[twitter-dev] Re: oauth/request_token issue - 401 unauthorized

Tue, 27 Jul 2010 11:58:41 -0700 

Hi Taylor,
Thank you for your prompt reply.
Yes, I'm typically not sending oauth_callback in query string. I
adapted my example so that it produces exactly the same digest string
as tool on hueniverse.com site does.
If I remove these parameters from query string and add oauth_callback
to Authorization header,
then the request looks like:

        key=T5GW1w.....ez20Risxc&
        text=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Fx-
oauth-mobile-success%252F%26oauth_consumer_key%3Dg4kGtt9OflmGNGfEPQAaw
%26oauth_nonce%3D9373543318877%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1280253286%26oauth_version%3D1.0
        DIGEST=LXjNC7POr5UvNJkGY1n0kT0eoxI=

POST https://api.twitter.com/oauth/request_token
Authorization: OAuth realm="https://api.twitter.com/oauth/
request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280253286",
oauth_nonce="9373543318877", oauth_version="1.0", oauth_callback="http
%3A%2F%2Flocalhost%2Fx-oauth-mobile-success%2F",
oauth_signature="LXjNC7POr5UvNJkGY1n0kT0eoxI%3D"

but the the response is still
401 unauthorized
X-Transaction=1280253382-1460-49113
Failed to validate oauth signature and token


(I'm using temporary application and will reset its consumer secret
key shortly, so no need to worry. I'm just trying to provide as much
data as possible so that request could be validated if this could help
solving issue)


Any ideas?
Are there working Twitter apps currently which use OAuth?

Thanks a lot!

On Jul 27, 8:30 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Ivan,
>
> With OAuth you have to choose either to use header-based auth or
> query-string auth. Here you're doing both simultaneously. Your POST to
> api.twitter.com/oauth/request_token shouldn't include any of the oauth_*
> parameters. Also worth noting that the force_login=true parameter does not
> apply to the request token step and should be omitted.
>
> Hope this helps,
> Taylor
>
> On Tue, Jul 27, 2010 at 10:23 AM, ivan_m5 <i.mis...@gmail.com> wrote:
> > Hi everybody,
>
> > I have my own Objective-C OAuth library. It's working pretty well for
> > habrahabr.ru and hyves.nl currently.
> > But I'm unable to get it work with Twitter.
> > I've come across a lot of postings around here regarding users unable
> > to obtain temporary request token.
>
> > I've validated my request at
> >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> > and signature is calculated OK.
>
> > Here's my POST data (adapted so that I can validate request at the
> > page above):
>
> > POST
> >https://api.twitter.com/oauth/request_token?force_login=true&oauth_ca...
> > consumer_secret="T5GW1wAGewlFY9CIyYXmYvGApQQHM3cez20Risxc"
> > base_string=POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Frequest_token&force_login%3Dtrue%26oauth_callback%3Dhttp%253A%252F
> > %252Flocalhost%252Fx-oauth-mobile-success%252F%26oauth_consumer_key
> > %3Dg4kGtt9OflmGNGfEPQAaw%26oauth_nonce
> > %3D37071428662683%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1280250833%26oauth_token%3D%26oauth_version
> > %3D1.0
> > DIGEST=eZg+qEBXeFDSfFq6Chxyt9/3pvU=
>
> > And the header:
> > Authorization: OAuth realm="https://api.twitter.com/oauth/
> > request_token", oauth_consumer_key="g4kGtt9OflmGNGfEPQAaw",
> > oauth_token="", oauth_signature_method="HMAC-SHA1",
> > oauth_timestamp="1280250833", oauth_nonce="37071428662683",
> > oauth_version="1.0", oauth_signature="eZg%2BqEBXeFDSfFq6Chxyt9%2F3pvU
> > %3D"
>
> > And the response is:
> > =========================================
> > 401 unauthorized
> > Server=hi
> > Vary=Accept-Encoding
> > Last-Modified=Tue, 27 Jul 2010 17:15:31 GMT
> > Cache-Control=no-cache, no-store, must-revalidate, pre-check=0, post-
> > check=0
> > X-Revision=DEV
> > Status=401 Unauthorized
> > Date=Tue, 27 Jul 2010 17:15:31 GMT
> > Expires=Tue, 31 Mar 1981 05:00:00 GMT
> > Pragma=no-cache
> > X-Runtime=0.00686
> > X-Transaction=1280250931-50619-29066
> > Set-
>
> > Cookie=_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNrj5hQqASIKZmxhc2hJQzonQWN0aW9uQ29u
> > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWUx
> > %250ANTY3YmQ0MTdmOGY3ZDQxMWY1NDNjNDIzOThmNDRl--
> > eeba367f81559ae97d63fddfa8df09251ceab44f; domain=.twitter.com; path=/
> > Content-Encoding=gzip
> > Content-Length=62
> > Content-Type=text/html; charset=utf-8
> > Connection=close
>
> > Failed to validate oauth signature and token
> > =========================================
>
> > Are there issues on server-side? Thanks in advance.
>
>

Reply via email to