Hi everyone,

I was using your lib to interact with the OAuth twitter API. I was successfull to request access token, security token... But once I had the access token, I was unable to interact with services that requires an Authentication: like this one http://dev.twitter.com/doc/get/account/verify_credentials I was always getting a "HTTP 401 Unauthorized - Invalid signature". I check here and there to find out a solution and I take a look to the abraham-twitteroauth lib to check out how he was doing. I finally found that his signature for his service call was generated with the token_secret (ie for Twitter oauth_token_secret). Sadly the method OAuthStore2Leg::getSecretsForSignature was never taking care of the token_secret parameter even if it is used in OAuthRequestSigner::sign to sign the request.

To resolve that, I create a class OAuthStoreMy2Leg with the following code : <?php require_once dirname(FILE) . '/OAuthStore2Leg.php';

class OAuthStoreMy2Leg extends OAuthStore2Leg {

protected $token_secret = '';

public function __construct( $options = array() ) {
    parent::__construct($options);
    if(isset($options['token_secret'])) {
        $this->token_secret = $options['token_secret'];              
    }
}

public function getSecretsForSignature ( $uri, $user_id ) {
    $list = parent::getSecretsForSignature( $uri, $user_id );
    if ($this->token_secret != "") {
        $list['token_secret'] = $this->token_secret;
    }
    return $list;
}

} ?>

And I use it like that : $opts = array('consumer_key' => 'xxxx', 'consumer_secret' => 'xxxx', 'token_secret' => 'xxxx'); OAuthStore::instance("My2Leg", $opts);

I would like to have your feedback on that to see if I am totally wrong (I'm pretty new with OAuth) or if it is a real feature and/or bug... If you need any more info, let me know.

Thanks a lot