I hope someone can help me? I am stuck within the same problem.
This is my request:
Request parameters -
The server response (including headers):
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Tue, 12 Mar 2013 07:53:00 GMT
Set-Cookie: guest_id=v1%3A136307478028373239; Domain=.twitter.com; Path=/; Expires=Thu, 12-Mar-2015 07:53:00 UTC
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Status: 401 Unauthorized
Date: Tue, 12 Mar 2013 07:53:00 GMT
Content-Type: text/html; charset=utf-8
Protocol version: 1.1
Status line: 401 Unauthorized
Failed to validate oauth signature and token
I checked my timestamp; it is in GMT and around 5 seconds smaller than the timestamp generated by the server (including connection latency). I’m living in germany, but submitting a GMT timestamp is correct, isn’t it?
I checked the implementation of my key & signature algorithm by Twitter’s tutorial and the examples given @ http://hueniverse.com/oauth/guide/authentication/ . It seems to work correctly…
I did not include a token at the end, but I was appending an “&”.
This is what my unencrypted signature looks like:
I am developing in Java without former twitter/oauth libraries (not applicable for my situation). I would love to see a working signature example in Java… I could also provide the application keys & secrets (that will be resetted after that, of course) to let you check on my signature algorithm.
One question: Does the key have to be URLEncoded (percentage encoded) before using it to encrypt the signature?
You may find my javacode to generate the signature over here: http://paste.ubuntu.com/5607153/
(EncodeUtil.encodePercentage works, that’s for sure; EncryptionUtil.encryptHmacSHA1 works, too, I checked that with sample data and got the correct output)