WOOOOHOOO! I got my first 200 getting an XAuth request token. I think the answer to my question is no, I am not expected to get the same signature the have in the XAuth example but it always the same on my device. My final problem was I was not URL encoding the signature before placing it into the Authorization header.
Thanks for all the help here hoping to things moving forward quicker. I spent way to long trying to figure that out. On Aug 6, 2:34 pm, BBTweet Media Player <bbtweetme...@gmail.com> wrote: > Tom, > > Thanks for the reply. That is what I tried to do here. I used the > exact same values presented on the XAuth > pagehttp://dev.twitter.com/pages/xauth. > Everything was exactly the same upto the point where I ran the HMAC- > SHA1 encoding.... > > String signature = hmacsha1(signingSecret, baseString); > > The signature was not the same as the signature the showed in the > example. My first question is should it be if I run SHA1 encoding > will with the same input should it always return the exact same string > (I just do not know much about the encoding)? If it should be the > exact same this means that my problem is definitively in the encoding > step. If so can anyone see what I might be doing wrong in the signing > step... > > HMACKey k = new HMACKey(key.getBytes()); > HMAC hmac = new HMAC(k, new SHA1Digest()); > hmac.update(message.getBytes()); > byte[] mac = hmac.getMAC(); > return Base64OutputStream.encodeAsString(mac, 0, mac.length, > false, false); > > Thanks, > Kevin > > On Aug 6, 10:31 am, Tom <allerleiga...@gmail.com> wrote: > > > Hi, > > > I don't have a java compiler ready so I can't test your code. > > > The page about xAuth shows all steps between the start and the actual > > signature. Try reproducing every single one of these values. (Usually > > you can simply log all steps and then compare the results with the > > xauth page.) > > > Tom > > > On Aug 6, 2:56 am, BBTweet Media Player <bbtweetme...@gmail.com> > > wrote: > > > > I am having a really tough time trying to figure out how to sign my > > > OAuth request. I am trying to follow the example > > > athttp://dev.twitter.com/pages/xauth > > > and my signature does not come out the same as it does in the > > > example... > > > > I am doing.... > > > > public static void xauth(){ > > > try { > > > String twitter_url="https://api.twitter.com/oauth/ > > > access_token"; > > > String oauth_consumer_key = "sGNxxnqgZRHUt6NunK3uw"; > > > String oauth_consumer_secret = > > > "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk"; > > > String oauth_nonce = > > > "WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA"; > > > String oauth_signature_method = "HMAC-SHA1"; > > > String oauth_timestamp = "1276101652"; > > > String oauth_version = "1.0"; > > > String x_auth_mode = "client_auth"; > > > String x_auth_password = "%&123!aZ+()456242134"; > > > String x_auth_username = "tpFriendlyGiant"; > > > > String postBody = "x_auth_mode="+x_auth_mode > > > +"&x_auth_password="+encodeUTF8(x_auth_password)+ > > > "&x_auth_username="+encodeUTF8(x_auth_username); > > > > String baseString = "POST&"+encodeUTF8(twitter_url)+ > > > "&oauth_consumer_key%3D"+oauth_consumer_key + > > > "%26oauth_nonce%3D"+oauth_nonce+ > > > "%26oauth_signature_method%3D"+oauth_signature_method+ > > > "%26oauth_timestamp%3D"+oauth_timestamp+ > > > "%26oauth_version%3D"+oauth_version+ > > > "%26"+encodeUTF8(postBody); > > > > String signingSecret = encodeUTF8(oauth_consumer_secret) > > > +"&"; > > > > String signature = hmacsha1(signingSecret, baseString); > > > > String header = new StringBuffer("OAuth oauth_nonce= > > > \"").append(oauth_nonce).append("\", oauth_signature_method=\"") > > > .append(oauth_signature_method).append("\", > > > oauth_timestamp=\"").append(oauth_timestamp).append("\", > > > oauth_consumer_key=\"") > > > .append(oauth_consumer_key).append("\", > > > oauth_signature=\"").append(signature).append("\", oauth_version=\"") > > > .append(oauth_version).append("\"").toString(); > > > > System.out.println("Header = " + header); > > > } catch (CryptoTokenException e) { > > > // TODO Auto-generated catch block > > > e.printStackTrace(); > > > } catch (CryptoUnsupportedOperationException e) { > > > // TODO Auto-generated catch block > > > e.printStackTrace(); > > > } catch (IOException e) { > > > // TODO Auto-generated catch block > > > e.printStackTrace(); > > > } > > > } > > > > private static String hmacsha1(String key, String message) throws > > > CryptoTokenException, > > > CryptoUnsupportedOperationException, IOException { > > > HMACKey k = new HMACKey(key.getBytes()); > > > HMAC hmac = new HMAC(k, new SHA1Digest()); > > > hmac.update(message.getBytes()); > > > byte[] mac = hmac.getMAC(); > > > return Base64OutputStream.encodeAsString(mac, 0, mac.length, > > > false, false); > > > } > > > > Everything matches the example, but when they sign they get... > > > > oauth_signature="yUDBrcMMm6ghqBEKCFKVoJPIacU%3D" > > > > and I get... > > > > MUYmiobRdoK6s0ZVqo4xQNNO17w= > > > > Can anyone see anything I am doing wrong? > > > > Thanks, > > > Kevin