401 Failed to validate oauth signature and token - help me I read every existing thread


#1

Hi there

I’m trying to develop a php-application with a twitter login button.
I fail if I try to get a request_token from twitter.

After I failed with the tmhOAuth Library I tried by console curl-command (generated with twitter’s oauth tool):
curl --request ‘POST’ ‘https://api.twitter.com/oauth/request_token’ --header ‘Authorization: OAuth oauth_consumer_key=“FQTd…NA”, oauth_nonce=“b8f229…2aa1c”, oauth_signature=“HYgqwk5qmLQF5eL7FCz7qQhUp7A%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1356862800”, oauth_version=“1.0”’ --verbose

I get this output:

  • About to connect() to api.twitter.com port 443 (#0)

  • Trying 199.59.150.41…

  • connected

  • Connected to api.twitter.com (199.59.150.41) port 443 (#0)

  • SSLv3, TLS handshake, Client hello (1):

  • SSLv3, TLS handshake, Server hello (2):

  • SSLv3, TLS handshake, CERT (11):

  • SSLv3, TLS handshake, Server finished (14):

  • SSLv3, TLS handshake, Client key exchange (16):

  • SSLv3, TLS change cipher, Client hello (1):

  • SSLv3, TLS handshake, Finished (20):

  • SSLv3, TLS change cipher, Client hello (1):

  • SSLv3, TLS handshake, Finished (20):

  • SSL connection using RC4-SHA

  • Server certificate:

  • subject: C=US; ST=California; L=San Francisco; O=Twitter, Inc.; OU=Twitter Security; CN=api.twitter.com

  • start date: 2012-05-02 00:00:00 GMT

  • expire date: 2013-05-03 23:59:59 GMT

  • subjectAltName: api.twitter.com matched

  • issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa ©09; CN=VeriSign Class 3 Secure Server CA - G2

  • SSL certificate verify ok.

POST /oauth/request_token HTTP/1.1
User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
Host: api.twitter.com
Accept: /
Authorization: OAuth oauth_consumer_key="…", oauth_nonce="…", oauth_signature=“HYgqwk5qmLQF5eL7FCz7qQhUp7A%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1356862800”, oauth_version=“1.0”

< HTTP/1.1 401 Unauthorized
< Date: Sun, 30 Dec 2012 10:19:55 GMT
< Status: 401 Unauthorized
< Content-Length: 44
< X-MID: e122d060851664ff1bd0bf037c2614af227da5ee
< X-Transaction: 0b126dc23cb7b7e9
< X-Runtime: 0.01980
< Pragma: no-cache
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< X-Frame-Options: SAMEORIGIN
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< Content-Type: text/html; charset=utf-8
< Last-Modified: Sun, 30 Dec 2012 10:19:55 GMT
< Set-Cookie: k=10.35.31.123.1356862795585986; path=/; expires=Sun, 06-Jan-13 10:19:55 GMT; domain=.twitter.com
< Set-Cookie: guest_id=v1%3A135686279559754029; domain=.twitter.com; path=/; expires=Tue, 30-Dec-2014 22:19:55 GMT
< Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCE4vU%252Bs7AToHaWQiJWZkM2I4YzliNThkYTEy%250AYmUwMTlhZTNhOTJkNWJmYjY1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–61f0cd53b961f691f248f363399af0d795543701; domain=.twitter.com; path=/; HttpOnly
< Vary: Accept-Encoding
< Server: tfe
<

  • Connection #0 to host api.twitter.com left intact
    Failed to validate oauth signature and token* Closing connection #0
  • SSLv3, TLS alert, Client hello (1):

I checked the time and the customer-key and customer-secret. Everythings fine.
I also changed the permissions for the app… I changed it to "Read & Write"
So I don’t know where the problem is.

I hope you can help me.

I just have this code:
$tmhOAuth = new \tmhOAuth(array(
‘consumer_key’ => ‘…’,
‘consumer_secret’ => ‘…’,
));
$tmhOAuth->request(‘POST’,$tmhOAuth->url(‘oauth/request_token’,""),array(‘oauth_callback’ => \tmhUtilities::php_self()));
$result = $tmhOAuth->extract_params($tmhOAuth->response[‘response’]);


#2

I solved it.
It was because I tested on local server with url like: http://srv01-…dev


#3

So, what was the issue? Was it in your Settings?