I’m writing a signature generator in JS and am able to match the generated signature in the example provided by https://dev.twitter.com/oauth/overview/creating-signatures
The instructions for creating a signature base string are very specific, however, I’ve noticed that the Signature base string generated by the oauth tools signature generator, linked from https://dev.twitter.com/rest/reference/get/followers/list, doesn’t follow the specifications laid out in the Creating Signatures Documentation.
Specifically, under the Collecting Parameters heading, step 2 says the following:
- Sort the list of parameters alphabetically[1] by encoded key[2].
Looking at the Signature Base String generated from a GET followers/list example:
GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Ffollowers%2Flist.json&%253Binclude_user_entities%3Dfalse%26amp%253Bscreen_name%3Dtwitterdev%26amp%253Bskip_status%3Dtrue%26cursor%3D-1%26oauth_consumer_key%XXX%26oauth_nonce%3Dc14a6ea5235e38b854f12b7de6b27cd8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1459519379%26oauth_token%3DXXX%26oauth_version%3D1.0
All of the request query parameters precede the oauth_header parameters regardless of alphabetical order. Also the request query parameters aren’t in alphabetical order but the oauth_header parameters do follow alphabetical order.
Should my signature generator match the results of the example outlined in https://dev.twitter.com/oauth/overview/creating-signatures or should I match the results of an example generated from the Oauth Signature Generator linked form a page like https://dev.twitter.com/rest/reference/get/followers/list?
Thanks.
