Custom callback fails with "Failed to validate oauth signature and token"


#1

I originally set my account to use the oob callback. Works perfectly, can login and tweet from the app. Now when I change the callback to a custom value, say, myapp://oauth I get a 401 error with “Failed to validate oauth signature and token” in the response string. I’ve already put a placeholder URL in the application settings. What am I missing?


#2

Hopefully you’re using header-based OAuth rather than query-string based OAuth, as it will make this part easier.

Make sure that when your signature base string is built that the custom oauth_callback value is properly escaped. If it were “myapp://oauth”, it should be presented as “myapp%3A%2F%2Foauth” in the OAuth signature basestring.


#3

Yes, I am using headers. Will check the base string, thanks.


#4

Here are what the base strings look like:

Working, callback = oob:

POST&http%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dxxx%26oauth_nonce%3D351f72abc39ea9794935d7def68f34d0f9187eeb%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1319214477%26oauth_version%3D1.0

Not working, callback = oauth://callback

POST&http%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Doauth%3A%2F%2Fcallback%26oauth_consumer_key%3Dxxx%26oauth_nonce%3D4238935ba05672b1ef828f98fa95f666cf112bc3%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1319214531%26oauth_version%3D1.0


#5

And what’s the exact URL you’re executing when issuing the request? Do you include any query parameters on the URL itself or in the POST body?


#6

Your oauth_callback value is only escaped once in your base string. It needs to be escaped twice at the point it reaches the SBS.

This is true of every parameter you sign, actually, but the :// in the second request is the only portion which would actually be escaped, hence breaking only that request.


#7

That was it, thanks!


#8

It’s http://api.twitter.com/oauth/request_token, no parameters nor post body.


#9

hi , I am also stuck at the same issue.I have taken care of handling base string as described with no luck.

can update if it worked for you after escaping the callback twice…

Thanks,Any pointers would be appreciated.


#10

Yes, it does work now. Make sure you have a placeholder URL for the callback in your app settings.


#11

Thanks for the reply,but i already have the callback url set in the twitter app settings and am setting the same value as well in the CALLBACK URL in the application as well while forming the base string.

and request token URL used is - https://api.twitter.com/oauth/request_token

I have no clue why it is failing now.Need your help for getting this up as i am running under a deadline.
Appreciate your inputs.


#12

Issue resolved.Thanks
Can reach out in case of any inputs needed for anyone.


#13

Here is my querystring.

GET&http%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_version%3D1.0%26oauth_nonce%3D809538470%26oauth_timestamp%3D1328628442%26oauth_consumer_key%3g%26oauth_callback%3Dhttp%253A%252F%252F108.58.201.139%252Fweb%26oauth_signature_method%3DHMAC-SHA1

Please someone help if what I am doing wrong in this. I am getting “Failed to validate oauth signature and token”