OK, finally I got my code to work. The problem was in how I registered application on Twitter, and not in my code.
1) Register application as a "Browser", not as a "Client" one; 2) Register callback URL used in application. Can't think of any reason first setting differs in meaning from other OAuth-authenticated resources, and wish second issue was described somewhere in documentation, or at least some descriptive debug information was returned in HTTP response instead of plain "Failed to validate oauth signature and token", which is not a case. Best regards, Ivan On Jul 27, 8:23 pm, ivan_m5 <i.mis...@gmail.com> wrote: > Hi everybody, > > I have my own Objective-C OAuth library. It's working pretty well for > habrahabr.ru and hyves.nl currently. > But I'm unable to get it work with Twitter. > I've come across a lot of postings around here regarding users unable > to obtain temporary request token. > > I've validated my request > athttp://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... > and signature is calculated OK. > > Here's my POST data (adapted so that I can validate request at the > page above): > > POSThttps://api.twitter.com/oauth/request_token?force_login=true&oauth_ca... > consumer_secret="T5GW1wAGewlFY9CIyYXmYvGApQQHM3cez20Risxc" > base_string=POST&https%3A%2F%2Fapi.twitter.com%2Foauth > %2Frequest_token&force_login%3Dtrue%26oauth_callback%3Dhttp%253A%252F > %252Flocalhost%252Fx-oauth-mobile-success%252F%26oauth_consumer_key > %3Dg4kGtt9OflmGNGfEPQAaw%26oauth_nonce > %3D37071428662683%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1280250833%26oauth_token%3D%26oauth_version > %3D1.0 > DIGEST=eZg+qEBXeFDSfFq6Chxyt9/3pvU= > > And the header: > Authorization: OAuth realm="https://api.twitter.com/oauth/ > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw", > oauth_token="", oauth_signature_method="HMAC-SHA1", > oauth_timestamp="1280250833", oauth_nonce="37071428662683", > oauth_version="1.0", oauth_signature="eZg%2BqEBXeFDSfFq6Chxyt9%2F3pvU > %3D" > > And the response is: > ========================================= > 401 unauthorized > Server=hi > Vary=Accept-Encoding > Last-Modified=Tue, 27 Jul 2010 17:15:31 GMT > Cache-Control=no-cache, no-store, must-revalidate, pre-check=0, post- > check=0 > X-Revision=DEV > Status=401 Unauthorized > Date=Tue, 27 Jul 2010 17:15:31 GMT > Expires=Tue, 31 Mar 1981 05:00:00 GMT > Pragma=no-cache > X-Runtime=0.00686 > X-Transaction=1280250931-50619-29066 > Set- > Cookie=_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNrj5hQqASIKZmxhc2hJQzonQWN0aW9uQ29u > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWUx > %250ANTY3YmQ0MTdmOGY3ZDQxMWY1NDNjNDIzOThmNDRl-- > eeba367f81559ae97d63fddfa8df09251ceab44f; domain=.twitter.com; path=/ > Content-Encoding=gzip > Content-Length=62 > Content-Type=text/html; charset=utf-8 > Connection=close > > Failed to validate oauth signature and token > ========================================= > > Are there issues on server-side? Thanks in advance.