When i'm using http://quonos.nl/oauthTester/ for oAuth validation with my code i get:
Base String syntax: OK Method type: OK URL: OK Parameters syntax: O But when i replace my secret with "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo @Tom, can you show the source of your php script for validation? On Sep 18, 11:41 pm, Nikolay Klimchuk <klimc...@gmail.com> wrote: > Second part of the base string: > oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC- > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x > _auth_password= > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant > > Should be also URLEncoded > > On Sep 18, 7:19 am, mlowicki <mlowi...@gmail.com> wrote: > > > > > I tried with data fromhttp://dev.twitter.com/pages/xauth: > > > (function() { > > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&"; > > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" + > > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" + > > "&oauth_signature_method=HMAC-SHA1" + > > "&oauth_timestamp=1276101652" + > > "&oauth_version=1.0" + > > "&x_auth_mode=client_auth" + > > "&x_auth_password=%&123!aZ+()456242134" + > > "&x_auth_username=tpFriendlyGiant"; > > var base_string = "POST&" + > > encodeURIComponent( > > "https://api.twitter.com/oauth/access_token") + "&" + > > encodeURIComponent(access_token); > > > console.debug("base_string", base_string); > > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string)); > > > })(); > > > This is my base_string: > > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth > > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob > > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC- > > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x > > _auth_password= > > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant > > > This on is from dev.twitter.com > > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth > > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw > > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA > > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth > > %26x_auth_password%3D%2525%2526123%2521aZ%252B > > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant > > > I found the differences in encoding %&123!aZ+() prefix from password > > in base_string: > > > From dev.twitter.com/pages/xauth: > > > %2525%2526123%2521aZ%252B%2528%2529 > > > From code above: > > > %25%26123!aZ%2B() > > > I use wrong encoding method then and encoding is wrong applied? > > > BR, > > Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en