Hello !
I want to use https://api.twitter.com/oauth/request_token, but always get 401 Unauthorized answers.
I do my testing via curl. Here is an example request :
curl --request ‘POST’ ‘https://api.twitter.com/oauth/request_token’ --header ‘Authorization: OAuth oauth_callback=“http%3A%2F%2Fwww.ea-services.be%2Fblank.html”, oauth_consumer_key=“m9JhzYtNxdWkxFnSbVSMw”, oauth_nonce=“hj00s5wxFVx6l7qWnx”, oauth_signature=“TDhCuHO2evdhvpYmlk3AA8S4hIM=”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1373550968”, oauth_version=“1.0”’ --verbose
Output:
- About to connect() to api.twitter.com port 443 (#0)
- Trying 199.16.156.72… connected
(…)
POST /oauth/request_token HTTP/1.1
User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Host: api.twitter.com
Accept: /
Authorization: OAuth oauth_callback=“http%3A%2F%2Fwww.ea-services.be%2Fblank.html”, oauth_consumer_key=“m9JhzYtNxdWkxFnSbVSMw”, oauth_nonce=“hj00s5wxFVx6l7qWnx”, oauth_signature=“TDhCuHO2evdhvpYmlk3AA8S4hIM=”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1373550968”, oauth_version=“1.0”
< HTTP/1.1 401 Unauthorized
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 44
< content-type: text/html; charset=utf-8
< date: Thu, 11 Jul 2013 13:56:38 GMT
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Thu, 11 Jul 2013 13:56:38 GMT
< pragma: no-cache
< server: tfe
< set-cookie: _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJWVjNWEyY2M3MzAwMDkyNDYzYzBjNDlk%250ANWI5MmY1NDI0Og9jcmVhdGVkX2F0bCsIC%252FMEzj8B–7903849498bef042dbbe6cb6717bd48d4d5c2a3f; domain=.twitter.com; path=/; HttpOnly
< set-cookie: guest_id=v1%3A137355099816338421; Domain=.twitter.com; Path=/; Expires=Sat, 11-Jul-2015 13:56:38 UTC
< status: 401 Unauthorized
< strict-transport-security: max-age=631138519
< vary: Accept-Encoding
< x-frame-options: SAMEORIGIN
< x-mid: 49367fb0e9139cd40e4a0b15238118a95c539b20
< x-runtime: 0.00682
< x-transaction: 11aa46cefde5d7f5
< x-ua-compatible: IE=10,chrome=1
< x-xss-protection: 1; mode=block
I tested my signature method with the examples provided in the doc and with this tool : http://quonos.nl/oauthTester/, it seems working well.
I tryed feeding the oauth_callback both raw or urlencoded to my signature making method (while always keeping it url encoded in the Authorization header as shown above). Didn’t worked.
I checked my timestamp and am pretty shure it’s ok.
oauth_nonce is generated based on timmestamp + random chars … so it is different each time.
So, I’m running out of ideas …
