401 when trying to retrieve request token


#1

Hi. I’m not able to retrieve a request token. Always get an 401 Unauthorized (Failed to validate oauth signature and token). I checked base string, signature generation and the url sent multiple times and can’t find any error there. Here are the values:

Base string:
GET&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3DoVJP1bNhPRhtDGyqLl9UTg%26oauth_nonce%3Dc2a92cfac094cf52cfdf9c91e56e9095%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1330632387%26oauth_version%3D1.0
Signature:
XXXXXX=
Url:
https://api.twitter.com/oauth/request_token?oauth_consumer_key=oVJP1bNhPRhtDGyqLl9UTg&oauth_nonce=c2a92cfac094cf52cfdf9c91e56e9095&oauth_signature=cXCH7LR8HJY13sH2zjammkogt1U%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1330632387&oauth_version=1.0

System time of request compared to Twitter time: Thu, 01 Mar 2012, 15:06:27 EST server time, Thu, 01 Mar 2012 20:06:30 GMT Twitter time.

Resulted in:
[date] => Thu, 01 Mar 2012 20:06:30 GMT
[status] => 401 Unauthorized
[expires] => Tue, 31 Mar 1981 05:00:00 GMT
[last_modified] => Thu, 01 Mar 2012 20:06:30 GMT
[content_length] => 44
[cache_control] => no-cache, no-store, must-revalidate, pre-check=0, post-check=0
[x_transaction] => 2cd588e62b8f9517
[content_type] => text/html; charset=utf-8
[x_revision] => DEV
[pragma] => no-cache
[x_runtime] => 0.01372
[x_mid] => 343239423391d3358dd10b7e22ffdcd9beec0d31
[x_frame_options] => SAMEORIGIN
[set_cookie] => _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCCL53s81AToHaWQiJTUw%250ANGYyMGYwOTQyYzY5MzM4MGU0NDgwZDg4YTE2ZTYy–4cab1c9b5f713c95213a0774a252f7629146548b; domain=.twitter.com; path=/; HttpOnly
[vary] => Accept-Encoding
[server] => tfe

Have been trying for hours, changed the whole code to header-based auth and back. Didn’t make any difference.
Any ideas?


#2

Are you using a specific library? Have you compared the signatures your code generates with the signatures the OAuth tool in your application settings page generates?


#3

Signature was correct. But I found the problem. Had an empty string set for curl postfields where postfields shouldn’t be set at all. Thanks anyway.


#4

I have just fixed this problem and found that I needed to setup a callback url in my developers account.