The only relevant part of my code :
$sig = base64_encode(hash_hmac('sha1', $baseString, $key, true));Key and Base String are visible on the page itself ;-) Tom On Mon, 20 Sep 2010 01:59:14 -0700 (PDT), mlowicki <mlowi...@gmail.com> wrote: > When i'm using http://quonos.nl/oauthTester/ for oAuth validation with > my code i get: > > Base String syntax: OK > > Method type: OK > > URL: OK > > Parameters syntax: O > > But when i replace my secret with > "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98" i get different > signature - ZtkBQc2RwY+Jv1Fv8fXoasR4DLo > > @Tom, can you show the source of your php script for validation? > > > On Sep 18, 11:41 pm, Nikolay Klimchuk <klimc...@gmail.com> wrote: >> Second part of the base string: >> oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob >> j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC- >> SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x >> _auth_password= >> %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant >> >> Should be also URLEncoded >> >> On Sep 18, 7:19 am, mlowicki <mlowi...@gmail.com> wrote: >> >> >> >> > I tried with data fromhttp://dev.twitter.com/pages/xauth: >> >> > (function() { >> > var secret = "5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&"; >> > var access_token = "oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw" + >> > "&oauth_nonce=WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA" + >> > "&oauth_signature_method=HMAC-SHA1" + >> > "&oauth_timestamp=1276101652" + >> > "&oauth_version=1.0" + >> > "&x_auth_mode=client_auth" + >> > "&x_auth_password=%&123!aZ+()456242134" + >> > "&x_auth_username=tpFriendlyGiant"; >> > var base_string = "POST&" + >> > encodeURIComponent( >> > "https://api.twitter.com/oauth/access_token";) + "&" + >> > encodeURIComponent(access_token); >> >> > console.debug("base_string", base_string); >> > console.debug("oauth_signature", b64_hmac_sha1(secret, base_string)); >> >> > })(); >> >> > This is my base_string: >> >> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth >> > %2Faccess_token&oauth_consumer_key=sGNxxnqgZRHUt6NunK3uw&oauth_nonce=WLxsob >> > j4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA&oauth_signature_method=HMAC- >> > SHA1&oauth_timestamp=1276101652&oauth_version=1.0&x_auth_mode=client_auth&x >> > _auth_password= >> > %25&123!aZ+()456242134&x_auth_username=tpFriendlyGiant >> >> > This on is from dev.twitter.com >> >> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth >> > %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw >> > %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA >> > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp >> > %3D1276101652%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth >> > %26x_auth_password%3D%2525%2526123%2521aZ%252B >> > %2528%2529456242134%26x_auth_username%3DtpFriendlyGiant >> >> > I found the differences in encoding %&123!aZ+() prefix from password >> > in base_string: >> >> > From dev.twitter.com/pages/xauth: >> >> > %2525%2526123%2521aZ%252B%2528%2529 >> >> > From code above: >> >> > %25%26123!aZ%2B() >> >> > I use wrong encoding method then and encoding is wrong applied? >> >> > BR, >> > Michał Łowicki -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
