based applications. One has been running for a week but today is getting Failed to validate oauth signature and token error. I made no changes. Using the EPITwitter library. Even reset the tokens. EpiTwitter Object ( [requestTokenUrl:protected] = http://twitter.com/oauth/request_token [accessTokenUrl:protected] = http://twitter.com/oauth/access_token [authorizeUrl:protected] = http://twitter.com/oauth/authorize [apiUrl:protected] = http://twitter.com [version] = 1.0 [consumerKey:protected] = x [consumerSecret:protected] = x [token:protected] = [tokenSecret:protected] = [signatureMethod:protected] = HMAC-SHA1 [curl] = EpiCurl Object ( [mc:private] = Resource id #8 [msgs:private] = [running:private] = [requests:private] = Array ( [Resource id #9] = Resource id #9 ) [responses:private] = Array ( [Resource id #9] = Array ( [data] = Failed to validate oauth signature and token [code] = 401 [time] = 0.249076 [length] = 44 [type] = text/html; charset=utf-8 ) ) [properties:private] = Array ( [code] = 2097154 [time] = 3145731 [length] = 3145743 [type] = 1048594 ) ) ) The other application is a clone but under another account, using different key and tokens of course. That one authenticates and tries to send tweets (post_statusesUpdate), gets no error responses but the tweets never appear in the account. Any ideas on either? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Failed to validate oauth signature and token - C# .Net
Hi I'm getting the Failed to validate oauth signature and token error, and I really don't know what I'm doing wrong. Here are the request and responses, hope someone can figure out what's wrong: Request: POST https://api.twitter.com/oauth/request_token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=63b2a5f9- c84c-4139-9e72-09704f8c460f, oauth_callback=http%3A%2F%2Fyakinix.web %2Foauth%2Fcallback, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288119361, oauth_consumer_key=6lu1o0Jd01UoBPIvdohog, oauth_signature=vI8MaCVg7XciXIeIay%2Bg%2BXGiflM%3D, oauth_version=1.0 Host: api.twitter.com Content-Length: 0 Connection: Keep-Alive Response: HTTP/1.1 401 Unauthorized Date: Tue, 26 Oct 2010 18:56:02 GMT Server: hi Status: 401 Unauthorized X-Transaction: 1288119362-88573-53455 Last-Modified: Tue, 26 Oct 2010 18:56:02 GMT X-Runtime: 0.01085 Content-Type: text/html; charset=utf-8 Content-Length: 44 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Set-Cookie: k=87.60.166.192.1288119362316968; path=/; expires=Tue, 02- Nov-10 18:56:02 GMT; domain=.twitter.com Set-Cookie: guest_id=128811936237445035; path=/; expires=Thu, 25 Nov 2010 18:56:02 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEij5ekrAToHaWQiJTYxZjRmNzM4OTYwNzBl %250AMzA3NWRlY2VhZTI1NDFhZGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--560f0521cbaf0946beaf5055905d6d07c1deb378; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close Failed to validate oauth signature and token Can anyone see what's wrong? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Failed to validate oauth signature and token - C# .Net
You're probably not creating a signature the right way. What is your base string? Tom On 10/26/10 9:01 PM, MartinHN wrote: Hi I'm getting the Failed to validate oauth signature and token error, and I really don't know what I'm doing wrong. Here are the request and responses, hope someone can figure out what's wrong: Request: POST https://api.twitter.com/oauth/request_token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce=63b2a5f9- c84c-4139-9e72-09704f8c460f, oauth_callback=http%3A%2F%2Fyakinix.web %2Foauth%2Fcallback, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1288119361, oauth_consumer_key=6lu1o0Jd01UoBPIvdohog, oauth_signature=vI8MaCVg7XciXIeIay%2Bg%2BXGiflM%3D, oauth_version=1.0 Host: api.twitter.com Content-Length: 0 Connection: Keep-Alive Response: HTTP/1.1 401 Unauthorized Date: Tue, 26 Oct 2010 18:56:02 GMT Server: hi Status: 401 Unauthorized X-Transaction: 1288119362-88573-53455 Last-Modified: Tue, 26 Oct 2010 18:56:02 GMT X-Runtime: 0.01085 Content-Type: text/html; charset=utf-8 Content-Length: 44 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Set-Cookie: k=87.60.166.192.1288119362316968; path=/; expires=Tue, 02- Nov-10 18:56:02 GMT; domain=.twitter.com Set-Cookie: guest_id=128811936237445035; path=/; expires=Thu, 25 Nov 2010 18:56:02 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEij5ekrAToHaWQiJTYxZjRmNzM4OTYwNzBl %250AMzA3NWRlY2VhZTI1NDFhZGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--560f0521cbaf0946beaf5055905d6d07c1deb378; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close Failed to validate oauth signature and token Can anyone see what's wrong? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Failed to validate oauth signature and token using Oauth.js and google app engine
I am getting the follwing error when trying to access request token using the google oauth.js found at http://oauth.googlecode.com/svn/code/javascript/oauth.js. My app is hosted on google app engine server. Below is the code (i've removed the token and consumer details) i'll be grateful for any assistance you could provide, Thank you: function getTwitterRequestToken(){ var url = https://api.twitter.com/oauth/request_token;; var accessor = { token: , tokenSecret: --, consumerKey : --, consumerSecret: - }; var message = { action: url, method: POST, parameters: { } }; OAuth.completeRequest(message, accessor); OAuth.SignatureMethod.sign(message, accessor); url = url + '?' + OAuth.formEncode(message.parameters); window.location = url; -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Failed to validate oauth signature and token in xauth
Yes, I know there're already plenty of questions with this same topic, but I cannot really find out the one suite for me. I use C++ and libcurl to make a HTTP POST request, and here are some ingredients that I used for POST requests. Signature base string POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DMYCONSUMERKEY%26oauth_nonce %3DXZZJd88qUu25L8wpylQ6%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1285924211%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3DMYPASSWORD%26x_auth_username %3Dxoancer%40seed9.com POST Body x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth HTTP Header Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 I believe signature generating is not the problem since my program makes the proper one when it runs with the example at http://dev.twitter.com/pages/xauth. But without the signature parameter, I cannot found out what's wrong since every other parameters are just a given constants(except nonce, but he doesn't really matter I think.). Maybe I missed something in using libcurl, since it's first time for me to use this library, especially in setting HTTP Header. Follows are my source codes for libcurl parts. curl_global_init(CURL_GLOBAL_ALL); CURL *curl; curl = curl_easy_init(); curl_easy_reset(curl); curl_easy_setopt(curl, CURLOPT_URL, baseUrl.c_str()); // baseUrl == https://api.twitter.com/oauth/access_token curl_easy_setopt(curl, CURLOPT_POST, true); string postbody; for(int i=7;i=5;i--) postbody += + params[i].first + = + urlenc(params[i].second); postbody = postbody.substr(1); // postbody == x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postbody.c_str()); string header = Authorization: OAuth + params[1].first + =\ + params[1].second + \, + params[2].first + =\ + params[2].second + \, + params[3].first + =\ + params[3].second + \, + params[0].first + =\ + params[0].second + \, oauth_signature=\; header += urlenc(base64encoded); header += \, oauth_version=\1.0\; // header == Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 curl_slist* responseHeaders = NULL ; responseHeaders = curl_slist_append( responseHeaders , header.c_str() ) ; curl_easy_setopt( curl , CURLOPT_HTTPHEADER , responseHeaders ) ; string res; curl_easy_setopt( curl, CURLOPT_WRITEFUNCTION, write_callback ); curl_easy_setopt( curl, CURLOPT_WRITEDATA, res ); curl_easy_setopt(curl, CURLOPT_HEADER, true); curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, false); CURLcode rc = curl_easy_perform(curl); If you find some mistakes, please tell me. Thanks. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Failed to validate oauth signature and token in xauth
Using the Base String validator at http://quonos.nl/oauthTester/, I got this : Bad URL encoding! Both key and value in the POST body need to be URL encoded. In this case: xoan...@seed9.com is bad Tom On 10/1/10 11:34 AM, Hyeonjong Ryu wrote: Yes, I know there're already plenty of questions with this same topic, but I cannot really find out the one suite for me. I use C++ and libcurl to make a HTTP POST request, and here are some ingredients that I used for POST requests. Signature base string POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3DMYCONSUMERKEY%26oauth_nonce %3DXZZJd88qUu25L8wpylQ6%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1285924211%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3DMYPASSWORD%26x_auth_username %3Dxoancer%40seed9.com POST Body x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth HTTP Header Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 I believe signature generating is not the problem since my program makes the proper one when it runs with the example at http://dev.twitter.com/pages/xauth. But without the signature parameter, I cannot found out what's wrong since every other parameters are just a given constants(except nonce, but he doesn't really matter I think.). Maybe I missed something in using libcurl, since it's first time for me to use this library, especially in setting HTTP Header. Follows are my source codes for libcurl parts. curl_global_init(CURL_GLOBAL_ALL); CURL *curl; curl = curl_easy_init(); curl_easy_reset(curl); curl_easy_setopt(curl, CURLOPT_URL, baseUrl.c_str()); // baseUrl == https://api.twitter.com/oauth/access_token curl_easy_setopt(curl, CURLOPT_POST, true); string postbody; for(int i=7;i=5;i--) postbody += + params[i].first + = + urlenc(params[i].second); postbody = postbody.substr(1); // postbody == x_auth_username=xoancer %40seed9.comx_auth_password=MYPASSWORDx_auth_mode=client_auth curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postbody.c_str()); string header = Authorization: OAuth + params[1].first + =\ + params[1].second + \, + params[2].first + =\ + params[2].second + \, + params[3].first + =\ + params[3].second + \, + params[0].first + =\ + params[0].second + \, oauth_signature=\; header += urlenc(base64encoded); header += \, oauth_version=\1.0\; // header == Authorization: OAuth oauth_nonce=XZZJd88qUu25L8wpylQ6, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1285924211, oauth_consumer_key=MYCONSUMERKEY, oauth_signature=l4L1%2Fn7w3P7U0lcxvkTizusF2TY%3D, oauth_version=1.0 curl_slist* responseHeaders = NULL ; responseHeaders = curl_slist_append( responseHeaders , header.c_str() ) ; curl_easy_setopt( curl , CURLOPT_HTTPHEADER , responseHeaders ) ; string res; curl_easy_setopt( curl, CURLOPT_WRITEFUNCTION, write_callback ); curl_easy_setopt( curl, CURLOPT_WRITEDATA, res ); curl_easy_setopt(curl, CURLOPT_HEADER, true); curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, false); CURLcode rc = curl_easy_perform(curl); If you find some mistakes, please tell me. Thanks. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] “Failed to validate oauth signature and token
Hi, I am trying a do twitter authentication using oAuth. I am getting error in first step itself (i.e while getting RequestToken itself). I am trying this from a php page running on my machin (twitter application registered as desktop application). I am new to php development, any inputs are appreciated. Below are Request and Response Thanks, Ramesh -- request -- HTTP_OAuth_Consumer_Request Object ( [authType:protected] = 1 [secrets:protected] = Array ( [0] = Cxnk2e8Kbz8CLskAwzl7BBlCvkjPptSHcEIzXXvUAE [1] = ) [request:protected] = HTTP_Request2 Object ( [observers:protected] = Array ( ) [url:protected] = Net_URL2 Object ( [_options:Net_URL2:private] = Array ( [strict] = 1 [use_brackets] = 1 [encode_keys] = 1 [input_separator] = [output_separator] = ) [_scheme:Net_URL2:private] = http [_userinfo:Net_URL2:private] = [_host:Net_URL2:private] = twitter.com [_port:Net_URL2:private] = [_path:Net_URL2:private] = /oauth/request_token [_query:Net_URL2:private] = [_fragment:Net_URL2:private] = ) [method:protected] = POST [auth:protected] = [headers:protected] = Array ( [user-agent] = HTTP_Request2/0.5.2 (http://pear.php.net/ package/http_request2) PHP/5.3.1 [authorization] = OAuth realm=http://twitter.com/;, oauth_consumer_key=*, oauth_nonce=*, oauth_signature=*, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1284910240, oauth_version=1.0 ) [config:protected] = Array ( [adapter] = HTTP_Request2_Adapter_Socket [connect_timeout] = 10 [timeout] = 0 [use_brackets] = 1 [protocol_version] = 1.1 [buffer_size] = 16384 [store_body] = 1 [proxy_host] = [proxy_port] = [proxy_user] = [proxy_password] = [proxy_auth_scheme] = basic [ssl_verify_peer] = 1 [ssl_verify_host] = 1 [ssl_cafile] = [ssl_capath] = [ssl_local_cert] = [ssl_passphrase] = [digest_compat_ie] = [follow_redirects] = [max_redirects] = 5 [strict_redirects] = ) [lastEvent:protected] = Array ( [name] = disconnect [data] = ) [body:protected] = [postParams:protected] = Array ( ) [uploads:protected] = Array ( ) [adapter:protected] = HTTP_Request2_Adapter_Socket Object ( [serverChallenge:protected] = [proxyChallenge:protected] = [deadline:protected] = [chunkLength:protected] = 0 [redirectCountdown:protected] = [contentLength:protected] = 0 [socket:protected] = ) ) [parameters:protected] = Array ( [oauth_callback] = [oauth_consumer_key] = * [oauth_signature_method] = HMAC-SHA1 [oauth_timestamp] = 1284910240 [oauth_nonce] = * [oauth_version] = 1.0 [oauth_signature] = = ) ) -- response -- HTTP_OAuth_Consumer_Response Object ( [response:protected] = HTTP_Request2_Response Object ( [version:protected] = 1.1 [code:protected] = 401 [reasonPhrase:protected] = Unauthorized [headers:protected] = Array ( [date] = Sun, 19 Sep 2010 15:30:41 GMT [server] = hi [status] = 401 Unauthorized [x-transaction] = 1284910241-69054-62865 [last-modified] = Sun, 19 Sep 2010 15:30:41 GMT [x-runtime] = 0.01374 [content-type] = text/html; charset=utf-8 [pragma] = no-cache [x-revision] = DEV [expires] = Tue, 31 Mar 1981 05:00:00 GMT [cache-control] = no-cache, no-store, must-revalidate, pre-check=0, post-check=0 [x-xss-protection] = 1; mode=block [x-frame- options] = SAMEORIGIN [vary] = Accept-Encoding [content-encoding] = gzip [content-length] = 62 [connection] = close ) [cookies:protected] = Array ( [0] = Array ( [expires] = Sun, 26- Sep-10 15:30:41 GMT [domain] = .twitter.com [path] = / [secure] = [name] = k [value] = 98.180.203.164.1284910241513942 ) [1] = Array ( [expires] = Tue, 19 Oct 2010 15:30:41 GMT [domain] = [path] = / [secure] = [name] = guest_id [value] = 128491024151857994 ) [2] = Array ( [expires] = [domain] = .twitter.com [path] = / [secure] = [name] = _twitter_sess [value] = **d2f0b79c14dec4c9fe0ac026395fd6afc68a3c75 ) ) [lastHeader:protected] = connection [body:protected] = ‹ sKÌÌIMQ(ÉW(KÌÉLI,IUÈO,-ÉP(ÎLÏK,)-JUHÌ Ég§æ šÎë, [bodyEncoded:protected] = 1 ) [parameters:protected] = Array ( ) ) ERROR: Failed getting token and token secret from response -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Failed to validate oauth signature and token with xAuth
Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Base String looks fine. What's the complete request you are making? (the POST /oauth/access_token HTTP/1.1 part) Tom On 9/17/10 10:04 AM, mlowicki wrote: Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Hey Michal Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris On Sep 17, 2010, at 1:04, mlowicki mlowi...@gmail.com wrote: 1284633641688 -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Ok no idea what happened with my previous email. Anyway your timestamp is in milliseconds when it should be in seconds. Give that a go and let us know what happens. Matt On Sep 17, 2010, at 1:04, mlowicki mlowi...@gmail.com wrote: Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Failed to validate oauth signature and token with xAuth
Hi Matt! Even with: var timestamp = Math.round(new Date().getTime() / 1000); still the same problem. 2010/9/17 Matt Harris mhar...@twitter.com Ok no idea what happened with my previous email. Anyway your timestamp is in milliseconds when it should be in seconds. Give that a go and let us know what happens. Matt On Sep 17, 2010, at 1:04, mlowicki mlowi...@gmail.com wrote: Hello!, We're implementing widget for Opera browser and we got xAuth access lately. I'm trying to get access token but without any success so far - http://dpaste.com/hold/244795/. generated POST seems to be exactly the same as on http://dev.twitter.com/pages/xauth : POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dkkk%26oauth_nonce %3D0.5114195354710362%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1284633641688%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dpassword %26x_auth_username%3Dusername Any idea where is the problem? BR, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Pozdrawiam, Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Failed to validate oauth signature and token
I cannot get the oAuth to work properly. I am trying to get a web response of a string that looks like this: https://twitter.com/oauth/request_token? oauth_callback=http://win.plane.si/TwittRank/tweets.aspx oauth_consumer_key=[MY CONSUMER KEY] oauth_nonce=8536829 oauth_signature_method=HMAC-SHA1 oauth_timestamp=1281614745 oauth_token=[MY ACCESS TOKEN] oauth_version=1.0 oauth_signature=OTNQE/CGAcVemax9egTA5LFw04w=} I get the exception: The remote server returned an error: (401) Unauthorized. If I visit the URL above in browser i get: Failed to validate oauth signature and token Thanks for your help. Jure
Re: [twitter-dev] Failed to validate oauth signature and token
On 8/12/10 2:09 PM, Lumpizaver wrote: I cannot get the oAuth to work properly. I am trying to get a web response of a string that looks like this: https://twitter.com/oauth/request_token? oauth_callback=http://win.plane.si/TwittRank/tweets.aspx oauth_consumer_key=[MY CONSUMER KEY] oauth_nonce=8536829 oauth_signature_method=HMAC-SHA1 oauth_timestamp=1281614745 oauth_token=[MY ACCESS TOKEN] oauth_version=1.0 oauth_signature=OTNQE/CGAcVemax9egTA5LFw04w=} I get the exception: The remote server returned an error: (401) Unauthorized. If I visit the URL above in browser i get: Failed to validate oauth signature and token Thanks for your help. Jure Hello Jure, How are you generating your signature? (What is your Base String?) Also, I think that your nonce is a bit short. While it will not cause issues, you may like to take a longer one - and preferably alphanumeric. Tom
Re: [twitter-dev] Failed to validate oauth signature and token using ColdFusion8
hi carlos. i'm sorry that i'm not sure i can help to debug this code right now. if you are going to insist on creating your own functions to do the oauth signature, please consult http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/as its a great interactive walk through. however, i would *strongly* recommend using a library if possible. a simple google search turned up http://oauth.riaforge.org/. On Mon, Jul 5, 2010 at 10:42 AM, Carlos Villarreal Mora cvm...@gmail.comwrote: Hello I've been trying to solve this since Friday to no avail. I've searched and used tips from a bunch of other discussions here but I still haven't gotten it right. I'm using ColdFusion 8 to generate my OAuth signature. These are the tweaks I've done from tips in this discussion list: 1) For the timestamp I convert to UTC time with this function: var nowUTC = dateConvert('local2UTC', now()); var epochStart = CreateDateTime('1970','1','1','00','00','00'); var timestamp = dateDiff(s, epochStart, nowUTC); This results in these values: nowUTC = {ts '2010-07-05 17:22:30'} epochStart = {ts '1970-01-01 00:00:00'} timestamp = 1278346950 2) For the Nonce I use ColdFusion's createUUID function and then, based on this (http://www.cflib.org/udf/CreateGUID) from CFLib.org I convert that UUID into a GUID like so: var uuid = createUUID(); //Convert the UUID to a GUID by inserting a dash in the 23rd position var nonce = insert(-, uuid, 23); This is an example of a resulting nonce: A3A1648E-F1F0-4032-75F4-712F676BE7E6 3) The most difficult part, and where I'm sure the error is, is the SHA1 hashing, ColdFusion sucks at it so I'm using Java in the function: cffunction name=javaHMAC returntype=string access=public output=false cfargument name=signKey type=string required=true / cfargument name=signMessage type=string required=true / cfscript var jMsg = javaCast(string,arguments.signMessage).getBytes(UTF8); var jKey = javaCast(string,arguments.signKey).getBytes(UTF8); var key = createObject(java,javax.crypto.spec.SecretKeySpec); var mac = createObject(java,javax.crypto.Mac); var ret = ; key = key.init(jKey,HmacSHA1); mac = mac.getInstance(key.getAlgorithm()); mac.init(key); mac.update(jMsg); ret = lCase(binaryEncode(mac.doFinal(), 'Hex')); return(ret); /cfscript /cffunction When I sign the base using my Consumer Secret appended by a using this function the result is something like this: 01eb730a110b1e09ccc9bbff9dbca73c5047f4d4 Here's the Signature Base and the Header I create (my consumer key is masked for security reasons): - Signature Base: POSThttps%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest %5Ftokenoauth_callback%3Dhttp%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom %2FTwitter%2FoAuth%2Ecfm%26oauth_consumer_key%3D %26oauth_nonce%3DA394B8B8- F1F0-4032-72C8-701CEC482A20%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1278328119 - OAuht Authorization Header: OAuth oauth_nonce=A394B8B8-F1F0-4032-72C8-701CEC482A20, oauth_callback=http%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom%2FTwitter %2FoAuth%2Ecfm, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1278328119, oauth_consumer_key=xxx, oauth_signature=4799dd5a6891474d603a3546c14e9b41ea47088d, oauth_version=1.0 There are no line breaks in either of them btw. Can anybody help me with this? Try as I might I haven't been able to get beyond the Failed to validate oauth signature and token response. Thank you. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Failed to validate oauth signature and token using ColdFusion8
Hello I've been trying to solve this since Friday to no avail. I've searched and used tips from a bunch of other discussions here but I still haven't gotten it right. I'm using ColdFusion 8 to generate my OAuth signature. These are the tweaks I've done from tips in this discussion list: 1) For the timestamp I convert to UTC time with this function: var nowUTC = dateConvert('local2UTC', now()); var epochStart = CreateDateTime('1970','1','1','00','00','00'); var timestamp = dateDiff(s, epochStart, nowUTC); This results in these values: nowUTC = {ts '2010-07-05 17:22:30'} epochStart = {ts '1970-01-01 00:00:00'} timestamp = 1278346950 2) For the Nonce I use ColdFusion's createUUID function and then, based on this (http://www.cflib.org/udf/CreateGUID) from CFLib.org I convert that UUID into a GUID like so: var uuid = createUUID(); //Convert the UUID to a GUID by inserting a dash in the 23rd position var nonce = insert(-, uuid, 23); This is an example of a resulting nonce: A3A1648E-F1F0-4032-75F4-712F676BE7E6 3) The most difficult part, and where I'm sure the error is, is the SHA1 hashing, ColdFusion sucks at it so I'm using Java in the function: cffunction name=javaHMAC returntype=string access=public output=false cfargument name=signKey type=string required=true / cfargument name=signMessage type=string required=true / cfscript var jMsg = javaCast(string,arguments.signMessage).getBytes(UTF8); var jKey = javaCast(string,arguments.signKey).getBytes(UTF8); var key = createObject(java,javax.crypto.spec.SecretKeySpec); var mac = createObject(java,javax.crypto.Mac); var ret = ; key = key.init(jKey,HmacSHA1); mac = mac.getInstance(key.getAlgorithm()); mac.init(key); mac.update(jMsg); ret = lCase(binaryEncode(mac.doFinal(), 'Hex')); return(ret); /cfscript /cffunction When I sign the base using my Consumer Secret appended by a using this function the result is something like this: 01eb730a110b1e09ccc9bbff9dbca73c5047f4d4 Here's the Signature Base and the Header I create (my consumer key is masked for security reasons): - Signature Base: POSThttps%3A%2F%2Fapi%2Etwitter%2Ecom%2Foauth%2Frequest %5Ftokenoauth_callback%3Dhttp%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom %2FTwitter%2FoAuth%2Ecfm%26oauth_consumer_key%3D %26oauth_nonce%3DA394B8B8- F1F0-4032-72C8-701CEC482A20%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1278328119 - OAuht Authorization Header: OAuth oauth_nonce=A394B8B8-F1F0-4032-72C8-701CEC482A20, oauth_callback=http%3A%2F%2Fcommunitydev%2Epaperthin%2Ecom%2FTwitter %2FoAuth%2Ecfm, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1278328119, oauth_consumer_key=xxx, oauth_signature=4799dd5a6891474d603a3546c14e9b41ea47088d, oauth_version=1.0 There are no line breaks in either of them btw. Can anybody help me with this? Try as I might I haven't been able to get beyond the Failed to validate oauth signature and token response. Thank you.
Re: [twitter-dev] Failed to validate oauth signature and token with xauth
Hi there, Are you still having this issue? In the past when I've seen other developers having issues accomplishing this in Javascript, it's come down to an issue in the library used for HMAC-SHA1 and Base64 encoding. While it works in most conditions, there are apparently some edge cases where it does the wrong thing. I generally don't advocate using Javascript and OAuth together for a variety of reasons. Have you tried tracing the request to see exactly the HTTP request being sent to the server? Are you writing a browser extension or WebOS app? If the former, how are you keeping your consumer secret at least somewhat secured? Have you tried other requests using an access token obtained through other means? Taylor On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo ntortar...@gmail.com wrote: Hi, i have problem requesting an access_token, i think my source is right, i dont know where is the problem, i have maken some test with base_string, oauth_consumer_key and oauth_consumer_secret shown on http://dev.twitter.com/pages/xauth and i get the same oauth_signature shown there so i think problem is not there when i use the real base_string, my oauth_consumer_key and oauth_consumer_secret. My source is this, i hope someone can help me (to preserve my secret and key i will put the same as the ones used on http://dev.twitter.com/pages/xauth) xauth: function xauth() { var username = encodeURIComponent(), password = encodeURIComponent(), url= https://api.twitter.com/oauth/access_token;, key = sGNxxnqgZRHUt6NunK3uw, timestamp = (new Date()).getTime(), nonce = Math.random(); var access_token = oauth_consumer_key= + key + oauth_nonce= + nonce + oauth_signature_method=HMAC-SHA1 + oauth_timestamp= + timestamp + oauth_version=1.0 + x_auth_mode=client_auth + x_auth_password= + password + x_auth_username= + username; var base_string = POST + encodeURIComponent(url) + + encodeURIComponent(access_token); var oauth_signature = b64_hmac_sha1(5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk, base_string); oauth_signature = encodeURIComponent(oauth_signature+=); var auth_header = 'OAuth oauth_nonce=' + nonce + '' + ', oauth_signature_method=HMAC-SHA1' + ', oauth_timestamp=' + timestamp + '' + ', oauth_consumer_key=' + key + '' + ', oauth_signature=' + oauth_signature + '' + ', oauth_version=1.0'; $.ajax({ url:url, method: POST, data: { x_auth_username: username, x_auth_password: password, x_auth_mode: client_auth }, beforeSend: function(xhr){ xhr.setRequestHeader(Authorization, auth_header); }, success: function(data){ alert(data); }, error: function(xhr){ alert(xhr.responseText); } }) ; * What language or library are you using? What versions? i'm using it on javascript * What oauth application is this for? http://twitter.com/apps/edit/181924
[twitter-dev] Failed to validate oauth signature and token with xauth
Hi, i have problem requesting an access_token, i think my source is right, i dont know where is the problem, i have maken some test with base_string, oauth_consumer_key and oauth_consumer_secret shown on http://dev.twitter.com/pages/xauth and i get the same oauth_signature shown there so i think problem is not there when i use the real base_string, my oauth_consumer_key and oauth_consumer_secret. My source is this, i hope someone can help me (to preserve my secret and key i will put the same as the ones used on http://dev.twitter.com/pages/xauth) xauth: function xauth() { var username = encodeURIComponent(), password = encodeURIComponent(), url= https://api.twitter.com/oauth/access_token;, key = sGNxxnqgZRHUt6NunK3uw, timestamp = (new Date()).getTime(), nonce = Math.random(); var access_token = oauth_consumer_key= + key + oauth_nonce= + nonce + oauth_signature_method=HMAC-SHA1 + oauth_timestamp= + timestamp + oauth_version=1.0 + x_auth_mode=client_auth + x_auth_password= + password + x_auth_username= + username; var base_string = POST + encodeURIComponent(url) + + encodeURIComponent(access_token); var oauth_signature = b64_hmac_sha1(5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk, base_string); oauth_signature = encodeURIComponent(oauth_signature+=); var auth_header = 'OAuth oauth_nonce=' + nonce + '' + ', oauth_signature_method=HMAC-SHA1' + ', oauth_timestamp=' + timestamp + '' + ', oauth_consumer_key=' + key + '' + ', oauth_signature=' + oauth_signature + '' + ', oauth_version=1.0'; $.ajax({ url:url, method: POST, data: { x_auth_username: username, x_auth_password: password, x_auth_mode: client_auth }, beforeSend: function(xhr){ xhr.setRequestHeader(Authorization, auth_header); }, success: function(data){ alert(data); }, error: function(xhr){ alert(xhr.responseText); } }) ; * What language or library are you using? What versions? i'm using it on javascript * What oauth application is this for? http://twitter.com/apps/edit/181924
Re: [twitter-dev] failed to validate oauth signature and token
Hi EL, Thanks for obscuring your secrets in your post. One issue I see here is that you're providing an oauth_callback in your POST data, but it's not included in your signature base string. If you're using POST-based OAuth (as opposed to query string or HTTP header based OAuth), then your OAuth parameters should be in both locations. If you're using HTTP-based OAuth, then you shouldn't be including any oauth_* parameters in your body at all. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Mon, Jun 7, 2010 at 9:53 AM, EL lee@googlemail.com wrote: Hi, Im trying to implement OAuth using JavaScript, but when I make my request to http://api.twitter.com/oauth/request_token I am getting the above message in the response (failed to validate oauth signature and token). As far as I can tell I'm including all the correct parametes, both in the encoding of the signature base: basestring: (consumer key removed for security) POSThttp%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token%26oauth_callback %3Doob%26oauth_consumer_key %3D112%26oauth_nonce %3DO3cHsSXrfnzT%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1275928008%26oauth_version%3D1.0 consumer secret: (removed for security) 112 Signature: R3eHMuQ04F37+xPJSIsoo0aMzc8 Post Data: (consumer key removed for security) oauth_callback=ooboauth_consumer_key=112oauth_signature_method=HMAC- SHA1oauth_signature=pjDh8jkp89ThBtzz +B9dQmxQfcgoauth_timestamp=1275928413oauth_nonce=qyq3Jhn8rtTZoauth_ve +rsion=1.0 And I've checked that the clock is correct on my device as that's the only real result I can find for this problem :( The nonce is unique and generated every time it runs... Unfortunately I don't know where to look now. I can't spot anything obvious. Any suggestions? many thanks
[twitter-dev] failed to validate oauth signature and token
Hi, Im trying to implement OAuth using JavaScript, but when I make my request to http://api.twitter.com/oauth/request_token I am getting the above message in the response (failed to validate oauth signature and token). As far as I can tell I'm including all the correct parametes, both in the encoding of the signature base: basestring: (consumer key removed for security) POSThttp%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token%26oauth_callback %3Doob%26oauth_consumer_key %3D112%26oauth_nonce %3DO3cHsSXrfnzT%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1275928008%26oauth_version%3D1.0 consumer secret: (removed for security) 112 Signature: R3eHMuQ04F37+xPJSIsoo0aMzc8 Post Data: (consumer key removed for security) oauth_callback=ooboauth_consumer_key=112oauth_signature_method=HMAC- SHA1oauth_signature=pjDh8jkp89ThBtzz +B9dQmxQfcgoauth_timestamp=1275928413oauth_nonce=qyq3Jhn8rtTZoauth_ve +rsion=1.0 And I've checked that the clock is correct on my device as that's the only real result I can find for this problem :( The nonce is unique and generated every time it runs... Unfortunately I don't know where to look now. I can't spot anything obvious. Any suggestions? many thanks
[twitter-dev] Failed to validate oauth signature and token
Ok Yes this IS a common error message. I've read most of the posts, the entire OAuth beginner's documentation, registered my application, checked for capitalization , checked my system clock. So far, no luck As a base library I am using Sönke Rohde's open source Twitter library http://github.com/srohde/Twitter, though might switch to Tweetr and see if I make better progress. This is my header GET /oauth/request_token? oauth_consumer_key=C4eEz9MqGy28wuCj8hJC4woauth_nonce=0020a00%2001oauth_signature=gX9Uk20RF70D6sxljfvcIK4szr4%3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1263675366 HTTP/1.1 Also , I am testing from the desktop at the moment so needing a proxy for security sandbox issues isn't a problem. Can anyone help with troubleshooting?
Re: [twitter-dev] Failed to validate oauth signature and token
The signature needs to be the very last parameter. You put all of the parameters in order except for the signature. Then you create the signature and append it to the end of the query string. Ryan Sent from my DROID On Jan 16, 2010 9:48 PM, eco_bach bac...@gmail.com wrote: Ok Yes this IS a common error message. I've read most of the posts, the entire OAuth beginner's documentation, registered my application, checked for capitalization , checked my system clock. So far, no luck As a base library I am using Sönke Rohde's open source Twitter library http://github.com/srohde/Twitter, though might switch to Tweetr and see if I make better progress. This is my header GET /oauth/request_token? oauth_consumer_key=C4eEz9MqGy28wuCj8hJC4woauth_nonce=0020a00%2001oauth_signature=gX9Uk20RF70D6sxljfvcIK4szr4%3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1263675366 HTTP/1.1 Also , I am testing from the desktop at the moment so needing a proxy for security sandbox issues isn't a problem. Can anyone help with troubleshooting?
Re: [twitter-dev] Failed to validate oauth signature and token error
Did you register an application with Twitter? http://twitter.com/apps I find it unlikely that you would get a consumer key of vernie29a. On Fri, Dec 25, 2009 at 16:08, varnie varnie...@mail.ru wrote: hello! i am getting Failed to validate oauth signature and token response while trying to get the request token from twitter with my python program using oauth.py. here is my HTTP logs: // send: 'POST https://twitter.com/oauth/request_token?oauth_nonce=07700601oauth_timestamp=1261777512oauth_consumer_key=varnie29aoauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_token=varnie29aoauth_signature=hNXbpoR6s9FNTE06EutCosNYcR8%3D HTTP/1.1https://twitter.com/oauth/request_token?oauth_nonce=07700601oauth_timestamp=1261777512oauth_consumer_key=varnie29aoauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_token=varnie29aoauth_signature=hNXbpoR6s9FNTE06EutCosNYcR8%3D HTTP/1.1\r\nHost: twitter.com\r\nAccept-Encoding: identity\r\n\r\n' reply: 'HTTP/1.1 401 Unauthorized\r\n' header: Date: Fri, 25 Dec 2009 21:45:13 GMT header: Server: hi header: X-Transaction: 1261777513-93289-15544 header: Status: 401 Unauthorized header: Last-Modified: Fri, 25 Dec 2009 21:45:13 GMT header: X-Runtime: 0.00343 header: Content-Type: text/html; charset=utf-8 header: Pragma: no-cache header: Content-Length: 44 header: Cache-Control: no-cache, no-store, must-revalidate, pre- check=0, post-check=0 header: Expires: Tue, 31 Mar 1981 05:00:00 GMT header: X-Revision: DEV header: Set-Cookie: _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJTM2ZmRkY2FiM2I5YWMzOGNhZWY5%250AM2Y5M2VmMDY0ZTQyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--4dda737f4bbc9760856f9269a486682656e704ad; domain=.twitter.com; path=/ header: Vary: Accept-Encoding header: Connection: close // and the http response contains Failed to validate oauth signature and token. i've just checked my system time and it is OK because i'm running NTP synchronization. Please give me your ideas about this issue. Many thanks! -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Failed to validate oauth signature and token error
hello! i am getting Failed to validate oauth signature and token response while trying to get the request token from twitter with my python program using oauth.py. here is my HTTP logs: // send: 'POST https://twitter.com/oauth/request_token?oauth_nonce=07700601oauth_timestamp=1261777512oauth_consumer_key=varnie29aoauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_token=varnie29aoauth_signature=hNXbpoR6s9FNTE06EutCosNYcR8%3D HTTP/1.1\r\nHost: twitter.com\r\nAccept-Encoding: identity\r\n\r\n' reply: 'HTTP/1.1 401 Unauthorized\r\n' header: Date: Fri, 25 Dec 2009 21:45:13 GMT header: Server: hi header: X-Transaction: 1261777513-93289-15544 header: Status: 401 Unauthorized header: Last-Modified: Fri, 25 Dec 2009 21:45:13 GMT header: X-Runtime: 0.00343 header: Content-Type: text/html; charset=utf-8 header: Pragma: no-cache header: Content-Length: 44 header: Cache-Control: no-cache, no-store, must-revalidate, pre- check=0, post-check=0 header: Expires: Tue, 31 Mar 1981 05:00:00 GMT header: X-Revision: DEV header: Set-Cookie: _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJTM2ZmRkY2FiM2I5YWMzOGNhZWY5%250AM2Y5M2VmMDY0ZTQyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--4dda737f4bbc9760856f9269a486682656e704ad; domain=.twitter.com; path=/ header: Vary: Accept-Encoding header: Connection: close // and the http response contains Failed to validate oauth signature and token. i've just checked my system time and it is OK because i'm running NTP synchronization. Please give me your ideas about this issue. Many thanks!
[twitter-dev] Re: [twitter Dev] Failed to validate oauth signature and token
That's simply for generating the signature base string. it does not matter when you're actually sending the parameters. On Wed, Oct 7, 2009 at 05:33, ryan alford ryanalford...@gmail.com wrote: Here is the documentation on ordering the parameters... http://oauth.net/core/1.0#anchor14 Section 9.1.1 Parameters are sorted by name, using lexicographical byte value ordering. If two or more parameters share the same name, they are sorted by their value. This is excluding the oauth_signature parameter. Ryan http://oauth.net/core/1.0/#auth_step3 On Wed, Oct 7, 2009 at 6:11 AM, ryan alford ryanalford...@gmail.comwrote: Yes, the order does matter. All parameters need to be in order except for the signature. The signature should be last and should have been generated with all of the parameters in the correct order. On Oct 7, 2009, at 12:10 AM, jmathai jmat...@gmail.com wrote: The order of parameters shouldn't matter. What library are you using to generate the url? On Oct 6, 8:51 pm, ryan alford ryanalford...@gmail.com wrote: The signature needs to be at the end of the URL, not sorted with the other parameters. On Oct 6, 2009, at 11:47 PM, uookeng loque1...@nate.com wrote: I am trying to run a sample app but i am getting 401 error during request_token phase. Failed to validate oauth signature and token this is what i am accessing: http://twitter.com/oauth/request_token?oauth_consumer_key=HiQ2WSsefHS ... What's problem this sentence Anybody help me plz.. -- Internets. Serious business.
[twitter-dev] Re: [twitter Dev] Failed to validate oauth signature and token
No, that's for both the generation of the signature and the request. I just tested it. If the parameters are not in the correct order, the request will fail with a 401 Unauthorized error. In my test, I put the timestamp before the nonce. The request failed. If I put the parameters in order, the request is successful. On Wed, Oct 7, 2009 at 8:14 AM, JDG ghil...@gmail.com wrote: That's simply for generating the signature base string. it does not matter when you're actually sending the parameters. On Wed, Oct 7, 2009 at 05:33, ryan alford ryanalford...@gmail.com wrote: Here is the documentation on ordering the parameters... http://oauth.net/core/1.0#anchor14 Section 9.1.1 Parameters are sorted by name, using lexicographical byte value ordering. If two or more parameters share the same name, they are sorted by their value. This is excluding the oauth_signature parameter. Ryan http://oauth.net/core/1.0/#auth_step3 On Wed, Oct 7, 2009 at 6:11 AM, ryan alford ryanalford...@gmail.comwrote: Yes, the order does matter. All parameters need to be in order except for the signature. The signature should be last and should have been generated with all of the parameters in the correct order. On Oct 7, 2009, at 12:10 AM, jmathai jmat...@gmail.com wrote: The order of parameters shouldn't matter. What library are you using to generate the url? On Oct 6, 8:51 pm, ryan alford ryanalford...@gmail.com wrote: The signature needs to be at the end of the URL, not sorted with the other parameters. On Oct 6, 2009, at 11:47 PM, uookeng loque1...@nate.com wrote: I am trying to run a sample app but i am getting 401 error during request_token phase. Failed to validate oauth signature and token this is what i am accessing: http://twitter.com/oauth/request_token?oauth_consumer_key=HiQ2WSsefHS ... What's problem this sentence Anybody help me plz.. -- Internets. Serious business.
[twitter-dev] [twitter Dev] Failed to validate oauth signature and token
I am trying to run a sample app but i am getting 401 error during request_token phase. Failed to validate oauth signature and token this is what i am accessing: http://twitter.com/oauth/request_token?oauth_consumer_key=HiQ2WSsefHSj96enwxUEwoauth_signature_method=HMAC_SHA1oauth_signature=25wyvtXGlrGZmOElOVpLnhtJNIOi1yIbx6Qa4E7V6h0oauth_timestamp=1254884036oauth_nonce=3797601334037614568oauth_version=1.0 What's problem this sentence Anybody help me plz..
[twitter-dev] Re: [twitter Dev] Failed to validate oauth signature and token
The signature needs to be at the end of the URL, not sorted with the other parameters. On Oct 6, 2009, at 11:47 PM, uookeng loque1...@nate.com wrote: I am trying to run a sample app but i am getting 401 error during request_token phase. Failed to validate oauth signature and token this is what i am accessing: http://twitter.com/oauth/request_token?oauth_consumer_key=HiQ2WSsefHSj96enwxUEwoauth_signature_method=HMAC_SHA1oauth_signature=25wyvtXGlrGZmOElOVpLnhtJNIOi1yIbx6Qa4E7V6h0oauth_timestamp=1254884036oauth_nonce=3797601334037614568oauth_version=1.0 What's problem this sentence Anybody help me plz..
[twitter-dev] Re: [twitter Dev] Failed to validate oauth signature and token
The order of parameters shouldn't matter. What library are you using to generate the url? On Oct 6, 8:51 pm, ryan alford ryanalford...@gmail.com wrote: The signature needs to be at the end of the URL, not sorted with the other parameters. On Oct 6, 2009, at 11:47 PM, uookeng loque1...@nate.com wrote: I am trying to run a sample app but i am getting 401 error during request_token phase. Failed to validate oauth signature and token this is what i am accessing: http://twitter.com/oauth/request_token?oauth_consumer_key=HiQ2WSsefHS... What's problem this sentence Anybody help me plz..
[twitter-dev] Failed to validate oauth signature and token using python/django libs
Hi, I get the 401:Unauthorized Error every time I attempt to get a request token. When I attempt to go to the URL directly in the browser (not yet accessed to preserve nonce) I get a body of Failed to validate oauth signature and token. I am using the Leah's oauth client listed at http://oauth.net/code as well as the python-twitter (0.7-devel) and oauth-python-twitter (v0.1) I was able to get these same libraries to work on a different project but not on the current one I am working on. I have refreshed my tokens numerous times and also tried the working ones from the other project. I also tried the tokens from this project on the other project that was working and that WORKED. As such, I am guessing it is an issue with my setup or some other lib I am working with. Both projects however have Python Versions 2.5.2 and should otherwise be the same setups. Domain the project is on is http://articulture.blainegarrett.com if the matters for some odd reason. Any thoughts? Here is the code I am using to call the libs if it helps: oauth_consumer = oauthtwitter.OAuthApi(consumer_token, consumer_secret) request_token = oauth_consumer.getRequestToken() # httplib exception bubbles from within here authorization_url = oauth_consumer.getAuthorizationURL(request_token) Thank you! ~Blaine -- Blaine Garrett gchat : bla...@jrcorps.com aim: zombiediv y!: zombiediv
[twitter-dev] Failed to validate oauth signature and token
Hi, I am trying to follow the instructions of how to authenticate using oauth, but for some reason, when i try to get request_token, I get failed to validate signature and token. I am not sure what I am missing, can someone please take a second look at the following and let me know is missing? URL thats constructed: GEThttp://twitter.com/oauth/ request_tokenoauth_consumer_key=Xz2BKOKObTzpLrMXxJo2wwoauth_nonce=blabla123oauth_signature_method=HMAC- SHA1oauth_token=oauth_timestamp=1245887955090oauth_version=1.0 URL after encoding and adding oauth_signature http%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token%3Foauth_consumer_key %3DXz2BKOKObTzpLrMXxJo2ww%26oauth_nonce %3Dblabla123%26oauth_signature_method%3DHMAC-SHA1%26oauth_token%3D %26oauth_timestamp%3D1245887955090%26oauth_version %3D1.0%26oauth_signature%3D6odQgPJ5o%2FAuOIw0gt8CknlHIcc%3D Failed to validate oauth signature and token
[twitter-dev] Failed to validate oauth signature or token with OAuth while updating the status
Hi, I'm getting the following error while trying to update the user status who is supposed to be authenticated through OAuth: 'Failed to validate oauth signature or token' The thing is that this was working a few hours ago and if I try to call the credentials verfication api method it works fine although I'm using the same tokens: $this-_twitter_oauth-setToken($session-oauth_access_token, $session-oauth_acces_token_secret); # this works $info = $this-_twitter_oauth-get_accountVerify_credentials(); $info-response # this doesn't $info = $this-_twitter_oauth-post_statusesUpdate(array('status' = $status, 'in_reply_to_status_id' = $in_reply_to_status_id)); $info-response (I'm using the EpiTwitter/EpiOAuth php library grabbed from this post: http://www.jaisenmathai.com/blog/2009/03/31/how-to-quickly-integrate-with-twitters-oauth-api-using-php/) Did anyone else found this issue? Thanks in advance Regards -- def dagi3d(me) case me when :web then http://dagi3d.net; when :twitter then http://twitter.com/dagi3d; end end
[twitter-dev] Failed to validate oauth signature or token on status update post?
Anyone else has the problem that posting a status update through OAuth gives the error: failed to validate oauth signatre or token since a few hours?