Why does this twitter oauth API token request fail

0
votes

[Note: all oauth tokens/secrets below were created randomly; they are NOT my actual tokens/secrets] 

 
curl -o /tmp/test.txt 'https://api.twitter.com/oauth/request_token?
oauth_timestamp=1345141469&
consumer_key=UEIUyoBjBRomdvrVcUTn&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC&oauth_nonce=1345141469&
consumer_secret=rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&
oauth_version=1%2e0&
oauth_signature_method=HMAC%2dSHA1&oauth_signature=H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM'

[I added newlines for clarity; actual command is one single line]

Assuming all the other data is valid, why does the command above yield "Failed to validate oauth signature and token" (even when I use my real data)?

In particular, is my signature "H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM" invalid, or am I doing something more fundamentally wrong.

The program I used to generate this: 


#!/bin/perl 
use Digest::SHA; 

%twitter_auth_hash = ( 
"oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC", 
"oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO", 
"consumer_key" => "UEIUyoBjBRomdvrVcUTn", 
"consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW" 
); 

# if uncommented, pull my actual data 
# require "bc-private.pl"; 

$twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1"; 
$twitter_auth_hash{"oauth_version"} = "1.0"; 
$twitter_auth_hash{"oauth_timestamp"} = time(); 
$twitter_auth_hash{"oauth_nonce"} = time(); 

for $i (keys %twitter_auth_hash) { 
  push(@str,"$i=".urlencode($twitter_auth_hash{$i})); 
} 

$str = join("&",@str); 

# thing to sign 
$url = "GET $str"; 

# signing it 
$sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO")); 

# full URL incl sig 
$furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig"; 
# system("curl -o /tmp/testing.txt '$furl'"); 


print "FURL: $furl\n"; 
print "STR: $str\n"; 
print "SIG: $sig\n"; 

sub urlencode { 
  my($str) = @_; 
  $str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg; 
  $str=~s/ /\+/isg; 
  return $str; 
}

Note: I realize there are many other possible reasons this is failing, but current question is: am I sending the parameters correctly and am I computing the signature correctly.

1
oauth

1 Answers

0
votes

Twitter asks that you do a POST for the request token.