Everything except request_token works fine


So I have integrated with the API and our auth header generator works perfect. We can twee, favorite, message, re-tweet perfectly using the tokens we have in our DB. I am now adding a “sign in with twitter” functionality. I have added a call to /oauth/request_token. The ONLY thing different between this and everything else that already works:

if(token){ oauthQuery.addItem(new KeyValuePair(“oauth_token”, token));}

Basically if we don’t already have a token (like when calling request_token) it doesn’t get added as a header. and:

var keyString:String = encodeURIComponent(CONSUMER_SECRET) + “&”;
if (secret) { keyString += encodeURIComponent(secret);}

Our token secret doesn’t exist yet so it is not added as part of the signing key.

We have a callback url set on the app in twitter (although it will be deprecated) and I am passing in the oath_callback into the header generation process as well so it is added to the header and included in the signing process. I even tried adding to the header but EXCLUDING it from the signature generation process but that wasn’t the answer.

here is the header I generate:

Authorization: OAuth oauth_callback=“http%3A%2F%2Fwww.qubeey.com%2Ftwitter”, oauth_consumer_key=“oDiUd2FZt5MozB2ocgvH1w”, oauth_nonce=“3833BEA2-44A6-550B-DFA7-9F57A52F4948”, oauth_signature=“JLphDUh3Xpdzz%2BhkMMVpJcLQMVw%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1355588020”, oauth_version=“1.0”

Again, our auth code works on EVERY API call in twitter except when calling request_token. Any ideas?

EDIT: The exact message in the 401 is “Failed to validate oauth signature and token”


any chance of some feedback here?


It’s not obvious here what’s going wrong – if your signing key when calling https://api.twitter.com/oauth/request_token is your consumer secret + “&” + “” (the empty access token secret), then that should be the correct signing key. I’m a little stumped as to why this is failing for you.

Do you know what the signature base string you’re generating looks like?


OMG… thanks for saying “base string”… turns out I had a single char copy/paste issue… Saw it immediately when I reviewed the base string. WOW it’s the little things… :slight_smile: