401 Unauthorized (Failed to validate oauth signature and token* Closing connection #0) when requesting access token


#1

Hello!

I’ve been attempting to solve this for days, and there are tons of these questions out there, but I have yet to find an answer solving the problem for me.

However I perform the request to get an access token, I get 401 Unauthorized with message Failed to validate oauth signature and token* Closing connection #0".

  • First, I used the OAuth tool to make sure my requests are properly formatted (signature base string and authorization header). They match exactly. When they didn’t, I got a 400 Bad Request-response, so I’m pretty confident this is not the problem.
  • I have removed the oath_token-parameter from the request, only pertaining the oauth_*-headers used on this page:
    https://dev.twitter.com/docs/auth/implementing-sign-twitter
  • My local server was two hours ahead of the replying Twitter-server. I’ve taken care of this making sure all request timestamps match the timezone of the Twitter-server.

Here’s an example of my request with the secrets replaced with asterisks:
Signature base string:
POST&https%3A%2F%2Fapi.twitter.com&oauth_callback%3Dhttp%253A%252F%252Fwwwlocal.quotes.ly%252F%26oauth_consumer_key%***********************%26oauth_nonce%3D3ae62754969611c4fb9ec142ab6bb34c76dca5ee%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1374512279%26oauth_version%3D1.0

Authorization header (w/o "Authorization: "):
OAuth oauth_callback=“http%3A%2F%2Fwwwlocal.quotes.ly%2F”, oauth_consumer_key=“", oauth_nonce=“a5515f27534a1eba4dff7b4cdaf6669c58ba7bde”, oauth_signature="*********”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1374512279”, oauth_version=“1.0”

Nothing I’ve found has helped me. How can I solve this? Thank you.

Best regards,
dimhoLt


#2

If you’re reading through this, before this post was verified by moderators, I’ve decided to drop login with Twitter, since Twitter will never supply a user’s email. This means that I have no way of knowing if a user who’s logged in with Twitter is the same as a user who’s logged in with our own site of Facebook at an earlier time, rendering this useless for us.

Still, thank you for looking through the post.

Best regards,
dimhoLt