401 Unauthorized - Failed to validate oauth signature and token


#1

Hi Everyone,

Appreciate this has been asked many times before but today this has beaten me. We are programming in a lesser known language called lasso and therefor no library is available out of the box.

I am stuck on the first part of the process which is /oauth/request_token .

I cannot see anything wrong with my Signature or cURL request but all i am receiving is 401 Unauthorized - Failed to validate oauth signature and token

Here are the various parts of the requests as well as the response:

Firstly the Signature string before signing.

POST&https%3a%2f%2fapi.twitter.com%2foauth%2frequest_token&oauth_callback%3dhttp%253a%252f%252fwww.xxxxxxx.co.uk%252fscratch%252ftwitteroauth.ink%26oauth_consumer_key%3dfWb8mKDaNgYbCAqsxxKJ1g%26oauth_nonce%3d419cef7532df3accdd2a2d627fc01c32%26oauth_signature_method%3dHMAC-SHA1%26oauth_timestamp%3d1395248393%26oauth_version%3d1.0

Authorization Headers

OAuth oauth_callback="http%3a%2f%2fwww.xxxxxxx.co.uk%2fscratch%2ftwitteroauth.ink", oauth_consumer_key="fWb8mKDaNgYbCAqsxxKJ1g", oauth_nonce="419cef7532df3accdd2a2d627fc01c32", oauth_signature="7BdNytzVWYFDGvruadtK%2bh5XogU%3d", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1395248393", oauth_version="1.0"

cURL request.

curl --request 'POST' 'https://api.twitter.com/oauth/request_token' --header 'Authorization: OAuth oauth_callback="http%3a%2f%2fwww.xxxxxxx.co.uk%2fscratch%2ftwitteroauth.ink", oauth_consumer_key="fWb8mKDaNgYbCAqsxxKJ1g", oauth_nonce="419cef7532df3accdd2a2d627fc01c32", oauth_signature="7BdNytzVWYFDGvruadtK%2bh5XogU%3d", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1395248393", oauth_version="1.0"' --verbose

And finally cURL response.

* About to connect() to api.twitter.com port 443 (#0)
*   Trying 199.16.156.199... connected
* Connected to api.twitter.com (199.16.156.199) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using SSL_RSA_WITH_RC4_128_SHA
* Server certificate:
*       subject: CN=api.twitter.com,OU=Twitter Security,O="Twitter, Inc.",L=San Francisco,ST=California,C=US
*       start date: Oct 10 00:00:00 2013 GMT
*       expire date: Oct 10 23:59:59 2014 GMT
*       common name: api.twitter.com
*       issuer: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> POST /oauth/request_token HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: api.twitter.com
> Accept: */*
> Authorization: OAuth oauth_callback="http%3a%2f%2fwww.xxxxxxx.co.uk%2fscratch%2ftwitteroauth.ink", oauth_consumer_key="fWb8mKDaNgYbCAqsxxKJ1g", oauth_nonce="c03342aa8f15b3ee54a6e6ff02cb9e75", oauth_signature="5dnIcNPdWteW1TKVneffO55THnM%3d", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1395248268", oauth_version="1.0"
>
< HTTP/1.1 401 Unauthorized
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 44
< content-type: text/html; charset=utf-8
< date: Wed, 19 Mar 2014 16:57:59 GMT
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Wed, 19 Mar 2014 16:57:59 GMT
< pragma: no-cache
< server: tfe
< set-cookie: _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJWNhODUyMjQ0YjlhZWI4YjU2MTIxMDU5%250AYzdmNmZjMzdlOg9jcmVhdGVkX2F0bCsIVS9H20QB--e65804343d1aea37de768eef12999e9ca7fe3d41; domain=.twitter.com; path=/; secure; HttpOnly
< set-cookie: guest_id=v1%3A139524827923564563; Domain=.twitter.com; Path=/; Expires=Fri, 18-Mar-2016 16:57:59 UTC
< status: 401 Unauthorized
< strict-transport-security: max-age=631138519
< vary: Accept-Encoding
< x-frame-options: SAMEORIGIN
< x-mid: a7d8a873a0a235690a6cdc050bcb22123503f7c9
< x-runtime: 0.01127
< x-transaction: c8abb084d3e9b9bf
< x-ua-compatible: IE=edge,chrome=1
< x-xss-protection: 1; mode=block
<
* Connection #0 to host api.twitter.com left intact
* Closing connection #0
Failed to validate oauth signature and token