401 - Could not authenticate you - code 32


#1

Requesting user data using users show is non-functional. Keeps returning 401 response code informing me it can not authenticate with code 32. Below is the entire request data (don’t care about keys, will regenerate when done).

Twitter ID:
string ‘61208142’ (length=8)

Session:
array
’user_id’ => string ‘61208142’ (length=8)
‘access_token’ => string ‘61208142-18vF52Unl1jLGYAIsIdgnD7YWwdyrdwUNXZmpwxxu’ (length=50)
‘raw’ => string ‘{“oauth_token”:“61208142-18vF52Unl1jLGYAIsIdgnD7YWwdyrdwUNXZmpwxxu”,“oauth_token_secret”:“YrKVaKZSQGUZZv57XjGbDYlxjJj5Km3nKy5elpx4”,“user_id”:“61208142”,“screen_name”:“krileon”}’ (length=177)
‘signature’ => string ‘e6d4581cffd330cbcf5a22965fb3f4c2’ (length=32)

Base:
string ‘GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fusers%2Fshow.json&oauth_nonce%3D917fac6b5f69b5293d88b4b85d52f62a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1362775558%26oauth_consumer_key%3DRFr6U9avTvMIqe8AIlbJxw%26oauth_version%3D1.0%26oauth_token%3D61208142-18vF52Unl1jLGYAIsIdgnD7YWwdyrdwUNXZmpwxxu%26user_id%3D61208142’ (length=330)

Signature:
string ‘YrKVaKZSQGUZZv57XjGbDYlxjJj5Km3nKy5elpx4’ (length=40)

Request before sort and user_id removal for authorization header:
array
’oauth_consumer_key’ => string ‘RFr6U9avTvMIqe8AIlbJxw’ (length=22)
‘oauth_nonce’ => string ‘917fac6b5f69b5293d88b4b85d52f62a’ (length=32)
‘oauth_signature_method’ => string ‘HMAC-SHA1’ (length=9)
‘oauth_timestamp’ => int 1362775558
’oauth_token’ => string ‘61208142-18vF52Unl1jLGYAIsIdgnD7YWwdyrdwUNXZmpwxxu’ (length=50)
‘oauth_version’ => string ‘1.0’ (length=3)
‘user_id’ => string ‘61208142’ (length=8)
‘oauth_signature’ => string ‘qqnoBrm3LyvWYCeUCKYhtvaTyho=’ (length=28)

Authorization header array:
array
’oauth_consumer_key’ => string ‘RFr6U9avTvMIqe8AIlbJxw’ (length=22)
‘oauth_nonce’ => string ‘917fac6b5f69b5293d88b4b85d52f62a’ (length=32)
‘oauth_signature’ => string ‘qqnoBrm3LyvWYCeUCKYhtvaTyho=’ (length=28)
‘oauth_signature_method’ => string ‘HMAC-SHA1’ (length=9)
‘oauth_timestamp’ => int 1362775558
’oauth_token’ => string ‘61208142-18vF52Unl1jLGYAIsIdgnD7YWwdyrdwUNXZmpwxxu’ (length=50)
‘oauth_version’ => string ‘1.0’ (length=3)

Authorization header:
string ‘Authorization: OAuth oauth_consumer_key=“RFr6U9avTvMIqe8AIlbJxw”, oauth_nonce=“917fac6b5f69b5293d88b4b85d52f62a”, oauth_signature=“qqnoBrm3LyvWYCeUCKYhtvaTyho%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1362775558”, oauth_token=“61208142-18vF52Unl1jLGYAIsIdgnD7YWwdyrdwUNXZmpwxxu”, oauth_version=“1.0”’ (length=315)

Response:
array
’http_code’ => int 401
’results’ => string ‘{“errors”:[{“message”:“Could not authenticate you”,“code”:32}]}’ (length=63)
‘error’ => string ‘’ (length=0)
‘headers’ =>
array
’Content-Type’ => string ‘application/json; charset=utf-8’ (length=31)
‘Content-Length’ => string ‘63’ (length=2)
‘Date’ => string ‘Fri, 08 Mar 2013 20:45:14 UTC’ (length=29)
‘Server’ => string ‘tfe’ (length=3)
‘Set-Cookie’ => string ‘guest_id=v1%3A136277551460377123; Domain=.twitter.com; Path=/; Expires=Sun, 08-Mar-2015 20:45:14 UTC’ (length=100)

Any idea what’s wrong? Strange thing is it worked earlier today and now it does not (no changes to usage). I am able to authenticate perfectly fine.


#2

This would be massively easier to debug if these errors would actually tell you what’s wrong. Just tell us what is screwed up, what Twitter expected, etc… this error isn’t specific enough and I have no idea what I am doing wrong. I’ve signed the request in accordance to oAuth1.0a, documentation, and feedback here. Does anyone know what’s going on? Is this an issue on Twitters end?


#3

Was able to get a CURL GET request to the following URL working fine.

https://api.twitter.com/1/users/show.json?user_id=ID_HERE

All 1.1 usages fail to work. So guess will continue using the above until the 1.1 usage actually works and documentation for proper headers is provided (please stop assuming everyone wants to use a 3rd part library; I do NOT want to depend on other peoples code).


#4

The endpoint https://api.twitter.com/1.1/account/verify_credentials.json appears to be working with the exact same usage as what I am using for https://dev.twitter.com/docs/api/1.1/get/users/show with user_id parameter omitted. So this seams to be a problem on Twitters end perhaps? Can I get some official help on this please?


#5

Success! Finally got it working. You need to create the base with user_id or user_name and leave the URL without it. However, when you go to do the CURL GET request you need to append the parameters to the URL again (do not use CURLOPT_POSTFIELDS) and send the header with it. Was able to get a successful response. Do not include the parameters in the authorization header though; only in the base and only in the final URL you’re sending the GET to.


#6

@krileon kyle could you be more specified ?
I have actually the same problem with these curlopt methods. My result ->

object(stdClass)#2 (1) {
[“errors”]=>
array(1) {
[0]=>
object(stdClass)#3 (2) {
[“message”]=>
string(26) “Could not authenticate you”
[“code”]=>
int(32)
}
}
}


#7

@krileon kyle could you be more specified ?
I have actually the same problem with these curlopt methods. My result ->

object(stdClass)#2 (1) {
[“errors”]=>
array(1) {
[0]=>
object(stdClass)#3 (2) {
[“message”]=>
string(26) “Could not authenticate you”
[“code”]=>
int(32)
}
}
}


#8

When creating your base for establishing the signature ensure the URL is https://api.twitter.com/1.1/users/show.json (no parameters). Next ensure the base array that you’ll parse though includes “user_id” or “screen_name”. When you finally are about to make the GET http request ensure the URL is https://api.twitter.com/1.1/users/show.json?user_id=ID (or screen_name). Make sure your CURL usage has CURLINFO_HEADER_OUT set then dump curl_getinfo( $ch, CURLINFO_HEADER_OUT ) so you can see how your header is constructed and sent. If it’s sent as POST it will fail with that generic error, etc…


#9

There’s a pretty good answer on stackoverflow here:

(Look at the answer below the accepted answer to see how to handle query strings)


#10

My base is

GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fusers%2Fshow.json&oauth_consumer_key%3DKgHKaW8VS9lIQfBFKcU1A8N9w2fut9xfeCg02gUYrU%26oauth_nonce%3DNoXtAn9EdZOC6HGHTN1QqP7cWG6RmKuYaORWQpY6%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1371189051%26oauth_token%3D128156112-rRmv7rFNVnTW9SUouWLtcXANDmZytDbjxQsSOmzs%26oauth_version%3D1.0%26user_id%3D128156112

url - https://api.twitter.com/1.1/users/show.json?user_id=128156112

headers

GET /1.1/users/show.json?user_id=128156112 HTTP/1.1
Host: api.twitter.com
Accept: /
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Authorization: OAuth oauth_token=“128156112-rRmv7rFNVnTW9SUouWLtcXANDmZytDbjxQsSOmzs”, oauth_consumer_key=“KgHKaW8VS9lIQfBFKcU1A8N9w2fut9xfeCg02gUYrU”, oauth_timestamp=“1371190203”, oauth_version=“1.0”, oauth_nonce=“Dd2k59VExxCh5AlslaIjMDIcbRnz1Q5TCYy3lS1y”, oauth_signature_method=“HMAC-SHA1”, oauth_signature=“06xcsTpW5sPl9k81Ti5e%2FFtQR8g%3D”

but I still get the error (but I still get the error). Please help.


#11

i too getting the 401 error on home time line functionality while request the api url. i am passing all above same proper parameters in headers.


#12

i am recieving the same error, but everything looks right to me. any help here?

function buildBaseString($baseURI, $method, $params) { $r = array(); ksort($params); foreach($params as $key=>$value){ $r[] = "$key=" . rawurlencode($value); } return $method."&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $r)); }

function buildAuthorizationHeader($oauth) {
$r = 'Authorization: OAuth ‘;
$values = array();
foreach($oauth as $key=>$value)
$values[] = “$key=”" . rawurlencode($value) . “”";
$r .= implode(’, ', $values);
return $r;
}

$url = “https://api.twitter.com/1.1/search/tweets.json?q=%23WoW”;

$oauth_access_token = “77310635-nBvzZEZvlWs71r48jJnlItzvnY2ynSMjrLZXuw”;
$oauth_access_token_secret = “SO7gJodfdLRLVxu0xBODIH8ybBo0JIeoZ7rqQs5YaU”;
$consumer_key = “9BNfpju9WKGtAvpmhHXA”;
$consumer_secret = “wPYHW9CRavGSuY3pjPDB4z6tEEJgcT0zgSEo2ighbAo”;

$oauth = array( ‘oauth_consumer_key’ => $consumer_key,
‘oauth_nonce’ => time(),
‘oauth_signature_method’ => ‘HMAC-SHA1’,
‘oauth_token’ => $oauth_access_token,
‘oauth_timestamp’ => time(),
‘oauth_version’ => ‘1.0’);

$base_info = buildBaseString($url, ‘GET’, $oauth);
$composite_key = rawurlencode($consumer_secret) . ‘&’ . rawurlencode($oauth_access_token_secret);
$oauth_signature = base64_encode(hash_hmac(‘sha1’, $base_info, $composite_key, true));
$oauth[‘oauth_signature’] = $oauth_signature;

// Make Requests
$header = array(buildAuthorizationHeader($oauth), ‘Expect:’);
$options = array( CURLOPT_HTTPHEADER => $header,
//CURLOPT_POSTFIELDS => $postfields,
CURLOPT_HEADER => false,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false);

$feed = curl_init();
curl_setopt_array($feed, $options);
$json = curl_exec($feed);
curl_close($feed);

$twitter_data = json_decode($json);
var_dump($twitter_data);


#13

Brilliant work! Without your post I wouldn’t be a able to solve this problem. Thank you!


#14

I solved my problem by paying very close attention to the way I was sending my POST data.

My authorization header was correct, but I was not encoding the values that were sent as POST data, nor was I appending the keys + values into one huge string (for PHP, this string is what is sent as CURLOPT_POSTFIELDS before the cURL is executed.)