Hi, Know it sounds strange, but I'd stay away from the dev.twitter.com console when trying to debug an issue like this. Even if it weren't buggy, the execution path it uses to perform OAuth operations is a bit different than what you typically would do in your own implementation.
Are you married to the idea of using a homebrew OAuth library? Not to dissuade you too much, but there are a number of good libraries in PHP out there both for Twitter and OAuth -- at the very least, I would recommend using one of these as a reference for your own implementation. OAuth is difficult for many even when using well-written libraries.. (See http://dev.twitter.com/pages/oauth_libraries#php and http://dev.twitter.com/pages/libraries#php ) If you are set on writing your own library, I recommend using HTTP header based OAuth (as opposed to attaching OAuth parameters to the query string) -- it keeps your concerns separate, making it much easier to debug when things go wrong. Taylor On Wed, Jul 21, 2010 at 1:39 PM, clinisbut <clinis...@gmail.com> wrote: > Ok, I just discovered http://dev.twitter.com/console, I'm matching the > composite signing key created by this console and mine and don't match > (obviously I'm using the same visible parameter values (timestamp, > nonce, oauth_token and consumer key) and my composite signing it's not > hte same... > > On Jul 21, 10:03 pm, clinisbut <clinis...@gmail.com> wrote: >> I'm using an OAuth library I've developed in PHP. >> >> Do I need to pass all the parameters through the query also? >> >> On Jul 21, 9:25 pm, Taylor Singletary <taylorsinglet...@twitter.com> >> wrote: >> >> > Hi there, >> >> > If you've gotten to the point of retrieving an access token, it's >> > likely you managed to get the composite signing key "right" (or your >> > library handled it for you) -- as when you're exchanging the request >> > token for an access token, you use the oauth_token_secret from the >> > request token as part of the signing key. Are you using an OAuth >> > library? >> >> > When you're making a resource request such as one to >> > verify_credentials, you'll use the oauth_token_secret you received in >> > the access token step as part of the signing key: $consumer_secret + >> > "&" + $oauth_token_secret >> >> > Taylor >> >> > On Wed, Jul 21, 2010 at 12:13 PM, clinisbut <clinis...@gmail.com> wrote: >> > > Hello everybody. >> >> > > I just achieved to autenticate via OAuth, and I'm trying to get user's >> > > data through account/verify_credentials but I think I'm not building >> > > correctly the composite signing key or something, mainly because I'm >> > > not able to fully understand all the different tokens I receive from >> > > Twitter. >> >> > > After I got my access token, I got: >> >> > > An oauth_token in the form of: /¿User-ID?/-/letters+numbers/ >> > > An oauth_token_secret >> >> > > Which one I should use to built the composite key? >> > > Inhttp://dev.twitter.com/pages/auth >> > > they use the first oauth_token getted in the request token, and in the >> > > Resource request example they use the oauth_token_secret. >> >> > > These is the headers I sent: >> >> > > OAuth oauth_consumer_key="XXXXXXXXXXXXXXXXXXXXXX", >> > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1279738886", >> > > oauth_nonce="a97ff8b71a313a03a650068e1e6b9bd8f31ad04f", >> > > oauth_version="1.0", oauth_token="ZZZZZZZZ- >> > > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_signature="0OFTpLp8o >> > > %2BL9%2B6o8mkRdBSS8I84%3D" >> >> > > and then I do a GET request >> > > to:http://api.twitter.com/1/account/verify_credentials.json >> >> > > But all I got is: >> > > 401 Unauthorized >> > > Failed to validate oauth signature and token >
