Authentication error - Code : 32

oauth

#1

Hi,

I’m currently facing an issue of authentication when trying to send a basic GET request.
The result I get from that attempt looks like this :

{“errors”:[{“code”:32,“message”:“Could not authenticate you.”}]}

I’m familiar with the fact that this error is rather common, but I find the problem intriguing, as it is still occurring after many hours trying to solve it. I used the app Postman (https://www.getpostman.com/) to achieve this.

Here are the things I’ve tried to do :

  • Ensuring that the time and timezone of my machine are correctly set up
  • Ensuring that the timezone of my Twitter is correctly set up
  • Ensuring that the credentials are correct (identical to those from my Twitter app)
  • Adding some basic parameters to my request
  • Putting a link into the “callback_url” field in the app’s settings
  • Using another library - Tweetinvi (https://github.com/linvi/tweetinvi)
  • Checking that the request URL was correct

All from those previous attempts have been vain. No solution that I found was able to resolve my problem.
Here’s a brief look at what my configuration in Postman looks like :

Thank you for your help.


#2

In Postman, can you try unchecking “Add empty params to signature” & “Encode OAuth signature”?


#3

Thank you very much. It solved the problem !
I realized that the only necessary checkbox was “Add params to header” though.


#4

I barely did the same thing and get the same error Code 32.
Could u tell me what should i do to correct this bug?


#5

Are you regenerating the timestamp on each request?


#6

I think postman regenerate timestamp on every each request, doesn’t it ?


#7

it says it will auto generate the timestamp IF LEFT BLANK.


#8

any idea to solve this?


#9

I have an Idea. I will just for trying out, make a pseudo-request including signature and stuff and you try to make the request making the same data and check whether the complete requests match. it will take a while though since building this stuff manually is complicated as hell and stuff.


#10

okay I am through with the stuff

try out whether you get the same signatures and stuff using the values I provided. I even have all the steps included so you can check whether something in the middle is correct or not.

(application)
consumer key: 0123456789abcdef
con secret  : fedcba9876543210
(User)
oauth token : 0011223344556677
token secret: 7766554433221100
(request)
Nonce       : 8899aabbccddeeff
Time        : 1511970896
Oauth Version: 1.0

URL: https://api.twitter.com/1.1/search/tweets.json
encoded: https%3A%2F%2Fapi.twitter.com%2F1.1%2Fsearch%2Ftweets.json
Method: GET


Parameters:
q: hello world
-> encoding: hello%20world

Sig-Method: HMAC-SHA1

HMAC-Key: fedcba9876543210&7766554433221100 (Consumer Secret & token secret)

sorting all of this (and encoding parameters if needed):

oauth_consumer_key=0123456789abcdef
oauth_nonce=8899aabbccddeeff
oauth_signature_method=HMAC-SHA1
oauth_timestamp=1511970896
oauth_token=0011223344556677
oauth_version=1.0
q=hello%20world

parameter String:

oauth_consumer_key=0123456789abcdef&oauth_nonce=8899aabbccddeeff&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1511970896&oauth_token=0011223344556677&oauth_version=1.0&q=hello%20world

encoded again:
oauth_consumer_key%3D0123456789abcdef%26oauth_nonce%3D8899aabbccddeeff%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1511970896%26oauth_token%3D0011223344556677%26oauth_version%3D1.0%26q%3Dhello%2520world

Signature base (Method & URL & Parameters)
GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fsearch%2Ftweets.json&oauth_consumer_key%3D0123456789abcdef%26oauth_nonce%3D8899aabbccddeeff%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1511970896%26oauth_token%3D0011223344556677%26oauth_version%3D1.0%26q%3Dhello%2520world

Signature (HEX): 4ea45dffa47d82c4b51de08771b041e93ea5321e
Signature (B64): TqRd/6R9gsS1HeCHcbBB6T6lMh4= (you need to get the HMAC as byte sequence and then base64 encode)
Signature: Encoded: TqRd%2F6R9gsS1HeCHcbBB6T6lMh4%3D

Authorization Header:

OAuth oauth_consumer_key="0123456789abcdef", oauth_nonce="8899aabbccddeeff", oauth_signature="TqRd%2F6R9gsS1HeCHcbBB6T6lMh4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1511970896", oauth_token="0011223344556677", oauth_version="1.0"