Error in Signature Creation Documentation

silverspitz · 2014-11-13 04:14:36 UTC

It says here in the last part of the page: https://dev.twitter.com/oauth/overview/creating-signatures

The sample HMAC-SHA1 output is
"B6 79 C0 AF 18 F4 E9 C5 87 AB 8E 20 0A CD 4E 48 A9 3F 8C B6"

And the sample result after base64 encoding the HMAC-SHA1 output is
"tnnArxj06cWHq44gCs1OSKk/jLY="

But then I try to do base64 encoding of
"B6 79 C0 AF 18 F4 E9 C5 87 AB 8E 20 0A CD 4E 48 A9 3F 8C B6"

I get
QjY3OUMwQUYxOEY0RTlDNTg3QUI4RTIwMEFDRDRFNDhBOTNGOENCNg==

Based on my experience, base64 encoding a string always makes it longer, not shorter. It seems that the sample signature output in the documentation is incorrect.

silverspitz · 2014-11-13 06:10:50 UTC

Note that the sample signature base string in the documentation is:

POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.json&include_entities%3Dtrue%26oauth_consumer_key%3Dxvz1evFS4wEEPTGEFPHBog%26oauth_nonce%3DkYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1318622958%26oauth_token%3D370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb%26oauth_version%3D1.0%26status%3DHello%2520Ladies%2520%252B%2520Gentlemen%252C%2520a%2520signed%2520OAuth%2520request%2521

and the sample signing key is:
kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw&LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE

i got this output from the signing function:

tnnArxj06cWHq44gzU5IqT+Mtgo=

using:

echo -n ${SIGNATURE_BASE} | openssl dgst -sha1 -hmac ${SIGNING_KEY} -binary

still not the same as the one in documentation:

tnnArxj06cWHq44gCs1OSKk/jLY=

mjbk88 · 2014-11-13 10:15:43 UTC

$signature = base64_encode(hash_hmac(“sha1”, $sig_url, $key, true)); <- try using that if you are using PHP.