401 on reverse oauth request


#1

I get a 401. I’m trying to sign in on iOS when the user doesn’t have a logged-in Twitter account already. I used the following code to generate the Authorization header, which looks like this: OAuth oauth_timestamp="1376639141", oauth_nonce="BB2D2634F3-99A5-4B64-8CB34E-2314CE9E4FD7", oauth_version="1.0", oauth_consumer_key="mrcD8LuSNKJKFAchKHYi2yY2qwh5tcFMdAs", x_auth_mode="reverse_auth", oauth_signature_method="HMAC-SHA1", oauth_signature="moer8H7xzluAdoAAAFZpv6n4noeu%3D"

NSString *OAuthorizationHeader(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret, NSString *_authMode)
{
    NSString *_oAuthNonce = [NSString ab_GUID];
    NSString *_oAuthTimestamp = [NSString stringWithFormat:@"%d", (int)[[NSDate date] timeIntervalSince1970]];
    NSString *_oAuthSignatureMethod = @"HMAC-SHA1";
    NSString *_oAuthVersion = @"1.0";

    NSMutableDictionary *oAuthAuthorizationParameters = [NSMutableDictionary dictionary];
    oAuthAuthorizationParameters[@"oauth_nonce"] = _oAuthNonce;
    oAuthAuthorizationParameters[@"oauth_timestamp"] = _oAuthTimestamp;
    oAuthAuthorizationParameters[@"oauth_signature_method"] = _oAuthSignatureMethod;
    oAuthAuthorizationParameters[@"oauth_version"] = _oAuthVersion;
    oAuthAuthorizationParameters[@"oauth_consumer_key"] = _oAuthConsumerKey;
    if (_oAuthToken)
        oAuthAuthorizationParameters[@"oauth_token"] = _oAuthToken;
    if (_authMode) {
        oAuthAuthorizationParameters[@"x_auth_mode"] = _authMode;
    }
    

    // get query and body parameters
    NSDictionary *additionalQueryParameters = [NSURL ab_parseURLQueryString:[url query]];
    NSDictionary *additionalBodyParameters = nil;
    if(body) {
        NSString *string = [[[NSString alloc] initWithData:body encoding:NSUTF8StringEncoding] autorelease];
        if(string) {
            additionalBodyParameters = [NSURL ab_parseURLQueryString:string];
        }
    }

    // combine all parameters
    NSMutableDictionary *parameters = [[oAuthAuthorizationParameters mutableCopy] autorelease];
    if(additionalQueryParameters) [parameters addEntriesFromDictionary:additionalQueryParameters];
    if(additionalBodyParameters) [parameters addEntriesFromDictionary:additionalBodyParameters];

    // -> UTF-8 -> RFC3986
    NSMutableDictionary *encodedParameters = [NSMutableDictionary dictionary];
    for(NSString *key in parameters) {
        NSString *value = parameters[key];
        encodedParameters[[key ab_RFC3986EncodedString]] = [value ab_RFC3986EncodedString];
    }

    NSArray *sortedKeys = [[encodedParameters allKeys] sortedArrayUsingFunction:SortParameter context:encodedParameters];

    NSMutableArray *parameterArray = [NSMutableArray array];
    for(NSString *key in sortedKeys) {
        [parameterArray addObject:[NSString stringWithFormat:@"%@=%@", key, encodedParameters[key]]];
    }
    NSString *normalizedParameterString = [parameterArray componentsJoinedByString:@"&"];

    NSString *normalizedURLString = [NSString stringWithFormat:@"%@://%@%@", [url scheme], [url host], [url path]];

    NSString *signatureBaseString = [NSString stringWithFormat:@"%@&%@&%@",
                                     [method ab_RFC3986EncodedString],
                                     [normalizedURLString ab_RFC3986EncodedString],
                                     [normalizedParameterString ab_RFC3986EncodedString]];

    NSString *key = [NSString stringWithFormat:@"%@&%@",
                     [_oAuthConsumerSecret ab_RFC3986EncodedString],
                     (_oAuthTokenSecret) ? [_oAuthTokenSecret ab_RFC3986EncodedString] : @""];

    NSData *signature = HMAC_SHA1(signatureBaseString, key);
    NSString *base64Signature = [signature base64EncodedString];

    NSMutableDictionary *authorizationHeaderDictionary = [[oAuthAuthorizationParameters mutableCopy] autorelease];
    authorizationHeaderDictionary[@"oauth_signature"] = base64Signature;

    NSMutableArray *authorizationHeaderItems = [NSMutableArray array];
    for(NSString *key in authorizationHeaderDictionary) {
        NSString *value = authorizationHeaderDictionary[key];
        [authorizationHeaderItems addObject:[NSString stringWithFormat:@"%@=\"%@\"",
                                             [key ab_RFC3986EncodedString],
                                             [value ab_RFC3986EncodedString]]];
    }

    NSString *authorizationHeaderString = [authorizationHeaderItems componentsJoinedByString:@", "];

    authorizationHeaderString = [NSString stringWithFormat:@"OAuth %@", authorizationHeaderString];

    return authorizationHeaderString;
}

The parameters I pass in to this method are
`url`: https://api.twitter.com/oauth/request_token, `method`: POST, `body`: nil, `oAuthConsumerToken`: my key, `oAuthConsumerSecret`: my secret, `oAuthToken`:nil,`oAuthTokenSecret`:nil, `x_auth_mode`:`reverse_auth`;