Always receive "401 Unauthorized" obtaining access_token


#1

Hi, i spent a few days with this problem and i can’t fix it.

My code (from php):

$nonce = md5(time());
$timestamp = time() - 5*60;
$oauth_body = array(
‘oauth_consumer_key’ => $consumer_key,
‘oauth_nonce’ => $nonce,
‘oauth_signature_method’ => ‘HMAC-SHA1’,
‘oauth_timestamp’ => $timestamp,
‘oauth_version’ => ‘1.0’,
‘x_auth_username’ => $username,
‘x_auth_password’ => $password,
‘x_auth_mode’ => ‘client_auth’
);

$baseString = buildBaseString($accessURI, $oauth_body);
// return --> POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token&oauth_consumer_key%3D…

$signature = getCompositeKey($consumer_secret, null);
// return --> $consumer_secret + ‘&’

$oauth_signature = base64_encode(hash_hmac(‘sha1’, $baseString, $signature, true));
//sign the base string

// and with this array i build the Oauth for the Authorization header from curl
$oauth_header = array(
‘oauth_consumer_key’ => $consumer_key,
‘oauth_nonce’ => $nonce,
‘oauth_signature’ => $oauth_signature,
‘oauth_signature_method’ => ‘HMAC-SHA1’,
‘oauth_timestamp’ => $timestamp,
‘oauth_version’ => ‘1.0’
);

$response = sendRequest($oauth_header, $accessURI, true);

My actual options for the curl are :
$options = array(CURLOPT_HTTPHEADER => $header,
CURLOPT_HEADER => $debug, //true or false for check responses
CURLOPT_URL => $accessURI,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => array(), // or ‘’ or null
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_VERBOSE => $debug //true or false for check from console
);

…it’s all. With that always always receive status 401. Any idea??
Thx!!!


#2

…any help??


#3

@pepelopz… facing the same problem


#4

me too


#5

The following headers fixed the problem for me:
$options = array(
CURLOPT_HTTPHEADER => $header, //use our authorization and expect header
CURLOPT_HEADER => false, //don’t retrieve the header back from Twitter
CURLOPT_URL => $baseURI, //the URI we’re sending the request to
CURLOPT_POST => true, //this is going to be a POST - required
CURLOPT_POSTFIELDS => ‘’, // this is the change
CURLOPT_RETURNTRANSFER => true, //return content as a string, don’t echo out directly
CURLOPT_SSL_VERIFYPEER => false); //don’t verify SSL certificate, just do it


#6

Verify the SSL peers. You’re not using the API or HTTPS correctly otherwise and put you and your users at risk. If it doesn’t work when you enable that option, fix what’s broken about your SSL configuration instead.