Hi João,
Can you share the code you use to actually execute the request? I'd like to
make sure that all the OAuth-related parameters are being sent in the HTTP
header, the x_auth_* parameters should be in the POST body. You shouldn't
have any x_auth parameters in your authorization header, and you shouldn't
have any oauth_* parameters in your POST body.
On first glance, your signature base string appears correct. Have you also
verified that the timestamp on the machine executing the requests is in sync
with our clock?
Thanks,
Taylor
2010/8/30 João Paulo Sabino de Moraes <jona...@gmail.com>
> Hi Everyone,
>
> I´ve got an application account that has already an xAuth access. But I
> still got 401 Error saying : "Failed to validate oauth signature and token";
>
> I thinks I´m not missing any parameter, the code is in as3 but you can see
> the parameteres and more below the encoded signstring .
>
> request = ACCESS;
> var vars:String = "";
> var urlRequest:URLRequest = new URLRequest("
> https://api.twitter.com/oauth/access_token";);
> var params : URLVariables = new URLVariables();
> params.oauth_consumer_key = consumerKey;
> vars += "oauth_consumer_key="+consumerKey;
> params.oauth_consumer_secret = consumerSecret;
> vars += "&oauth_consumer_secret="+consumerSecret;
> var temp = nonce;
> params.oauth_nonce = temp;
> vars += "&oauth_nonce="+temp;
> params.oauth_signature_method = "HMAC-SHA1";
> vars += "&oauth_signature_method=HMAC-SHA1";
> var temp = time;
> params.oauth_timestamp = temp;
> vars += "&oauth_timestamp="+temp;
> params.oauth_version = "1.0";
> vars += "&oauth_version=1.0";
> params.x_auth_mode = "client_auth";
> vars += "&x_auth_mode=client_auth";
> params.x_auth_password = password;
> vars += "&x_auth_password="+password;
> params.x_auth_username = user;
> vars += "&x_auth_username="+user;
> var signString:String = "POST&" + encodeURIComponent("
> https://api.twitter.com/oauth/access_token";) + "&" +
> encodeURIComponent(vars);
> var hmac:HMAC = Crypto.getHMAC("sha1");
> var key:ByteArray = Hex.toArray(
> Hex.fromString(encodeURIComponent(consumerSecret) + "&" +
> encodeURIComponent(oauthTokenSecret)));
> var data:ByteArray = Hex.toArray( Hex.fromString( signString ) );
> var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) );
> trace(signString);
> params.oauth_signature = encodeURIComponent(sha);
>
>
>
>
> oauth_consumer_key=31NPH6FNUQi5HsWHzSbjQ&oauth_consumer_secret=jSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI&oauth_nonce=94252&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1283202704&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=passWordTest&x_auth_username=usernameTest
>
> Ecoded SignString:
>
> POST&https%3A%2F%2Fapi.twitter.com
> %2Foauth%2Faccess_token&oauth_consumer_key%3D31NPH6FNUQi5HsWHzSbjQ%26oauth_consumer_secret%3DjSwOaW3RDS9DnVmKvgHiNrx7sW0QYj9w9lMBL8P6bI%26oauth_nonce%3D94252%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283202704%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3DpassWordTest%26x_auth_username%3DusernameTest
>
>
> thanks
>
>
>
> --
> João Paulo S. de Moraes
> +55 81 3432 3804
> +55 81 9189 3814 (mobile)
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk?hl=en
>
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk?hl=en
