Reputation: 17
What's the use of the oauth_token_secret in Twitter OAuth?
I followed the tutorial on https://dev.twitter.com/docs/auth/implementing-sign-twitter to use OAuth on my homepage. Everything worked and after the last step I have an oauth_token (after converting it to an access token) and an oauth_token_secret. Now I want to post a new status on twitter. So I did everything on this page https://dev.twitter.com/docs/auth/authorizing-request which is just a post request to /1/statuses/update.json. On that page nothing is said about the oauth_token_secret, so I haven't used it in my request and just have put the oauth_token in it. After submitting the post request twitter gives me the status code 401 Unauthorized. Why that? Do I have to use the oauth_token_secret somewhere?
Upvotes: 1
Views: 1378
Answers (1)
Reputation: 192467
The token secret is used to hash the signature base. Something like a password. You don't send the password, you use it to compute a secure hash of the thing the service sent to you. You send that secure hash, then the service checks that secure hash against the request you sent. If they match, you're authorized.
The gory details are described in the OAuth spec, RFC 5849.
Twitter uses OAuth1.0a, but is mostly consistent with that spec.
here's the relevant bit:
https://www.rfc-editor.org/rfc/rfc5849#section-3.4.2
Upvotes: 2
Related Questions
- How to get user Access Token and Access Secret with the Twitter API
- Twitter API request_token
- oauth_token and oauth_token_secret in a jwt
- Why twitter requires API key secret and Access Token Secret?
- How to obtain Twitter access token and secret on iOs?
- Need an OAuth token secret to get an OAuth token secret? What the heck?
- What is oauth_token_secret in Twitter OAuth
- What is a Facebook/Twitter OAuth token internally?
- How to use the user token/secret that I got from tmhOAuth?
- What is the purpose of having access token for server side?