401 Failed to validate oauth signature and token


#1

hi, i have troubles with this, i have check the signature with example consumer_keys and i can reproduce the same signature from examples and oauth tools, then i don’t think that the key are wrong, but i cant get a 200-ox code response.

I register the app today.

this is a base request example:

oauth_callback=http%3A%2F%2Fideahospedaje.com%2Ftwitter%2Ftwitterauth.html&oauth_consumer_key=I8b…pw&oauth_nonce=99056fc4e5bad1840fb711f9a4eb4c27&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1322177722&oauth_version=1.0

this is a signature:

41gfPGzylBCLIx3ZJ5Ymu27BCxg%3D

this is a full header:

POST /oauth/request_token HTTP/1.1
Accept: /
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Host: ideahospedaje.com
Authorization: OAuth oauth_callback=“http%3A%2F%2Fideahospedaje.com%2Ftwitter%2Ftwitterauth.html”, oauth_consumer_key=“I8b…pw”, oauth_nonce=“99056fc4e5bad1840fb711f9a4eb4c27”, oauth_signature=“41gfPGzylBCLIx3ZJ5Ymu27BCxg%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1322177722”, oauth_version="1.0"
Content-Length: 0

and this is the response:

Failed to validate oauth signature and token

all this is trying to request a token.

this is my code:

function normalizaparametros($params,$header=false)
{
$ret="";
ksort($params);
foreach(array_keys($params) as $k)
{
$ret.=$k."=".($header?’"’:’’).rawurlencode($params[$k]).($header?’"’:’’).($header?’, ‘:’&’);
}
$ret=rtrim($ret,"& ,");
return $ret;
}

function crearfirma($method,$url,$parameters,$token="")
{
global $modx;
ksort($parameters);
$key=$modx->getOption(‘twitter_consumersecret’)."&".$token;
$base=strtoupper($method)."&".rawurlencode($url)."&".rawurlencode(normalizaparametros($parameters));
$signature=base64_encode(hash_hmac (“sha1”,$base,$key,true));
return $signature;
}

$nonce=md5(base64_encode(“twitter”.rand().time()));

$autorizacion=array(
‘oauth_nonce’=>$nonce,
‘oauth_callback’=>$modx->getOption(‘site_url’).$callback,
‘oauth_signature_method’=>“HMAC-SHA1”,
‘oauth_timestamp’=>time(),
‘oauth_consumer_key’=>$modx->getOption(‘twitter_consumerkey’),

          'oauth_version'=>'1.0');

$autorizacion[“oauth_signature”]=crearfirma(“POST”,“https://api.twitter.com/oauth/request_token”,$autorizacion);

ksort($autorizacion);

$cabeceras=array(“Accept: /”,
“User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1”,
“Host: ideahospedaje.com”,
“Expect:”,
'Authorization: OAuth '.normalizaparametros($autorizacion,true)
);

foreach(array_keys($autorizacion) as $k){
$autorizacion[$k]=rawurlencode($autorizacion[$k]);
}
$handler = curl_init(“https://api.twitter.com/oauth/request_token”);
curl_setopt($handler, CURLOPT_HTTPHEADER, $cabeceras);
curl_setopt($handler, CURLOPT_POST, true);

    curl_setopt($handler, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($handler, CURLOPT_TIMEOUT, 30);
    curl_setopt($handler, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($handler, CURLINFO_HEADER_OUT, true);

curl_setopt($handler, CURLOPT_POSTFIELDS, array());
curl_setopt($handler, CURLOPT_FOLLOWLOCATION,true);

//curl_setopt($handler, CURLOPT_HEADER, true);

curl_setopt($handler, CURLOPT_RETURNTRANSFER, TRUE);

$respuesta = curl_exec ($handler);

curl_close($handler);

echo $respuesta;


#2

Is there a reason you’re passing
"Host: ideahospedaje.com",
in your request? That’s most certainly wrong for a request to api.twitter.com.