"Could not authenticate you" even when using OAuth Tool from Twitter?


I’m working on a simple library for work purposes that allows me to post tweets on behalf of users. This codebase is written in Google Dart, so there are no existing libraries to use.

I’ve written a bunch of code that successfully authorizes via Twitter. I followed this guide: https://dev.twitter.com/docs/auth/implementing-sign-twitter with the exception of making a request to “authorize”, not “authentication”. Twitter successfully responds back to me, giving me callback confirmed as true and token + secret. I then redirect the user to Twitter where he accepts the authorization. Then the user is thrown to my site (the callback), and I retrieve access token+secret using the /oauth/access_token. I use these access token+secret for further API requests on behalf of the user.

Now with this access token+secret, I can successfully request e.g. /account/verify_credentials.json but I can’t still post to /statuses/update.json, because I get this {“errors”:[{“message”:“Could not authenticate you”,“code”:32}]}

What’s worse is that even when I place those access token+secret (and consumer codes) to Twitter’s own OAuth Tool page, and I use the data the tool gave me to make a request, I still get this “Could not authenticate you”. And in fact, my app seems to generate exactly the same parameter strings and auth headers.

On my app’s settings, I have “Access” set to " Read and Write" and callback URL is wrong because I read it doesn’t matter(?). I have checked “Allow to be used for signin”.

I tried to revoke access from the user’s control panel for my app, and I let my app re-request access, but the issue still remains.

What kind of issue may I be experiencing here?


Did you copy new keys from your application settings page after switching your application’s access level? You will also have to regenerate new access tokens for any users you are connecting on behalf of.

You may also want to go to this page and use the oauth tool from the sidebar to generate the exact curl post request used in the example:
instead of copying + pasting. That way the request will be set up exactly as needed.


I couldn’t use curl on Windows (due to SSL not working even with SSL being built + OpenSSL), but I ran the cURL command at my Linux box and it worked!

I compared against my code, the parameter string is 100% same, and so is the Authorization header. The type of request is POST and the post’d content is same.

What could I be possibly missing?

Note: I used same token+timestamp only to see if my code generates same kind of requests, I obviously random generate tokens and the timestamp is correct when I’m actually testing it.


Here’s an actual example request my code generates: http://pastie.org/7467130


I should have probably replied directly to you, but the answers are below now. :slight_smile:


If I run the cURL command that the OAuth tool gives me, it works on Linux, but when I run it on my Windows machine it does not! curl is not complaining anything, and in fact the two curl requests seem identical to me:

Windows curl: http://pastie.org/7601629
Linux curl: http://pastie.org/7601602


Not fun. After over 2 hours still stuck. Copied the curl command from my OAuth Tool tab of my app. Corrected all of the missing escapes and I continue to get a 401 Unauthorized.