I’m trying to use OAuth to sign in users on a web site. I followed the information available on https://dev.twitter.com/docs/auth/oauth and validated my code with unit tests against values found in the documentation. But when using my application’s secret strings it fails with “Failed to validate oauth signature and token”. I don’t use any library as I try to understand how it works.
I’m not sure about how to generation the nonce. At the moment I get a timestamp representing the total seconds elapsed since January, the 1st of 1970. I’ve checked that the system clock is correctly set. I seed a pseudo random generator and feed a 32 bytes array of random data and convert it to base64 as the nonce.
Here’s my authorization header:
OAuth oauth_nonce="QojA+w4lwJCz6cayAEmKxODw53z29jSghv07F3pmJlU=", oauth_callback="http%3A%2F%2Flocalhost%3A1277%2FHome%2FTwitterCallback", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1319658858", oauth_consumer_key="eY3fgMXqkX5Snwb54Llg", oauth_signature="Ohw7CJdWkNaOf7cywzG8A43GRgc%3D", oauth_version="1.0"
Do you see anything wrong?
Thank’s a lot in advance!