In case anyone was following this, I figured it out. I had a
programmatic problem that caused a mismatch between the status
populated in the base string and status sent in the POST body. I was
also URL encoding the POST body, which I don't think I should have
been doing. Anyway, it's working now.
On Nov 29, 11:15 pm, Chris Koenig <chris.koe...@gmail.com> wrote:
> Hi,
>
> I'm trying to add (what I thought would be) a simple feature to a game
> I developed - allow the users to post their scores to twitter. Since
> my app is a game for the webOS platform, I felt xauth was the best way
> to implement this. I already got xauth approval from Twitter. I also
> have been able to request access tokens without any trouble.
>
> However, when it comes down to using the oauth token and oauth secret,
> I am totally 100% stuck.
> I've spent a few days on this, and I've tried changing small things,
> changing it back, it's driving me crazy, and no matter what I do I
> always get this response:
>
> failed to post to twitter: {"request":"\/1\/statuses\/
> update.json","error":"Incorrect signature"}
>
> Here is my code for constructing the and signing base string:
> var updateUrl = "http://api.twitter.com/1/statuses/update.json";;
> var timestamp = Math.floor( (new Date(dt.toUTCString() )).getTime()/
> 1000);
> var update_data=
> 'oauth_consumer_key=' +
> encodeURIComponent(constants.consumerKey) +
> '&oauth_nonce=' + encodeURIComponent(nonce) +
> '&oauth_signature_method=HMAC-SHA1' +
> '&oauth_timestamp=' + timestamp +
> '&oauth_token='+encodeURIComponent(o_auth_token) +
> '&oauth_version=1.0' +
> '&status='+encodeURIComponent("wow");
> var base_string = "POST&" + encodeURIComponent(updateUrl)
> + "&" + encodeURIComponent(update_data);
> var oauth_signature =
> b64_hmac_sha1(constants.consumerSecret+"&"+o_auth_secret,
> base_string);
>
> o_auth_token and o_auth_secret are set prior to this block of code by
> parsing the response from the access token url call.
>
> And here is my code for building the authorization header:
> var auth_header = 'OAuth
> realm="",oauth_consumer_key="'+constants.consumerKey +
> '",oauth_nonce="'+nonce
> +'",oauth_signature="'+oauth_signature+
> '",oauth_signature_method="HMAC-
> SHA1",oauth_timestamp="'+ timestamp +
> '",oauth_token="'+o_auth_token
> +'",oauth_version="1.0"';
>
> I've checked that my signature message matches when plugging in
> applicable values using this
> tool:http://oauth.googlecode.com/svn/code/javascript/example/signature.html
>
> So it is NOT an issue with signing...
>
> And here is an output base string I get before signing:
> POST&http%3A%2F%2Fapi.twitter.com%
> 2F1%2Fstatuses%2Fupdate.json&oauth_consumer_key
> %3DJxPeA0aTWPfkULuWu80dyA%26oauth
> _nonce%3DIpx2fKgwUXlQ18d%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%
> 3D1291099840%26oauth_token%3D186684223-
> buwCSVt0NJQ7BDUo0q5OZo4jWjgSCDhPT2IBEGRF%
> 26oauth_version%3D1.0%26status%3Dwow
>
> and here is the authorization header i sent:
> OAuth
> realm="",oauth_consumer_key="JxPeA0aTWPfkULuWu80dyA",oauth_nonce="Ipx2fKgwU
> XlQ18d",oauth_signature="OzJHTccP
> %2FNurB5I1MrP2CUkGAyQ%3D",oauth_signature_method="HMAC-
> SHA1",oauth_timestamp="1291099840",oauth_token="186684223-
> buwCSVt0NJQ7BDUo0q5OZo4jWjgSCDhPT2IBEGRF",oauth_version="1.0"
>
> Some things I'm not sure of:
> 1. Is that first "realm="" " thing needed in the auth header?
> 2. If I generate unix time using the local time zone, will that cause
> an incorrect signature since it would be say pacific time not UTC
> time? (seems to work ok to get the the access tokens though...)
> 3. Are spaces correct after each comma in the auth header, or not, or
> does it matter?
> 4. Does the order matter in the auth header?
>
> Thanks a lot for all the help, I'm beat and giving up on this for the
> evening.
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
