Correct signature for oauth/access_token


I am getting an error on oauth/access_token immediately after returning to my website when I try to get the token. I get “Invalid or expired token” but as the token is generated straight away this shouldn’t be the case. I’m wondering if my signature is wrong, but I’m using consumer_secret&oauth_token_secret from the oauth/request_token stage.

Any thoughts why I might be getting this error? Thanks.


Just to be clear - this is example code I’m using to try and get the signature from here:

    public function testSignature(){
            // testing bit
            $oauth = array(
            $this->o_secret = 'veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI';
            $this->c_secret = 'L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg';    
            $string = rawurlencode(http_build_query($oauth));
            $new_string = strtoupper($http_method).'&'.rawurlencode($main_url[0]).'&'.$string;
            // The request_token request doesn't need a o_secret because it doesn't have one!
            $sign_key = $this->c_secret.'&'.$this->o_secret; 

            echo 'Should be: 39cipBtIOHEEnybAR4sATQTpl2I%3D<br>';
            echo 'We get: '.urlencode(base64_encode(hash_hmac('sha1',$new_string,$sign_key,true)));