Twitter, JavaScript & OAuth: failed to validate oauth signature and token_问答_开发者

Twitter, JavaScript & OAuth: failed to validate oauth signature and token

开发者 https://www.devze.com 2023-01-03 04:46 出处：网络

Im trying to implement OAuth using JavaScript, but when I make my request to http://api.twitter.com/oauth/request_token I am getting the above message in the response (\"failed to validate oauth signa

Im trying to implement OAuth using JavaScript, but when I make my request to http://api.twitter.com/oauth/request_token I am getting the above message in the response ("failed to validate oauth signature and token").

As far as I can tell I'm including all the correct parameters, both in the encoding of the signature base:

basestring: (consumer key removed for security)

POST&http%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token%26oauth_callback %3Doob%26oauth_consumer_key %3D11111111111111111111112222222222222%26oauth_nonce %3DO3cHsSXrf开发者_运维百科nzT%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1275928008%26oauth_version%3D1.0

consumer secret: (removed for security)

11111111111111111111112222222222222&

Signature:

R3eHMuQ04F37+xPJSIsoo0aMzc8

Post Data: (consumer key removed for security)

oauth_callback=oob&oauth_consumer_key=11111111111111111111112222222222222&oauth_signature_method=HMAC-SHA1&oauth_signature=pjDh8jkp89ThBtzzB9dQmxQfcg&oauth_timestamp=1275928413&oauth_nonce=qyq3Jhn8rtTZ&oauth_version=1.0

And I've checked that the clock is correct on my device as that's the only real result I can find for this problem :( The nonce is unique and generated every time it runs... Unfortunately I don't know where to look now. I can't spot anything obvious. I've re-written the entire request twice - once using the oauth.js library and once completely manually, but in both cases it fails with the same error!

Any suggestions?

Cheers

Perhaps the same as this question - which links to a discussin on twitter: apparently client side javascript with oob is not allowed!?!?

Your signature looks wrong, it should always end with a =. Here is an example of a valid one: "YEBbMFDYmp6DvZ3qW1aCx8q7kTc=". Your base string looks right, so I think you've made a mistake with your signature key.

In C#, here is how I built my signature key,

string signatureKey = Uri.EscapeDataString( consumer_secret ) + "&";

var hmacsha1 = new HMACSHA1( new ASCIIEncoding().GetBytes(signatureKey));

string signatureString = Convert.ToBase64String( hmacsha1.ComputeHash( new ASCIIEncoding().GetBytes( signatureBaseString ) ) );

string oauth_signature = signatureString;

More info on this process: https://www.dinochiesa.net/?p=17