By revealing your consumer secret in this forum, especially for a key that has access to xAuth, you've basically compromised your application and the potential security of many -- your consumer secret should be kept safe and outside of public visibility. It's still a necessary component for you to build your integration.
Have you seen this AS3 library for OAuth? http://code.google.com/p/oauth-as3/ I can't really help too much with your actual code in AS3, but taking a look at (or utilizing) this library might aid your understanding in this area. I would also caution against trusting that the default character conversions that encodeURIComponent() performs will be valid in all cases. Taylor 2010/8/31 João Paulo Sabino de Moraes <jona...@gmail.com> > Thanks for Replying Guys! > > Taylor, Why was it necessary to generate generate other keys ? > > And Tom (or Taylor) I'm using consumerSecret because at session : "Example > request for an xAuth request token", this key is listed in the request keys. > So, is this example "depracated" ? > > Another doubt. After generating OAuth signature base string I didn't > understand how to generate oauth_signature > based on that string..... I'm using some as3 crypto methods to do it , but > I really don't know what keys combinations to use > to generate the correct oauth_signature. > > I'm using the xAuth documentation example. > > > var signString:String = "POST&https%3A%2F%2Fapi.twitter.com > %2Foauth%2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw%26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D%2525%2526123%2521aZ%252B%2528%2529456242134%26x_auth_username%3DtpFriendlyGiant"; > var hmac:HMAC = Crypto.getHMAC("sha1"); > > var key:ByteArray = Hex.toArray( > Hex.fromString(encodeURIComponent(consumerKey) + "&" + > encodeURIComponent(consumerSecret))); > var data:ByteArray = Hex.toArray( Hex.fromString( signString ) ); > var sha:String = Base64.encodeByteArray( hmac.compute( key, data ) ); > trace(signString); > params.oauth_signature = encodeURIComponent(sha); > > thanks > -- > jp > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
