[Note: all oauth tokens/secrets below were created randomly; they are NOT my actual tokens/secrets]
curl -o /tmp/test.txt 'https://api.twitter.com/oauth/request_token?
oauth_timestamp=1345141469&
consumer_key=UEIUyoBjBRomdvrVcUTn&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC&oauth_nonce=1345141469&
consumer_secret=rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&
oauth_version=1%2e0&
oauth_signature_method=HMAC%2dSHA1&oauth_signature=H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM'
[I added newlines for clarity; actual command is one single line]
Assuming all the other data is valid, why does the command above yield "Failed to validate oauth signature and token" (even when I use my real data)?
In particular, is my signature "H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM" invalid, or am I doing something more fundamentally wrong.
The program I used to generate this:
#!/bin/perl use Digest::SHA; %twitter_auth_hash = ( "oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC", "oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO", "consumer_key" => "UEIUyoBjBRomdvrVcUTn", "consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW" ); # if uncommented, pull my actual data # require "bc-private.pl"; $twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1"; $twitter_auth_hash{"oauth_version"} = "1.0"; $twitter_auth_hash{"oauth_timestamp"} = time(); $twitter_auth_hash{"oauth_nonce"} = time(); for $i (keys %twitter_auth_hash) { push(@str,"$i=".urlencode($twitter_auth_hash{$i})); } $str = join("&",@str); # thing to sign $url = "GET $str"; # signing it $sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO")); # full URL incl sig $furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig"; # system("curl -o /tmp/testing.txt '$furl'"); print "FURL: $furl\n"; print "STR: $str\n"; print "SIG: $sig\n"; sub urlencode { my($str) = @_; $str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg; $str=~s/ /\+/isg; return $str; }
Note: I realize there are many other possible reasons this is failing, but current question is: am I sending the parameters correctly and am I computing the signature correctly.