401 Authorization Required


#1

I am doing PIN based Authentication. I have successfully got the oauth_token and oauth_token_secret on /oauth/request_token call.
However after receiving the PIN from the user , i am making a call to oauth/access_token with a POST method. But I am receiving 401 Authorization Required error. What am i doing wrong here?

Attached is the image for the Header which i am sending.
Consumer Key & Token has been hidden due to security concern.


#2

I’m having a similar problem. I get all the way through the authorization sequence with the user logged in and I have their authorization token, but when I try to call an api (even a get), I get a 401 error… Maybe the header has to be created differently for api calls?

HELP!?!


#3

Found my issue: the Key passed to the hashing algorithm for user calls have to include both the application secret and the user’s token secret (retrieved with the request_token call)…

So, in my case:
strSignKey = TwitterEncode(Uri.EscapeDataString(strApplicationSecret) + “&” + Uri.EscapeDataString(strTokenSecret));

For the call to request_token, you only need the application secret (followed by “&”) in the sign key.

Hope this helps,
Owen


#4

Thank you for the Reply, i did try with the token secret which request_token call returns.
However i have not been able to succeed and i still get the same 401 error.
Can you tell me how your header looks like and whats the base string for generating the signature?
Probably the signature might be wrong , but shouldn’t it give some different error when the signature is not correct. Something like ‘Invalid Signature’ ??


#5

Twitter’s error messages have been most UN-helpful in my experience: you get 401 for just about anything that is wrong.

The base string looks like this (secrets modified):
GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Faccount%2Fverify_credentials.json&oauth_consumer_key%3D[app-key]%26oauth_nonce%3DMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAw%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1428074015%26oauth_token%3D[user-token]%26oauth_version%3D1.0

The authorization header looks like this (secrets modified):
OAuth realm=“twitter.com”,oauth_consumer_key="[app-key]",oauth_nonce=“MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAw”,oauth_signature="[generated signature]",oauth_signature_method=“HMAC-SHA1”,oauth_timestamp=“1428074015”,oauth_token="[user-token]",oauth_version=“1.0”

Hope this helps.

–Owen