I'm using an OAuth library I've developed in PHP. Do I need to pass all the parameters through the query also?
On Jul 21, 9:25 pm, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Hi there, > > If you've gotten to the point of retrieving an access token, it's > likely you managed to get the composite signing key "right" (or your > library handled it for you) -- as when you're exchanging the request > token for an access token, you use the oauth_token_secret from the > request token as part of the signing key. Are you using an OAuth > library? > > When you're making a resource request such as one to > verify_credentials, you'll use the oauth_token_secret you received in > the access token step as part of the signing key: $consumer_secret + > "&" + $oauth_token_secret > > Taylor > > On Wed, Jul 21, 2010 at 12:13 PM, clinisbut <clinis...@gmail.com> wrote: > > Hello everybody. > > > I just achieved to autenticate via OAuth, and I'm trying to get user's > > data through account/verify_credentials but I think I'm not building > > correctly the composite signing key or something, mainly because I'm > > not able to fully understand all the different tokens I receive from > > Twitter. > > > After I got my access token, I got: > > > An oauth_token in the form of: /¿User-ID?/-/letters+numbers/ > > An oauth_token_secret > > > Which one I should use to built the composite key? > > Inhttp://dev.twitter.com/pages/auth > > they use the first oauth_token getted in the request token, and in the > > Resource request example they use the oauth_token_secret. > > > These is the headers I sent: > > > OAuth oauth_consumer_key="XXXXXXXXXXXXXXXXXXXXXX", > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1279738886", > > oauth_nonce="a97ff8b71a313a03a650068e1e6b9bd8f31ad04f", > > oauth_version="1.0", oauth_token="ZZZZZZZZ- > > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_signature="0OFTpLp8o > > %2BL9%2B6o8mkRdBSS8I84%3D" > > > and then I do a GET request > > to:http://api.twitter.com/1/account/verify_credentials.json > > > But all I got is: > > 401 Unauthorized > > Failed to validate oauth signature and token