I’ve read through the OAuth docs from Twitter (which seem great), requested API keys, and a token for my Twitter account.
I’ve been able to call into https://api.twitter.com/1.1/account/verify_credentials.json and pull back my info without any issues.
Happy with some code that signs, sorts etc. I’ve moved onto requesting a token for user authorization.
This is a snippet of what’s working (pulling my info):
This is what I’m signing with my (consumerSecret&accessTokenSecret)
GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Faccount%2Fverify_credentials.json&oauth_consumer_key%3D##KEY##%26oauth_nonce%3D2edc41bfa9fe48369f2576452d14f942%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1361234363%26oauth_token%3D##TOKEN##%26oauth_version%3D1.0
This is my Authorization header:
OAuth oauth_token="##TOKEN##",
oauth_version=“1.0”,
oauth_consumer_key="##KEY##",
oauth_timestamp=“1361234363”,
oauth_signature_method=“HMAC-SHA1”,
oauth_nonce=“2edc41bfa9fe48369f2576452d14f942”,
oauth_signature=“oZh_8hvCBIROCiKOZaASoYxrGV8%3D”
This is a snippet of my token request, which isn’t working
What I’m signing (with just my consumerSecret)
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Fsign-in-with-twitter%252F%26oauth_consumer_key%3D##KEY##%26oauth_nonce%3D3963029ea8ce44ea841478163d3d936e%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1361238175%26oauth_version%3D1.0
Authorization header
OAuth oauth_nonce=“3963029ea8ce44ea841478163d3d936e”,
oauth_signature_method=“HMAC-SHA1”,
oauth_version=“1.0”,
oauth_timestamp=“1361238175”,
oauth_consumer_key="##KEY##",
oauth_callback=“http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F”,
oauth_signature=“cNHrnzEPlpDXh04hhu9RIcKmhhI%3D”
The only differences with either request is that
- the working one gets signed with
consumerSecret&accessTokenSecret and the other is signed with just consumerSecret
- the non-working one has
oauth_callback added to the authorization header, with an encoded URL (which gets re-encoded during the signing process)
- the working one has my accessToken added to the authorization header, and the other doesn’t
My clock is good, and I do get good requests from the first one, so that shouldn’t be an issue. I’ve removed the callback from the second (I know it’s required, but just to see if I get some other error, as that’s the only new thing added). Is there something blatantly obvious that I’m missing?
Thanks =)
