Hi Taylor, i have fixed this, the problem wasnt on hmac-sha1 and base64 encoding, on my ajax call with jquery something wrong happened, i have changed it to HttpRequest of firefox component and it works. My app is an addon for firefox and its client side (javascript and xul). I know its not secure having there the consumer secret but i dont have another way to do it. I get access token right, but now i have another problem, i dont know exactly what parameters i must add for a call, for example calling friends timeline, i have seen tutorials about xauth but i get this response "could not authenticate with oauth". Sorry of my english.
Thanks, Nadia On Jun 24, 5:58 pm, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Hi there, > > Are you still having this issue? > > In the past when I've seen other developers having issues accomplishing this > in Javascript, it's come down to an issue in the library used for HMAC-SHA1 > and Base64 encoding. While it works in most conditions, there are apparently > some edge cases where it does the wrong thing. I generally don't advocate > using Javascript and OAuth together for a variety of reasons. Have you tried > tracing the request to see exactly the HTTP request being sent to the > server? > > Are you writing a browser extension or WebOS app? If the former, how are you > keeping your consumer secret at least somewhat secured? > > Have you tried other requests using an access token obtained through other > means? > > Taylor > > On Thu, Jun 17, 2010 at 11:25 AM, ntortarolo <ntortar...@gmail.com> wrote: > > Hi, i have problem requesting an access_token, i think my source is > > right, i dont know where is the problem, i have maken some test with > > base_string, oauth_consumer_key and oauth_consumer_secret shown on > >http://dev.twitter.com/pages/xauthand i get the same oauth_signature > > shown there so i think problem is not there when i use the real > > base_string, my oauth_consumer_key and oauth_consumer_secret. > > My source is this, i hope someone can help me (to preserve my secret > > and key i will put the same as the ones used on > >http://dev.twitter.com/pages/xauth) > > > xauth: function xauth() > > { > > > var username = encodeURIComponent("aaaa"), > > password = encodeURIComponent("bbbb"), > > url= "https://api.twitter.com/oauth/access_token";, > > key = "sGNxxnqgZRHUt6NunK3uw", > > timestamp = (new Date()).getTime(), > > nonce = Math.random(); > > > var access_token = "oauth_consumer_key=" + key + > > "&oauth_nonce=" + nonce + > > "&oauth_signature_method=HMAC-SHA1" + > > "&oauth_timestamp=" + timestamp + > > "&oauth_version=1.0" + > > "&x_auth_mode=client_auth" + > > "&x_auth_password=" + password + > > "&x_auth_username=" + username; > > > var base_string = "POST&" + encodeURIComponent(url) + "&" + > > encodeURIComponent(access_token); > > > var oauth_signature = > > b64_hmac_sha1("5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&", > > base_string); > > > oauth_signature = encodeURIComponent(oauth_signature+"="); > > > var auth_header = 'OAuth oauth_nonce="' + nonce + '"' + > > ', oauth_signature_method="HMAC-SHA1"' + > > ', oauth_timestamp="' + timestamp + '"' + > > ', oauth_consumer_key="' + key + '"' + > > ', oauth_signature="' + oauth_signature + '"' + > > ', oauth_version="1.0"'; > > > $.ajax({ > > url:url, > > method: "POST", > > data: { > > x_auth_username: username, > > x_auth_password: password, > > x_auth_mode: "client_auth" > > }, > > beforeSend: function(xhr){ > > xhr.setRequestHeader("Authorization", auth_header); > > }, > > success: function(data){ > > alert(data); > > }, > > error: function(xhr){ > > alert(xhr.responseText); > > } > > }) ; > > > * What language or library are you using? What versions? > > i'm using it on javascript > > > * What oauth application is this for? > > http://twitter.com/apps/edit/181924 > >
