First off, i'm uncertain which keys i can and can not post, so i'll obscure them.
My main problem is that i don't know which keys to send to the "request_token". Here is that i'm trying to send: (Note: time matches the servers, i've made sure of that) (Note: I have checked so that _all_ my keys are correct) (Note: I've also made sure that the signature matches up to my content of POST) POST /oauth/request_token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce="1309272106", oauth_callback="", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1309272106", oauth_consumer_key="pk...8pw", oauth_token="", oauth_signature="T5...5pQ%3D", oauth_version="1.0" User-Agent: InetCheck Host: api.twitter.com Keep-Alive: 115 Content-Length: 171 oauth_callback=&oauth_consumer_key=pk... 8pw&oauth_nonce=1309272106&oauth_signature_method=HMAC- SHA1&oauth_timestamp=1309272106&oauth_token=&oauth_version=1.0 After tat i recive either "Failed to validate oauth signature and token" or just a 401 return code. I'm trying to get my hands dirty here by developing my own API for Python. I know there are some out there but i don't like em + i don't trust other people. So i'm running Python2.6.5 And i'm using the modules: from socket import * from time import time, gmtime from random import randint import base64 import hashlib import hmac import urllib (i know, you're not supposed to do from <m> import * but i'm just making some basic code for a skeleton atm). The code to generate the header + POST data: (again, just a skeleton, ugly code, will be fixed when i got a working copy) dstr = '' if data: dstr += '' for k in ('oauth_callback', 'oauth_consumer_key', 'oauth_nonce', 'oauth_signature_method', 'oauth_timestamp', 'oauth_token', 'oauth_version'): if not k in data: raise KeyError("Missing " + k + ", please specify it at the login") dstr += k + '=' + data[k] + '&' dstr = dstr[:-1] secr = self.keySet[1] sign_key_base = 'POST' + '&' + urllib.quote_plus('http:// api.twitter.com/oauth/request_token') + '&' sign_key_base += urllib.quote_plus(dstr) print 'Using sign base:' print '\t' + sign_key_base + '\n' print '\t Key:' print '\t\t', [data['consumer_secret'] + '&'] print '\t\t', [hmac.new(data['consumer_secret'] + '&', sign_key_base, hashlib.sha1).digest()] print '\t\t', [base64.encodestring(hmac.new(data['consumer_secret'] + '&', sign_key_base, hashlib.sha1).digest())] secr = urllib.quote(base64.encodestring(hmac.new(data['consumer_secret'] + '&', sign_key_base, hashlib.sha1).digest()).replace('\n', '')) print '\t\t', [secr], '\n' ret = 'POST ' + URL + ' HTTP/1.1\r\n' ret += 'Content-Type: application/x-www-form-urlencoded\r\n' ret += 'Authorization: OAuth oauth_nonce="' + data['oauth_nonce'] + '", ' ret += 'oauth_callback="' + data['oauth_callback'] + '", ' ret += 'oauth_signature_method="HMAC-SHA1", ' ret += 'oauth_timestamp="' + data['oauth_nonce'] + '", ' ret += 'oauth_consumer_key="' + data['oauth_consumer_key'] + '", ' ret += 'oauth_token="' + data['oauth_token'] + '", ' ret += 'oauth_signature="' + secr + '", ' ret += 'oauth_version="1.0"\r\n' ret += 'User-Agent: InetCheck\r\n' ret += 'Host: ' + host + '\r\n' ret += 'Keep-Alive: 115\r\nContent-Length: ' + str(len(dstr)) + '\r\n \r\n' + dstr Please help me, it's getting on my nerves this oAuth stuff, really never ever came in contact with it until Twitter, sure it looks like a good security implementation but atm i don't like it :/ Any help is apritiated. Also, validated my oauth_signature and content via: http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ Everyting matches up against what i'm sending to the server. So if Twitter follows that standard it should all be good. I don't know tho if i should skip "oauth_callback" since it's an empty string anyways, or if i should skip "oauth_token" because i don't have one (also a empty string). -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk