I'm working through Twitter's Creating a Signature Doc.
I've taken the example signature base string, and the example signing key, and passed it to the hash_hmac function, as recommended in the doc:
$sig_base_str = 'POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.json&include_entities%3Dtrue%26oauth_consumer_key%3Dxvz1evFS4wEEPTGEFPHBog%26oauth_nonce%3DkYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1318622958%26oauth_token%3D370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb%26oauth_version%3D1.0%26status%3DHello%2520Ladies%2520%252B%2520Gentlemen%252C%2520a%2520signed%2520OAuth%2520request%2521';
$sig_key = 'kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw&LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE';
$sha = hash_hmac('sha1', $sig_base_str, $sig_key);
$sha = strtoupper($sha);
$output = str_split($sha,2);
$output = implode(' ',$output);
echo $output;
This gives me the exact same binary as in the example: B6 79 C0 AF 18 F4 E9 C5 87 AB 8E 20 0A CD 4E 48 A9 3F 8C B6
.
Now, the doc says to convert it to base64. I believe that I can use PHP's base64_encode()
function:
$sha = hash_hmac('sha1', $sig_base_str, $sig_key);
echo base64_encode($sha);
But this gives me an incorrect value for my OAuth_signature:
YjY3OWMwYWYxOGY0ZTljNTg3YWI4ZTIwMGFjZDRlNDhhOTNmOGNiNg==
View http://ideone.com/Bu0CZi to see the function in action.
What am I doing wrong? Note, that I've also tried to convert to uppercase and include spaces before the base64_encode()
function. I've been having troubles using Twitter API, and I think it's because I can't get the signature correct, even in the examples in the docs.