I’m implementing Twitter Login for our website and I’m stuck at an early step: signing the request. Everything makes sense up to the point where “Creating the signature base string” ([Creating the signature base string documentation]) in the documentation.
Since the signature is IN the parameter string, how am I supposed to send the hash that includes it?
At any rate, my request looks something like this so far:
(with an empty POST body and the following Authorization header - line-feeds inserted for clarity):
OAuth oauth_callback=“http%3A%2F%2F – the callback url”,
oauth_signature=“Not sure what goes here”,
I understand from the documentation that I am to create a string that contains all the parameters, percent encode that, then run it through the HMAC-SHA1 hash algorithm using the ConsumerKey&ConsumerSecret percent encoding each side as the key. I’m just not sure what to send as the string to encode.
Do I just send all the other parameters (except for oauth_signature)? Do I run them all together separated by a comma/space? Is there some other separator? Do I include the quotes?
Guidance on the subject would be most appreciated.