Plaintext oauth_signature_method not available?


#1

I’m getting further into Twitter’s API, now working on gaining access to protected resources from a desktop app through the oAuth method. (I’ve succeeded with the Facebook oAuth API, so I have some background already.)

I’m stuck at requesting a Request Token. I’ve been attempting to use plaintext as the oauth_signature_method, but it’s getting rejected (Failed to validate oauth signature and token). I found a great PHP tutorial at:

… which has been helping me get to the nitty gritty. Just for fun, I toggled his method from HMAC-SHA1 to plaintext, and all of a sudden, his code errors out, too. This makes me wonder if the plaintext method is no longer supported.

Can anyone comment on this? I don’t have a hash_hmac function in my library, but I can shell out to PHP if I need to… I’d rather not. is plaintext no longer an option? Did Twitter really feel the need to make their API even more difficult to use?


#2

We only support HMAC-SHA1-based signatures as it’s the best fit from both application & user identity standpoints. I don’t believe we’ve ever supported plaintext signatures as they are not suitable for identifying the validity of a request.