[twitter-dev] Re: "Failed to validate oauth signature and token" with xAuth

Mon, 20 Sep 2010 02:08:03 -0700 

this is how my code looks like now:

        var username = encodeURIComponent("user");
        var password = encodeURIComponent("password");
        var url = "https://api.twitter.com/oauth/access_token";;
        var key = "key";
        var secret = "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98";
        var timestamp = Math.round((new Date()).getTime() / 1000);
        var nonce = Math.random();

        var access_token =  "oauth_consumer_key=" + key +
            "&oauth_nonce=" + nonce +
            "&oauth_signature_method=HMAC-SHA1" +
            "&oauth_timestamp=" + timestamp +
            "&oauth_version=1.0" +
            "&x_auth_mode=client_auth" +
            "&x_auth_password=" + password +
            "&x_auth_username=" + username;



        var base_string = "POST&" + encodeURIComponent(url) + "&" +
            encodeURIComponent(access_token);

        console.debug("base string", base_string);
        var oauth_signature = b64_hmac_sha1(secret, base_string);
        console.debug("signature", oauth_signature);
        oauth_signature = encodeURIComponent(oauth_signature+"=");


On Sep 20, 10:59 am, mlowicki <mlowi...@gmail.com> wrote:
> When i'm usinghttp://quonos.nl/oauthTester/for oAuth validation with
> my code i get:
>
> Base String syntax: OK
>
> Method type: OK
>
> URL: OK
>
> Parameters syntax: O
>
> But when i replace my secret with
> "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different
> signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo
>
> @Tom, can you show the source of your php script for validation?
>
> On Sep 18, 11:41 pm, Nikolay Klimchuk <klimc...@gmail.com> wrote:
>
>
>
> > Second part of the base string:
> > oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > _auth_password=
> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > Should be also URLEncoded
>
> > On Sep 18, 7:19 am, mlowicki <mlowi...@gmail.com> wrote:
>
> > > I tried with data fromhttp://dev.twitter.com/pages/xauth:
>
> > > (function() {
> > > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&";
> > > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" +
> > > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" +
> > > "&oauth_signature_method=HMAC-SHA1" +
> > > "&oauth_timestamp=1276101652" +
> > > "&oauth_version=1.0" +
> > > "&x_auth_mode=client_auth" +
> > > "&x_auth_password=%&123!aZ+()456242134" +
> > > "&x_auth_username=tpFriendlyGiant";
> > > var base_string = "POST&" +
> > > encodeURIComponent(
> > > "https://api.twitter.com/oauth/access_token";) + "&" +
> > > encodeURIComponent(access_token);
>
> > > console.debug("base_string", base_string);
> > > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string));
>
> > > })();
>
> > > This is my base_string:
>
> > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob
> > >  j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC-
> > > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x
> > >  _auth_password=
> > > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant
>
> > > This on is from dev.twitter.com
>
> > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw
> > > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA
> > > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> > > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> > > %26x_auth_password%3D%2525%2526123%2521aZ%252B
> > > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant
>
> > > I found the differences in encoding %&123!aZ+() prefix from password
> > > in base_string:
>
> > > From dev.twitter.com/pages/xauth:
>
> > > %2525%2526123%2521aZ%252B%2528%2529
>
> > > From code above:
>
> > > %25%26123!aZ%2B()
>
> > > I use wrong encoding method then and encoding is wrong applied?
>
> > > BR,
> > > Michał Łowicki

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to