401 error calling request_token


#1

I am attempting to generate a request token by POSTing to https://api.twitter.com/oauth/request_token, but I cannot seem to get any response
other than an http 401 error.

My Authorization: header looks like this:

Authorization: OAuth oauth_callback=“http%3A%2F%2Fwww.fogbeam.com%2Freturn”, oauth_consumer_key=“my_real_key_here”, oauth_nonce=“NzAxNDkxMzgyNDk1NTA3OTgwNA%3D%3D”, oauth_signature=“70c51lFod1QohZSChR%2FKHXOoryI%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1384064444657”, oauth_version=“1.0”

My base string looks like:

POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Fwww.fogbeam.com%252Freturn%26oauth_consumer_key%3DbwUbU865CNQtt2Xdb62FpQ%26oauth_nonce%3DNDg2MDcxMjgwMzE5ODM1NTgyMg%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1384064397537%26oauth_version%3D1.0

and passes the online validator I tested with, and generates what appears to be a valid value for the oauth_signature.

I am passing a Content-Length: header of “0”, and I’ve verified that the time on my machine isn’t off by any huge margin (not sure how much delta is allowed there however, so I’m open to the possibility that this might be related, but I’m doubtful)

If it matters, I’m doing this in Groovy, using HttpComponents HttpClient 4.3.

The one thing that seemed ambiguous to me, from the docs, was whether or not the oauth_callback key and value went in the base string that was used to generate the oauth_signature or not. But I’ve tried it both with and without, and neither one works, so I’m pretty much at my wits end now. Anybody have any idea how to get this to work?


#2

And your POST body is completely empty when you’re making the request? (Assuming by Content-Length: 0 it is). Are you setting an explicit Content-Type? What’s the specific message you’re getting back with the HTTP 401?

The oatuh_callback is indeed used as part of the OAuth signature basestring, you appear to have that bit correct here from what I can tell.