Hi there, Are you still having this issue?
In the past when I've seen other developers having issues accomplishing this in Javascript, it's come down to an issue in the library used for HMAC-SHA1 and Base64 encoding. While it works in most conditions, there are apparently some edge cases where it does the wrong thing. I generally don't advocate using Javascript and OAuth together for a variety of reasons. Have you tried tracing the request to see exactly the HTTP request being sent to the server? Are you writing a browser extension or WebOS app? If the former, how are you keeping your consumer secret at least somewhat secured? Have you tried other requests using an access token obtained through other means? Taylor On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo <ntortar...@gmail.com> wrote: > Hi, i have problem requesting an access_token, i think my source is > right, i dont know where is the problem, i have maken some test with > base_string, oauth_consumer_key and oauth_consumer_secret shown on > http://dev.twitter.com/pages/xauth and i get the same oauth_signature > shown there so i think problem is not there when i use the real > base_string, my oauth_consumer_key and oauth_consumer_secret. > My source is this, i hope someone can help me (to preserve my secret > and key i will put the same as the ones used on > http://dev.twitter.com/pages/xauth) > > xauth: function xauth() > { > > var username = encodeURIComponent("aaaa"), > password = encodeURIComponent("bbbb"), > url= "https://api.twitter.com/oauth/access_token";, > key = "sGNxxnqgZRHUt6NunK3uw", > timestamp = (new Date()).getTime(), > nonce = Math.random(); > > var access_token = "oauth_consumer_key=" + key + > "&oauth_nonce=" + nonce + > "&oauth_signature_method=HMAC-SHA1" + > "&oauth_timestamp=" + timestamp + > "&oauth_version=1.0" + > "&x_auth_mode=client_auth" + > "&x_auth_password=" + password + > "&x_auth_username=" + username; > > var base_string = "POST&" + encodeURIComponent(url) + "&" + > encodeURIComponent(access_token); > > var oauth_signature = > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&", > base_string); > > oauth_signature = encodeURIComponent(oauth_signature+"="); > > var auth_header = 'OAuth oauth_nonce="' + nonce + '"' + > ', oauth_signature_method="HMAC-SHA1"' + > ', oauth_timestamp="' + timestamp + '"' + > ', oauth_consumer_key="' + key + '"' + > ', oauth_signature="' + oauth_signature + '"' + > ', oauth_version="1.0"'; > > $.ajax({ > url:url, > method: "POST", > data: { > x_auth_username: username, > x_auth_password: password, > x_auth_mode: "client_auth" > }, > beforeSend: function(xhr){ > xhr.setRequestHeader("Authorization", auth_header); > }, > success: function(data){ > alert(data); > }, > error: function(xhr){ > alert(xhr.responseText); > } > }) ; > > > > * What language or library are you using? What versions? > i'm using it on javascript > > * What oauth application is this for? > http://twitter.com/apps/edit/181924 >
