OAuth, 403 response error on request_token_问答_开发者

OAuth, 403 response error on request_token

开发者 https://www.devze.com 2023-03-12 20:16 出处：网络

Receiving http 403 response error when trying to get a request token. I\'ve checked my base string\'s singing process, and that\'s proper.If

Receiving http 403 response error when trying to get a request token.

I've checked my base string's singing process, and that's proper. If

I use the default keys on the Twitter dev site, it generates the same result as they list on the site, so i'm pretty sure that's okay.

Any insight would be much appreciated!

var reqURL = 'https://api.twitter.com/oauth/request_token';
var reqNonce = getNonce();      
var reqTimeStamp = getTimeStamp();  
var reqSignatureMethod = 'HMAC-SHA1';
var reqOauthVersion = '1.0';
var reqConsumerKey = 'ySBPkqxaRlheQKFwejMpqg';
var reqConsumerSecret = '______________&'  // note the & at the end..
var reqCallback = 'http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D11'
var reqQuery = 'oauth_callback=' + reqCallback + '&oauth_consumer_key=' + reqConsumerKey开发者_如何学运维 + '&oauth_nonce=' + reqNonce + '&oauth_signature_method=' + reqSignatureMethod + '&oauth_timestamp=' + reqTimeStamp + '&oauth_version=' + reqOauthVersion;
var reqBaseString = 'POST&' + reqURL + '&' + encodeURIComponent(reqQuery);
var reqSignature = b64_hmac_sha1(reqConsumerSecret, reqBaseString);
var reqSignature = reqSignature + '=';
var request = new XMLHttpRequest();
request.onreadystatechange = function(data) {
    if (request.readyState == 4) {

        // Good response, got the xml file
        if (request.status == 200) {
            alert ('good response');
        }
    }
};

// alert (reqURL);
// alert (reqBaseString);

var oauthParams = encodeURIComponent("OAuth oauth_callback=\"" + reqCallback + "\",oauth_consumer_key=\"" + reqConsumerKey + "\",oauth_nonce=\"" + reqNonce + "\",oauth_signature_method=\"" + reqSignatureMethod + "\",oauth_timestamp=\"" + reqTimeStamp + "\",oauth_version=\"1.0\",oauth_signature=\"" + reqSignature + "\"");

request.open("POST", reqURL, true);
request.setRequestHeader("Accept", "text/plain, */*");
request.setRequestHeader("Connection", "Keep-Alive");
request.setRequestHeader("Authorization", oauthParams);
request.send();

What I have found to be immensely helpful is to just get the raw HTTP request that does work with the Netflix OAuth Test that cnauroth suggested and then compare it to what you are sending with this code snippet here. OAuth is tricky and not fun so if you can just diff the two requests you should be able to find some improper encoding or a misplaced &.