tags:

views:

226

answers:

2
+1  Q: 

How to get request_token using OAuth with twitter

I am using the following method URI to request token from twitter.

Note: here new lines are just for display purpose only.

http://twitter.com/oauth/request_token?
oauth_consumer_key=9cS99b2406CUpATOeggeA&
oauth_signature_method=HMAC-SHA1&
oauth_signature=3e18bafc4c4fd6b23f988bcd1a8c0ab2d65db784
oauth_timestamp=1267523137&
oauth_nonce=56e66e9f8bd28b320f86a16407f9911d&
oauth_version=1.0&
oauth_callback=http://playground.com

But it gives error "Failed to validate oauth signature and token".

The base string I used to computer signature is as bellow:

GET&
http%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token&
oauth_consumer_key%3D9cS99b2406CUpATOeggeA%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1267523137%26
oauth_nonce%3D56e66e9f8bd28b320f86a16407f9911d%26
oauth_version%3D1.0%26
oauth_callback%3Dhttp%3A%2F%2Fplayground.com


Please correct me where am I making mistake.

+2  A: 

Your problem is with the order of the parameters. The parameters for the base string need to be in order. If they are out of order, it will give you that error.

So your base string should be this...

GET&
http%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token&
oauth_consumer_key%3D9cS99b2406CUpATOeggeA%26
oauth_nonce%3D56e66e9f8bd28b320f86a16407f9911d%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1267523137%26
oauth_version%3D1.0%26
oauth_callback%3Dhttp%3A%2F%2Fplayground.com

Notice that your "nonce" was not in the correct spot.

Also, normally, the "signature" parameter is appended to the end of the request URL.

http://oauth.net/core/1.0a/#anchor46

Appendix A.5.1

Eclipsed4utoo  2010-03-02 18:32:26
I am still getting the same error 'Failed to validate oauth signature and token'
Amit  2010-03-15 09:04:16
I believe the `oauth_callback` parameter should also be in the correct order. Also, when I mean correct order, these need to be in order when creating the signature. If you are still having an issue, edit your post and add your NEW base string so we can see what it is.
Eclipsed4utoo  2010-03-15 12:06:02
A: 

What Eclipsed4utoo said - though if you're still getting the error you should check that you've registered your application as being browser based (and specified a callback) in the Twitter dev admin pages.

If it's listed as a desktop app but you include &oauth_callback in calls you'll see the signature validation error you mention.

Euan  2010-09-18 10:14:20

related questions

What is the practical difference between xml, json, rss and atom when interfacing with Twitter?
Best way to poll a web service (eg, for a twitter app)
Can I suppress the browser’s login prompt on 401 response when using XmlHttpRequest with Twitter
Best Twitter PHP Library
What benefits does creating an API give to your service?
Large primary key: 1+ billion rows mySQL + InnoDB?
A little help with DOM manip and GreaseMonkey
OSS Twitter Clone written in .NET
An Easy Way to Consume a Twitter Search Feed With ASP.Net
Script to publish my SO Q's and A's on my twitter?
What Python tools can I use to interface with a website's API?
PHP app using Twitter API works on some accounts, not others
Consuming a REST service from WCF
Protecting user passwords in desktop applications (Rev 2)
Protecting user passwords in desktop applications
How can I use the Twitter Search API to return all tweets that match my search query, posted only within the last five seconds?
Good Programming Twitters
Does Twitter Help You Become a Better Developer or Distract You?
How do you write Valid XHTML 1.0 Strict code when you are using javascript to fill an element that requires a child?
What is search.twitter.com's "trending topics" algorithm?
Are there any MVC web frameworks that support multiple request types?
How do I get my Twitter feed to integrate with a blog (with individual comment threads)?
How can I integrate Laconica update stream into SharePoint?
if you reimplemented twitter, what would you do differently?
Two-way password encryption without ssl