To follow up, this works for me now. It looks like Twitter's cache was not showing me as having xAuth access so it appears that converting to xAuth is as easy as it seems ;).
On Mar 5, 4:22 pm, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Hi Berto, > > I can confirm that using POST operations over HTTPs will work for XAuth. > > Your URL should only contain:https://api.twitter.com/oauth/access_token > > Your signature base string should contain the x_auth_* parameters. > > Your authorization string should not contain the x_auth_* parameters. > > Here's a replay of a successful request: > > Full Request URI:https://api.twitter.com/oauth/access_token > > Signature Base String: > POST&https%3A%2F%2Fapi.twitter.com > %2Foauth%2Faccess_token&oauth_consumer_key%3Dri8JxxxdwSV5xIUfNNvQ%26oauth_nonce%3DNI14r4hzKMlslKakhjeOaHoIeWw53ZMeTJb4zAaZh2o%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1267826670%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%Dxxxxxxx%26x_auth_username%3Dexxxx > > Example response: > oauth_token=1234-torCkTs0XK7H2Y2i1ee5iofXyzp7aayeEXRTmlw&oauth_token_secret=Xyz0gOZHNQKPooBiWCZRY81klwS3kLZGa2wc&user_id=1234&screen_name=exxxx&x_auth_expires=0 > > Keep in mind that your signing secret will not include an > oauth_token_secret, so will be the equivalent of "{consumer_secret}&" > > Taylor > > On Fri, Mar 5, 2010 at 12:09 PM, Berto <mstbe...@gmail.com> wrote: > > Three days and I still can't get this to work. I even tried switching > > over to GET instead of POST and it tells me "Failed to validate oauth > > signature and token". This is fully functional for regular oauth. > > Signature Base String is: > > > Signature Base String: Signature Base String: > > GET&https%3A%2F%2Fapi.twitter.com%2Foauth > > %2Faccess_token&oauth_consumer_key%3D<CONSUMER KEY>%26oauth_nonce > > %3D1267819560%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > > %3D1267819217%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth > > %26x_auth_password%3D<pass>%26x_auth_username%3D<user> > > > I'm sending oauth parameters via the Authorization header and the > > three xAuth parameters as GET parameters (? > > x_auth_username=<user>&x_auth_pass=<pass>&x_auth_mode=client_auth). > > > It appears as though everyone who had oauth working before had an easy > > transition so I'm just a little curious why mine isn't working when I > > literally have only changed the URL and three parameters. I've > > verified this is going over SSL as well. > > > Any help is appreciated. > > > Thanks. > > On Mar 4, 3:34 pm, Anton Krasovsky <anton.krasov...@gmail.com> wrote: > > > In case if anyone's interested (though I doubt there are many > > > Erlang'ers on the list), > > > I just addedxAuthsupport to twerl. > > > >http://github.com/ak1394/twerl > > > > Regards, > > > Anton > > > > On Wed, Mar 3, 2010 at 4:57 PM, Berto <mstbe...@gmail.com> wrote: > > > > Raffi, > > > > > Can you comment on the first part of Marc's last reply? > > > > > Thanks! > > > > > On Mar 3, 9:24 am, Marc Mims <marc.m...@gmail.com> wrote: > > > >> * Berto <mstbe...@gmail.com> [100303 06:42]: > > > > >> > Isn't that using a GET request versus the docs saying POST? And I > > > >> > thought parameters were supposed to be normalized except for > > signature > > > >> > which gets attached at the end? > > > > >> Hmmm. I completely missed the fact that the documentation specifies > > > >> POST. I used GET and it worked. When I use a POST, I get a 401. > > > > >> Doc bug? > > > > >> The order you *send* the parameters doesn't matter---the order of the > > > >> base string used for generating the signature does. > > > > >> The underlying libraries I use assemble the parameters in an arbitrary > > > >> order. Generation of the signature is a separate call and builds it's > > > >> own base string from a hash (associative array). > > > > >> @semifor
