You should URL-encode all values first, before putting them in the Body part of the Base String (which is then URL-encoded again).
In your case, oauth_callback isn't properly encoded. Tom On 10/26/10 9:20 PM, MartinHN wrote: > Signature base: > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth > %2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fyakinix.web%2Foauth > %2Fcallback%26oauth_consumer_key%3D6lu1o0Jd01UoBPIvdohog%26oauth_nonce > %3Df35812a9-39e7-41f4-b2aa-e08bae349f60%26oauth_signature_method > %3DHMAC-SHA1%26oauth_timestamp%3D1288120763%26oauth_version%3D1.0 > > New timestamp and nonce, since I copied the above from a new request. > > On Oct 26, 9:06 pm, Tom van der Woerdt <i...@tvdw.eu> wrote: >> You're probably not creating a signature the right way. What is your >> base string? >> >> Tom >> >> On 10/26/10 9:01 PM, MartinHN wrote: >> >> >> >> >> >> >> >>> Hi >> >>> I'm getting the Failed to validate oauth signature and token error, >>> and I really don't know what I'm doing wrong. >> >>> Here are the request and responses, hope someone can figure out what's >>> wrong: >> >>> Request: >> >>> POSThttps://api.twitter.com/oauth/request_tokenHTTP/1.1 >>> Content-Type: application/x-www-form-urlencoded >>> Authorization: OAuth oauth_nonce="63b2a5f9- >>> c84c-4139-9e72-09704f8c460f", oauth_callback="http%3A%2F%2Fyakinix.web >>> %2Foauth%2Fcallback", oauth_signature_method="HMAC-SHA1", >>> oauth_timestamp="1288119361", >>> oauth_consumer_key="6lu1o0Jd01UoBPIvdohog", >>> oauth_signature="vI8MaCVg7XciXIeIay%2Bg%2BXGiflM%3D", >>> oauth_version="1.0" >>> Host: api.twitter.com >>> Content-Length: 0 >>> Connection: Keep-Alive >> >>> Response: >> >>> HTTP/1.1 401 Unauthorized >>> Date: Tue, 26 Oct 2010 18:56:02 GMT >>> Server: hi >>> Status: 401 Unauthorized >>> X-Transaction: 1288119362-88573-53455 >>> Last-Modified: Tue, 26 Oct 2010 18:56:02 GMT >>> X-Runtime: 0.01085 >>> Content-Type: text/html; charset=utf-8 >>> Content-Length: 44 >>> Pragma: no-cache >>> X-Revision: DEV >>> Expires: Tue, 31 Mar 1981 05:00:00 GMT >>> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- >>> check=0 >>> Set-Cookie: k=87.60.166.192.1288119362316968; path=/; expires=Tue, 02- >>> Nov-10 18:56:02 GMT; domain=.twitter.com >>> Set-Cookie: guest_id=128811936237445035; path=/; expires=Thu, 25 Nov >>> 2010 18:56:02 GMT >>> Set-Cookie: >>> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEij5ekrAToHaWQiJTYxZjRmNzM4OTYwNzBl >>> %250AMzA3NWRlY2VhZTI1NDFhZGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy >>> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--560f0521cbaf0946beaf5055905d >>> 6d07c1deb378; >>> domain=.twitter.com; path=/ >>> Vary: Accept-Encoding >>> Connection: close >> >>> Failed to validate oauth signature and token >> >>> Can anyone see what's wrong? > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk