Authentication error - Code : 32

RobinBressoud · 2017-08-28T09:35:23.620Z

Hi,

I’m currently facing an issue of authentication when trying to send a basic GET request.
The result I get from that attempt looks like this :

{“errors”:[{“code”:32,“message”:“Could not authenticate you.”}]}

I’m familiar with the fact that this error is rather common, but I find the problem intriguing, as it is still occurring after many hours trying to solve it. I used the app Postman (https://www.getpostman.com/) to achieve this.

Here are the things I’ve tried to do :

Ensuring that the time and timezone of my machine are correctly set up
Ensuring that the timezone of my Twitter is correctly set up
Ensuring that the credentials are correct (identical to those from my Twitter app)
Adding some basic parameters to my request
Putting a link into the “callback_url” field in the app’s settings
Using another library - Tweetinvi (https://github.com/linvi/tweetinvi)
Checking that the request URL was correct

All from those previous attempts have been vain. No solution that I found was able to resolve my problem.
Here’s a brief look at what my configuration in Postman looks like :

Error.png922x878 61.6 KB

Thank you for your help.

happycamper · 2017-08-28T16:22:07.752Z

In Postman, can you try unchecking “Add empty params to signature” & “Encode OAuth signature”?

RobinBressoud · 2017-08-30T08:50:29.092Z

happycamper:

In Postman, can you try unchecking “Add empty params to signature” & “Encode OAuth signature”?

Thank you very much. It solved the problem !
I realized that the only necessary checkbox was “Add params to header” though.

undervoid · 2017-11-28T17:05:54.590Z

I barely did the same thing and get the same error Code 32.
Could u tell me what should i do to correct this bug?

WechatIMG72.jpeg2238x1240 356 KB

andypiper · 2017-11-28T17:41:55.226Z

Are you regenerating the timestamp on each request?

undervoid · 2017-11-29T09:53:26.926Z

andypiper:

timestamp

I think postman regenerate timestamp on every each request, doesn’t it ?

My1 · 2017-11-29T11:11:51.900Z

it says it will auto generate the timestamp IF LEFT BLANK.

undervoid · 2017-11-29T15:27:14.449Z

any idea to solve this?

My1 · 2017-11-29T15:49:14.834Z

I have an Idea. I will just for trying out, make a pseudo-request including signature and stuff and you try to make the request making the same data and check whether the complete requests match. it will take a while though since building this stuff manually is complicated as hell and stuff.

My1 · 2017-11-29T16:26:37.891Z

okay I am through with the stuff

try out whether you get the same signatures and stuff using the values I provided. I even have all the steps included so you can check whether something in the middle is correct or not.

(application)
consumer key: 0123456789abcdef
con secret  : fedcba9876543210
(User)
oauth token : 0011223344556677
token secret: 7766554433221100
(request)
Nonce       : 8899aabbccddeeff
Time        : 1511970896
Oauth Version: 1.0

URL: https://api.twitter.com/1.1/search/tweets.json
encoded: https%3A%2F%2Fapi.twitter.com%2F1.1%2Fsearch%2Ftweets.json
Method: GET


Parameters:
q: hello world
-> encoding: hello%20world

Sig-Method: HMAC-SHA1

HMAC-Key: fedcba9876543210&7766554433221100 (Consumer Secret & token secret)

sorting all of this (and encoding parameters if needed):

oauth_consumer_key=0123456789abcdef
oauth_nonce=8899aabbccddeeff
oauth_signature_method=HMAC-SHA1
oauth_timestamp=1511970896
oauth_token=0011223344556677
oauth_version=1.0
q=hello%20world

parameter String:

oauth_consumer_key=0123456789abcdef&oauth_nonce=8899aabbccddeeff&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1511970896&oauth_token=0011223344556677&oauth_version=1.0&q=hello%20world

encoded again:
oauth_consumer_key%3D0123456789abcdef%26oauth_nonce%3D8899aabbccddeeff%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1511970896%26oauth_token%3D0011223344556677%26oauth_version%3D1.0%26q%3Dhello%2520world

Signature base (Method & URL & Parameters)
GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fsearch%2Ftweets.json&oauth_consumer_key%3D0123456789abcdef%26oauth_nonce%3D8899aabbccddeeff%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1511970896%26oauth_token%3D0011223344556677%26oauth_version%3D1.0%26q%3Dhello%2520world

Signature (HEX): 4ea45dffa47d82c4b51de08771b041e93ea5321e
Signature (B64): TqRd/6R9gsS1HeCHcbBB6T6lMh4= (you need to get the HMAC as byte sequence and then base64 encode)
Signature: Encoded: TqRd%2F6R9gsS1HeCHcbBB6T6lMh4%3D

Authorization Header:

OAuth oauth_consumer_key="0123456789abcdef", oauth_nonce="8899aabbccddeeff", oauth_signature="TqRd%2F6R9gsS1HeCHcbBB6T6lMh4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1511970896", oauth_token="0011223344556677", oauth_version="1.0"