Still receicing 401 Unauthorized after verifying signature and timestamp


#1

I’m still receiving 401 Unauthorized when attempting to hit the streaming api.

I’ve verified that the signature process I’m using works by hard coding nonce/timestamp values from the Oauth Tool and running my app.

I’ve checked and my system is about 22 seconds behind twitter. So I’m making a call to “http://api.twitter.com/1/help/test.json” and using the Date header for my timestamp creation.

Here is my base string:
POST&https%3A%2F%2Fstream.twitter.com%2F1%2Fstatuses%2Ffilter.json&oauth_consumer_key%3DzMNH25PFowKBtW5S3ZEJ4g%26oauth_nonce%3DNjM1MDA2MDIxMjE1MjgyNTYw%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1365023344%26oauth_token%3D19578694-aeDrYV4CLbnZH22Dk5KgTM8XqjJHIFAgLEV4mlVsE%26oauth_version%3D1.0%26track%3Dgod

And here are my auth headers:

Authorization OAuth 
oauth_consumer_key="blah", 
oauth_nonce="NjM1MDA2MDIxOTg0NzUwODEx", 
oauth_signature="vCjsekueKHN3c0G7hamLG%2FoDhPg%3D", 
oauth_signature_method="HMAC-SHA1",
 oauth_timestamp="1365023421", 
oauth_token="TOKEN", 
oauth_version="1.0"

Does anyone see anything wrong with what I’m doing here?


#2

Hi, I looked at our logs and it appears that you were getting a few timestamp notices but are mostly getting “bad signature” responses at this point. Since the signature appears correct (and you verified your generation code against the OAuth tool), double check that you’re sending the request with the same exact parameters as you signed.

For example, if your query is in the POST body, then you would need to make sure that you send the ‘Content-Type: application/x-www-form-urlencoded’ header for the service to be able to parse those values. You may also try to sign a simple parameterless GET request and work from there to try and identify where the issue may be with actually sending the HTTP request over the wire.