Correct signature for oauth/access_token


#1

I am getting an error on oauth/access_token immediately after returning to my website when I try to get the token. I get “Invalid or expired token” but as the token is generated straight away this shouldn’t be the case. I’m wondering if my signature is wrong, but I’m using consumer_secret&oauth_token_secret from the oauth/request_token stage.

Any thoughts why I might be getting this error? Thanks.


#2

Just to be clear - this is example code I’m using to try and get the signature from here: https://dev.twitter.com/docs/auth/implementing-sign-twitter

    public function testSignature(){
            // testing bit
            $oauth = array(
                    'oauth_consumer_key'=>'cChZNFj6T5R0TigYB9yd1w',
                    'oauth_nonce'=>'a9900fe68e2573b27a37f10fbad6a755',
                    'oauth_signature_method'=>'HMAC-SHA1',
                    'oauth_timestamp'=>'1318467427',
                    'oauth_token'=>'NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0',
                    'oauth_version'=>'1.0'            
            );
                        
            $this->o_secret = 'veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI';
            $this->c_secret = 'L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg';    
            
            ksort($oauth);
            
            $string = rawurlencode(http_build_query($oauth));
            
            $new_string = strtoupper($http_method).'&'.rawurlencode($main_url[0]).'&'.$string;
            
            // The request_token request doesn't need a o_secret because it doesn't have one!
            $sign_key = $this->c_secret.'&'.$this->o_secret; 

            echo 'Should be: 39cipBtIOHEEnybAR4sATQTpl2I%3D<br>';
            echo 'We get: '.urlencode(base64_encode(hash_hmac('sha1',$new_string,$sign_key,true)));
            exit;    
    }