[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

Sat, 18 Sep 2010 14:41:55 -0700 

Second part of the base string:
oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
_auth_password=
%25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant

Should be also URLEncoded

On Sep 18, 7:19 am, mlowicki <mlowi...@gmail.com> wrote:
> I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> (function() {
> var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> "&oauth_signature_method=HMAC-SHA1" +
> "&oauth_timestamp=1276101652" +
> "&oauth_version=1.0" +
> "&x_auth_mode=client_auth" +
> "&x_auth_password=%&123!aZ+()456242134" +
> "&x_auth_username=tpFriendlyGiant";
> var base_string = "POST&" +
> encodeURIComponent(
> "https://api.twitter.com/oauth/access_token";) + "&" +
> encodeURIComponent(access_token);
>
> console.debug("base_string", base_string);
> console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> })();
>
> This is my base_string:
>
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob 
> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x 
> _auth_password=
> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> This on is from dev.twitter.com
>
> POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> %26x_auth_password%3D%2525%2526123%2521aZ%252B
> %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> I found the differences in encoding %&123!aZ+() prefix from password
> in base_string:
>
> From dev.twitter.com/pages/xauth:
>
> %2525%2526123%2521aZ%252B%2528%2529
>
> From code above:
>
> %25%26123!aZ%2B()
>
> I use wrong encoding method then and encoding is wrong applied?
>
> BR,
> Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to