- Home /
POST data via WWWForm is not working for Twitter OAuth process.
First, I'm not very familiar with web programming but will try my best to explain the issue.
Basically, I'm trying to get "request-token" from Twitter by following this doc: http://dev.twitter.com/pages/auth#request-token
Here is how I build WWWForm and pass it to WWW.
WWWForm form = new WWWForm(); form.AddField("Host", "api.twitter.com", Encoding.ASCII); form.AddField("Authorization", "OAuth realm=\"Twitter API\",oauth_consumer_key=\"lmlQeOdr4ScvXYOPg3roGg\",oauth_nonce=\"1E240\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1295947023\",oauth_version=\"1.0\",oauth_signature=\"mduLroP0fYadFiQljW6P6ueort0%3D\"", Encoding.ASCII);
WWW web = new WWW("https://api.twitter.com/oauth/request_token?oauth_callback=oob", form);
while (!web.isDone) { Debug.Log("Wait..."); } Debug.Log(web.text);
And I always get "Failed to validate oauth signature and token".
I thought it was probably because my authorization header was incorrect.
However, I've found that if I use Fiddler(http://www.fiddler2.com) and build a request with the exact same header, it goes through and Twitter responses with "request_token" instead of the error message.
Can anyone help me to find what I'm doing wrong here? Thanks!
p.s. Please do not just copy the code and run it. It wouldn't work as the authorization header has time-stamp and it's only valid for a certain period of time.
Answer by Bunny83 · Jan 25, 2011 at 10:49 AM
I don't use Twitter but i think you mixed post data with HTTP headers. Host and Authorization are HTTP header fields and should be included in the header and not in the request body as post data. WWWForm represents a html < form > and with AddField() you just add post data to the form. You need to setup your header. WWWForm.headers is what you need just check the script reference.
Look at WWWForm.headers(Unity) and maybe List of HTTP header fields(wikipedia)
Just another hint if you build for webplayer: "Note: The security sandbox present in web-player builds prevents you from accessing content not hosted the server where the webplayer is hosted."