The problem is that you are confusing xAuth and OAuth. xAuth is only <https://api.twitter.com/oauth/access_token>, allowing you to exchange username/password for oauth_token and oauth_token_secret.
OAuth only needs those two keys, not your username or password. (I would recommend that you read the docs and/or OAuth 1.0a spec) Also, I wouldn't recommend opening the URL in a new window. If your programming language has a way to open the URL and display the output, I would recommend that option. Tom On 9/21/10 9:34 AM, andy wrote: > Hello Tom, > > unfortunately, it still doesn´t work. When my basestring does not > include x_auth_password and x_auth_username I don´t get an successfull > response? > > Now I am doing it as it is described in the documentation on > http://dev.twitter.com/pages/xauth. > > I get an successfull Response with following parameter: > oauth_token=1177....&oauth_token_secret=WfLZlea.......&user_id=myID6&screen_name=myName&x_auth_expires=0 > > > Now, I will get the Friends Timeline with the URL > http://api.twitter.com/1/statuses/friends_timeline.xml and the > following GET-Parameter: > > oauth_consumer_key, oauth_signature, oauth_token, oauth_consumer_key > and oauth_token_secret > > When I send the request with this parameters, it will open a new > window, where should I enter my user data. > > After this, I get an error response with following message: > > > <?xml version="1.0" encoding="UTF-8"?> > <hash> > <request>/1/statuses/friends_timeline.xml? > oauth_consumer_key=iTAqwZGGBLrC95j9N7VJA&oauth_nonce=41A58B82-45EA- > D3DC- > B770-3336247590DF&oauth_signature=Qze584pBZdLVX2OiPAdk7rLwOjE=&oauth_signature_method=HMAC- > SHA1&oauth_timestamp=1285054407&oauth_token=17312344- > qoIC5BRaaMw63fnP5fCZf8rfTJ73uqIPjjXLtvlJY&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=infoMantis&x_auth_username=Matapolo</ > request> > <error>Incorrect signature</error> > </hash> > > > Can you tell me, what is wrong on my request? > > > > > > > > > > > > > On 20 Sep., 20:43, andy <andreas-wilkeme...@andreazw.de> wrote: >> OK, tomorrow I will try it again. >> >> Thaks >> Andreas >> >> On 20 Sep., 20:37, Tom van der Woerdt <i...@tvdw.eu> wrote: >> >>> Thanks, I know how xAuth works. ;-) This isn't xAuth though. >> >>> The Base String consists of all parameters you send to Twitter. You >>> aren't sending x_auth_username/x_auth_password (nor should you) so it >>> shouldn't be in the Base String. >> >>> You may be confused between xAuth and OAuth here: xAuth is simply an >>> extension to OAuth, so that Desktop applications can easily exchange >>> usernames/passwords for credentials. However, a call to any other >>> endpoint than access_token is not at all related to xAuth, so you should >>> not be sending the username and/or password. That's what credentials are >>> for :-) >> >>> Tom >> >>> On 9/20/10 8:35 PM, andy wrote: >> >>>> I use xauth, so I can log in directly from my application for Twitter. >>>> For pure OAuth it l ft an extra URL on Twitter and you get a pin code >>>> with which I return to my application needs. >> >>>> The xauth-i parameter to give, as it is described in the Twitter >>>> documentation. >> >>>> Would in my GET request, the parameters are passed with xauth? >> >>>> On 20 Sep., 20:23, Tom van der Woerdt <i...@tvdw.eu> wrote: >>>>> No, that's no problem. >> >>>>> What I *did* just notice is that the parameters in your Base String >>>>> don't match the parameters in your GET. Why are you sending x_auth_*? >> >>>>> Tom >> >>>>> On 9/20/10 8:21 PM, andy wrote: >> >>>>>> Thank you for the quick help, I've just seen that the parameters >>>>>> since_id, since_date, max_id, count, page I have not supplied. >>>>>> Can there be a problem because in the absence of these? >> >>>>>> On 20 Sep., 20:10, Tom van der Woerdt <i...@tvdw.eu> wrote: >>>>>>> Yes, OAuth is the authentication layer. If you are asked for a password, >>>>>>> just click cancel (but really, it shouldn't ask you for one). >> >>>>>>> Tom >> >>>>>>> On 9/20/10 8:07 PM, andy wrote: >> >>>>>>>> Hello Tom, >> >>>>>>>> I get an successfull response with the oauthToken, oauthSecret, >>>>>>>> userId, Screenname. >> >>>>>>>> My basestring to generate my signature ist this: >>>>>>>> POST&https%3A%2F%2Fapi.twitter.com%2Foauth >>>>>>>> %2Faccess_token&oauth_consumer_key%3D...myKey...%26oauth_nonce >>>>>>>> %3D4093828128%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp >>>>>>>> %3D1284991785%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth >>>>>>>> %26x_auth_password%3D...myTwitterPassword....%26x_auth_username >>>>>>>> %3D...myTwitterUserName... >> >>>>>>>> When I send a request with GET-Parameter it will open a Window, where >>>>>>>> should I enter my user data. After this I will get following XML-Code: >> >>>>>>>> <hash> >>>>>>>> - >>>>>>>> <request> >>>>>>>> /1/statuses/home_timeline.xml? >>>>>>>> oauth_timestamp=1284991785&oauth_token=..myOauthToken..&oauth_consumer_key=...myConsumer_Key...&oauth_signature_method=HMAC- >>>>>>>> SHA1&oauth_version=1.0& >>>>>>>> oauth_nonce=0EEC37AC-3B39-9DC5-4316-2F7A999B057B&oauth_signature=..myGeneratedSignanture >>>>>>>> </request> >>>>>>>> <error>Could not authenticate you.</error> >>>>>>>> </hash> >> >>>>>>>> The Signantur is indeed meant to be autentifizieren the user, or not? > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
