0

Possible Duplicate:
another twitter oAuth cURL access token request that fails

The following code simply gives me:

Failed to validate oauth signature and token 

        // Set url
        $url = "http://api.twitter.com/oauth/request_token";

        // Params to pass to twitter and create signature
        $params['oauth_callback'] = "http://localhost/twitter/tweet/";
        $params['oauth_consumer_key'] = $this->consumerKey;
        $params['oauth_nonce'] = SHA1(time());
        $params['oauth_timestamp'] = time();
        $params['oauth_signature_method'] = $this->signatureMethod;
        $params['oauth_version'] = $this->version;
        ksort($params);

        // Signing
            // Concatenating
            $concatenatedParams = '';
            foreach($params as $k => $v)
            {
              $k = urlencode($k);
              $v = urlencode($v);
              $concatenatedParams .= "{$k}={$v}&";
            }
            $concatenatedParams = urlencode(substr($concatenatedParams,0,-1));

            $signatureBaseString = "POST&".urlencode($url)."&".$concatenatedParams;         
            $base64Hashmac = base64_encode( hash_hmac('sha1', $signatureBaseString, $this->secret."&", true) );
            $params['oauth_signature'] = urlencode($base64Hashmac);


        // Do cURL
        $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
            curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
            curl_setopt($ch, CURLOPT_POST, 1);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,1);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
            $exec = curl_exec ($ch);
            $info = curl_getinfo($ch);
        curl_close ($ch);

        print $exec;

Below is the info printed out from curls $info ...

Array
(
    [url] => http://api.twitter.com/oauth/request_token
    [content_type] => text/html; charset=utf-8
    [http_code] => 401
    [header_size] => 919
    [request_size] => 181
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 1.176
    [namelookup_time] => 0
    [connect_time] => 0.127
    [pretransfer_time] => 0.127
    [size_upload] => 934
    [size_download] => 44
    [speed_download] => 37
    [speed_upload] => 794
    [download_content_length] => 44
    [upload_content_length] => 934
    [starttransfer_time] => 0.127
    [redirect_time] => 0
    [request_header] => POST /oauth/request_token HTTP/1.1
Host: api.twitter.com
Accept: */*
Content-Length: 934
Content-Type: multipart/form-data; boundary=----------------------------7465678a46cc
)
Improve this question
0

1 Answer 1

Reset to default
1

You might want to specify exactly how it isn't working, things can "not work" in a large number of different ways. Are you getting error results? What are they, and from which calls? Is any particular step failing?

To start with, you can't use "localhost" address as a callback URL, if the twitter server connects to "localhost" it would just be connecting to itself, not to you.

Also the way you're building $concatenatedParams leaves your $signatureBaseString only partly URL-encoded. Instead of using "{$k}%3D{$v}%26" use = and & normally, and then urlencode the final completed $concatenatedParams when you add it to $signatureBaseString.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

$concatenatedParams .= "{$k}%3D{$v}%26"; should complete the url encoding but I gave it a try and it still fails.
Ive updated the code as per your suggestion -> but not luck hey.
After being base64 encoded, the hash_hmac must also be url encoded before it is assigned to the oauth_signature parameter, I can't tell if that's happening inside base64_encode.
not its not but have updated to do so. no luck, same error.
You might want to try using GET and sending the oauth parameters as an Authorization: header, as recommended on Twitter's website: dev.twitter.com/pages/auth#at-twitter
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.