Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
433 views
in Technique[技术] by (71.8m points)

jquery - Twitter OAuth authentication in javascript

I have looked everywhere for a good example of a JQuery ajax call to authenticate a use in Twitter using their OAuth method. I read the instructions several times and this is what I have so far, at the moment I am only trying to get the Oauth_Token to send the user to validate. I keep getting the error 401 unauthorized error. I have tried a few combinations changing the dataType and couple other things in the ajax call but no success. I believe that the "Create base signature and the Create signature from SHA1 encryption" is correct, but I could be wrong. If anyone has implement twitter OAuth in javascript successfully please let me know how. I am also not interested in using a third party API, I actually want to learn this. Thanks in advance for any help.

Twitter instructions http://dev.twitter.com/pages/auth

My code (Javascript)

    //Unix time
    var foo = new Date; // Generic JS date object
    var unixtime_ms = foo.getTime(); // Returns milliseconds since the epoch
    var unixtime = parseInt(unixtime_ms / 1000);

    var callBackURL = "oob"; //oob for now
    var nonce = "12342897";

    //Create Signature Base String using formula
    var baseSign = "POST" + "&" + encodeURIComponent("https://api.twitter.com/oauth/request_token").toString() + "&"
     + encodeURIComponent("oauth_callback") + "%3D" + encodeURIComponent(callBackURL)
     + "%26"
     + encodeURIComponent("oauth_consumer_key") + "%3D" + encodeURIComponent("*****consumer key**********")
     + "%26"
     + encodeURIComponent("oauth_nonce") + "%3D" + encodeURIComponent(nonce)
     + "%26"
     + encodeURIComponent("oauth_signature_method") + "%3D" + encodeURIComponent("HMAC-SHA1")
     + "%26"
     + encodeURIComponent("oauth_timestamp") + "%3D" + encodeURIComponent(unixtime)
     + "%26"
     + encodeURIComponent("oauth_version") + "%3D" + encodeURIComponent("1.0");

    //Create Signature, With consumer Secret key we sign the signature base string
    var signature = b64_hmac_sha1("********secrete key****************", baseSign);

    //Build headers from signature
    var jsonData = JSON.stringify({
        Authorization: {
            oauth_nonce: nonce,
            oauth_callback: encodeURIComponent(callBackURL),
            oauth_signature_method: "HMAC-SHA1",
            oauth_timestamp: unixtime,
            oauth_consumer_key: "**********consumer key*********",
            oauth_signature: signature,
            oauth_version: "1.0"
        }
    });

    //Request Access Token
    $.ajax({
        url: "http://api.twitter.com/oauth/request_token",
        type: "post",
        headers: jsonData,
        dataType: "jsonp",
        success: function (data) {
            alert(data);
        },
        error: function (data) {
            alert("Error");
        }

Here is the HTTP response

HTTP/1.1 401 Unauthorized
Date: Thu, 14 Jul 2011 21:05:55 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1310677555-60750-49846
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 14 Jul 2011 21:05:55 GMT
X-Runtime: 0.01152
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-MID: ffc990286a86b688f1e72ef733365926ea30ca62
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0, proxy-revalidate
Content-Length: 44
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Set-Cookie: lang=en; path=/
Set-Cookie: lang=en; path=/
Set-Cookie: _twitter_sess=BAh7DjoOcmV0dXJuX3RvIiJodHRwOi8vdHdpdHRlci5jb20vcGF1bF9pcmlz%250AaDoJdXNlcmkEl6phBDoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRs%250AKwgE9BTnMAE6B2lkIiU2MzBkYmJmNmY4YmRmY2E3NGI2NDRmZTFhNjZiNmU2%250ANToTc2hvd19oZWxwX2xpbmswOgxjc3JmX2lkIiUyODIzYWNlNmFjMzQ3OTk5%250AZDE5YmVlYmJlYzM4MTg0ZSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoTcGFzc3dvcmRfdG9rZW4i%250ALThkY2NlMmE1OTI5OWJmM2VjNDI4YWRiOTE0YTRmYzVjYzQwN2FkMmM%253D--22a361f562df3aa6991b81fff6f486086ab71f0e; 
domain=.twitter.com; 
path=/; HttpOnly
Proxy-support: Session-based-authentication
Age: 0

Failed to validate oauth signature and token
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I had exactly the same issue. After lose a few hours at the twitter developers page i found this:

https://dev.twitter.com/discussions/3454

Basicly you can't get the oauth_token this way on the client side. That's why you are always getting error 401.

There's a solution to avoid server side using the 'xauth' (https://dev.twitter.com/docs/oauth/xauth), but to do so you need to send a detailed message to api@twitter.com to request xAuth privileges.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...