I'm trying to implement Twitter XAuth for my application. My
application has already been registered and approved for XAuth
privileges. However, the documentation mentions that I need to include
a "nonce" or "token secret" when authenticating. What is this? I have
no idea what the nonce or token secret is and how to generate/get
one.
Also, if anyone else can verify how if the code I'm writing to
generate the signing secret is correct.
$signature = base64_encode(hash_hmac('sha1', $baseString,
$oauth_consumer_secret.'&'.$token_secret, true));
where $baseString is the signature base, $oauth_consumer_secret is
self-explanatory and $token_secret is the token secret(whatever that
is).
I'm actually able to send a request to twitter but I always get the
same response "Failed to validate oauth signature and token".
My php code is below. It'll be helpful if someone can help me out with
this as I've been trying to get this to work for a while now. Thanks!
<?
$oauth_consumer_key = "XXX";
$oauth_consumer_secret = "YYY";
$oauth_nonce = ???;
$oauth_signature_method = "HMAC-SHA1";
$oauth_timestamp = time();
$oauth_version = "1.0";
$x_auth_mode = "client_auth";
$x_auth_password = "AAAA";
$x_auth_username = "BBBB";
$token_secret = "????";
$baseString = "https://api.twitter.com/oauth/access_token"; .
"&oauth_consumer_key=" .urlencode($oauth_consumer_key) .
"&oauth_nonce=" . urlencode($oauth_nonce) .
"&oauth_signature_method=" . urlencode($oauth_signature_method) .
"&oauth_timestamp=" . urlencode($oauth_timestamp) .
"&oauth_version=" . urlencode($oauth_version) . "&x_auth_mode=" .
urlencode($x_auth_mode) . "&x_auth_password=" .
urlencode($x_auth_password) . "&x_auth_username=" .
urlencode($x_auth_username);
$baseString = "POST&" . urlencode($a);
$post = "x_auth_mode=client_auth&x_auth_password=" .
urlencode($x_auth_password) . "&x_auth_username=" .
urlencode(x_auth_username);
$signature = base64_encode(hash_hmac('sha1', $baseString,
$oauth_consumer_secret.'&'.$token_secret, true));
$auth = "OAuth oauth_nonce=\"" . $oauth_nonce . "\",
oauth_signature_method=\"" . $oauth_signature_method . "\",
oauth_timestamp=\"" . $oauth_timestamp . "\", oauth_consumer_key=\"" .
$oauth_consumer_key . "\", oauth_signature=\"" .
urlencode($signature) ."\", oauth_version=\"" . $oauth_version . "\"";
$ch = curl_init("https://api.twitter.com/oauth/access_token";);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect: ", "Authorization:
$auth"));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$b = curl_exec($ch);
var_dump($b);
curl_close($ch);
?>
