Can not obtain a request token


#1

Hello,
since a week I’m trying to obtain a request token. But it does not work. I recieve:
“Failed to validate oauth signature and token”. Please help!

My code:

	date_default_timezone_set('UTC');
			  
	$url = 'https://api.twitter.com/oauth/request_token';
	
	$callback = 'http://mydomain.net/'; 
	
	$oauth_consumer_key = '***';
	$oauth_nonce = str_shuffle(trim(base64_encode(time()), '='));
	$oauth_signature_method = 'HMAC-SHA1';
	$oauth_timestamp = time();
	$oauth_token = '***';
	$oauth_version = '1.0';
	
	$HTTPMethod = 'POST'; 
	$BaseURL = 'https://api.twitter.com/oauth/request_token';	
	
	$consumer_secret = '***';
	$access_token_secret = '***';
	
		
	$params = array(
        'oauth_consumer_key' => $oauth_consumer_key,
        'oauth_nonce' => $oauth_nonce,
        'oauth_signature_method' => $oauth_signature_method,
        'oauth_timestamp' => $oauth_timestamp,
		'oauth_token' => $oauth_token,
		'oauth_version' => $oauth_version
    );
	
	function parameter_string (array $params)
	{
		$temp_array = array();
		$parameter_string = '';
		
		while (current($params)) {
			$temp_array[rawurlencode(key($params))] = rawurlencode(current($params));
			next($params);
		}

		ksort($temp_array);
		
		foreach ($temp_array as $key => $value) {
            $parameter_string .= '&' . $key . '=' . $value;
        }
		
		return trim($parameter_string, '&');
	}
	
	$parameter_string = parameter_string($params);
	
	
	function signature_base_string ($parameter_string, $HTTPMethod, $BaseURL)
	{
		$signature_base_string = $HTTPMethod . '&' . rawurlencode($BaseURL) . '&' . rawurlencode($parameter_string);
		return $signature_base_string;
	}
	$signature_base_string = signature_base_string ($parameter_string, $HTTPMethod, $BaseURL);
	

	function signing_key($consumer_secret, $access_token_secret)
	{
		return rawurlencode($consumer_secret) . '&' . rawurlencode($access_token_secret);
	}
	$signing_key = signing_key($consumer_secret, $access_token_secret);	
	
	
	$oauth_signature = base64_encode(hash_hmac('SHA1', $signature_base_string, $signing_key, true));

	
	$header[] = 'Authorization: OAuth '.
			'oauth_callback="'.rawurlencode($callback).'", '.
			'oauth_consumer_key="'.rawurlencode($oauth_consumer_key).'", '.
			'oauth_nonce="'.rawurlencode($oauth_nonce).'", '.
			'oauth_signature="'.rawurlencode($oauth_signature).'", '.
			'oauth_signature_method="'.rawurlencode('HMAC-SHA1').'", '.
			'oauth_timestamp="'.rawurlencode($oauth_timestamp).'", '.
			'oauth_version="'.rawurlencode('1.0').'"';
	

 	$options = array(
		CURLOPT_URL => $url,
		CURLOPT_HEADER => true,
		CURLINFO_HEADER_OUT => true,
		CURLOPT_HTTPHEADER => $header,
		CURLOPT_POST => true,
        CURLOPT_RETURNTRANSFER => true,
		CURLOPT_SSL_VERIFYPEER => false,
		);
		
    $c = curl_init();

    $d = curl_setopt_array($c, $options);
	
    $response = curl_exec($c);

	echo '<pre>';
    print_r($response);
	echo '</pre>';
	
	
	curl_close($c);

PIN-based auth - request_token only works if I already have a token_secret
#2

Well i have got a mistake in my code. The signing_key must be created only with “consumer secret + &”. I have changed it but still it does not work. My new code is:

<?php
date_default_timezone_set('UTC');

$oauth_callback = 'http://mydomain.net.ua/';
$url = 'https://api.twitter.com/oauth/request_token';
 	
$oauth_consumer_key = '***';
$oauth_nonce = str_shuffle('ABCDEFGHIJKLMNOPQRSTUWXYZ1234567890');//str_shuffle(trim(base64_encode(time()), '='));
$oauth_signature_method = 'HMAC-SHA1';
$oauth_timestamp = time();
$oauth_token = '***';
$oauth_version = '1.0';

$HTTPMethod = 'POST'; 
$BaseURL = 'https://api.twitter.com/oauth/request_token';	

$consumer_secret = '***';
$access_token_secret = '***';


$params = array(
    'oauth_consumer_key' => $oauth_consumer_key,
    'oauth_nonce' => $oauth_nonce,
    'oauth_signature_method' => $oauth_signature_method,
    'oauth_timestamp' => $oauth_timestamp,
	'oauth_token' => $oauth_token,
	'oauth_version' => $oauth_version,
	'oauth_callback' => $oauth_callback
);

function parameter_string (array $params)
{
	$temp_array = array();
	$parameter_string = '';
	
	while (current($params)) {
		$temp_array[rawurlencode(key($params))] = rawurlencode(current($params));
		next($params);
	}
	
	ksort($temp_array);

	foreach ($temp_array as $key => $value) {
        $parameter_string .= '&' . $key . '=' . $value;
    }
	
	echo '<pre>';
	print_r($temp_array);
	echo '</pre>';
	
	
	return trim($parameter_string, '&');
}

$parameter_string = parameter_string($params);

echo 'parameter_string=<br />'.$parameter_string.'<br /><br />';
//die();


function signature_base_string ( $HTTPMethod, $BaseURL, $parameter_string)
{
	$signature_base_string = $HTTPMethod . '&' . rawurlencode($BaseURL) . '&' . rawurlencode($parameter_string);
	return $signature_base_string;
}
$signature_base_string = signature_base_string ($HTTPMethod, $BaseURL, $parameter_string);

echo 'signature_base_string=<br />'.$signature_base_string.'<br /><br />';

function signing_key($consumer_secret, $access_token_secret)
{
	return rawurlencode($consumer_secret) . '&'; //. rawurlencode($access_token_secret);
}
$signing_key = signing_key($consumer_secret, $access_token_secret);	
echo 'signing_key=<br />'.$signing_key.'<br /><br />';

$oauth_signature = base64_encode(hash_hmac('SHA1', $signature_base_string, $signing_key, true));
echo 'oauth_signature=<br />'.$oauth_signature.'<br /><br />';

$header[] = 'Authorization: OAuth '.
		'oauth_callback="'.rawurlencode($oauth_callback).'", '.
		'oauth_consumer_key="'.rawurlencode($oauth_consumer_key).'", '.
		'oauth_nonce="'.rawurlencode($oauth_nonce).'", '.
		'oauth_signature="'.rawurlencode($oauth_signature).'", '.
		'oauth_signature_method="'.rawurlencode('HMAC-SHA1').'", '.
		'oauth_timestamp="'.rawurlencode($oauth_timestamp).'", '.
		'oauth_version="'.rawurlencode('1.0').'"';


echo 'header<pre>';
print_r($header[0]);
echo '</pre>';

$options = array(
	CURLOPT_URL => $url,
	CURLOPT_HEADER => true,
	CURLINFO_HEADER_OUT => true,
	CURLOPT_HTTPHEADER => $header,
	CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true
	);

	
$c = curl_init();

$d = curl_setopt_array($c, $options);

$response = curl_exec($c);

echo '<pre>';
print_r($response);
echo '</pre>';

echo '<pre>';
print_r (curl_getinfo($c));
echo '</pre>';


curl_close($c);

?>


#3

Have you checked that your system clock is in sync?

It looks like you may be including a parameter “oauth_token” in your request, even though it’s empty. You shouldn’t put this value in the signature base string, parameters, nor the authorization header on the oauth/request_token step.


#4

Oh thanks Taylor Singletary,
it works now! I just needed as you said exclude oauth_token parameter. The correct version looks like this:

$params = array( 'oauth_consumer_key' => $oauth_consumer_key, 'oauth_nonce' => $oauth_nonce, 'oauth_signature_method' => $oauth_signature_method, 'oauth_timestamp' => $oauth_timestamp, 'oauth_version' => $oauth_version, 'oauth_callback' => $oauth_callback );