Please use the OAuth playground [1] to test your signatures against the expected result. I am working to gather specifics to help your debug process (i.e. what changed?) in the mean time. 1. http://googlecodesamples.com/oauth_playground/
Thanks, Doug On Mon, Jul 27, 2009 at 9:29 PM, winrich <winric...@gmail.com> wrote: > > ok guys. > > so my calls were failing on the verify_credentials call and not on the > update or timeline calls. the only difference i saw was the the > verify_credential call wasn't secured. i changed it to https and it > worked. ??? lol > > > > > On Jul 27, 9:19 pm, Chad Etzel <jazzyc...@gmail.com> wrote: > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > > Roelands<duane.roela...@gmail.com> wrote: > > > RTFM is not a helpful answer, especially when many developers are > > > relying on libraries that they did not write. > > > > That's a risk you run when using code you didn't write. > > > > I'm not saying that this situation doesn't suck for those affected. > > I'm sure that it does. But, for a technology so new as OAuth, the > > libraries may not be mature yet. > > > > Officially, Twitter OAuth is still in Public Beta and has never been > > officially recommended to integrate into production code. That being > > said, there could still be a problem on Twitter's end with their > > signature verification mechanism and the libraries could all be valid. > > I don't have a way of knowing. > > > > I do agree that at least a note that "a security change was pushed > > today" would be nice, though. > > > > -Chad >