Failed to validate oauth signature and token on oauth/request_token (rare)


#1

Hi everybody, I have a desktop application and my OAuth flow was working for around a year with no problem and a week ago I decided to test the whole functionality of my app from scratch and when I asked for a request_token I got a 401 response and the message “Failed to validate oauth signature and token on oauth/request_token”.

I though it could be the OAuth library that got deprecated (python-oauth) so I tried with a new one (python-oauth2) and got the same result. I’ve been testing with two more libraries (requests-oauthlib and oauthlib) and even with curl and the result it’s the same. I’ve checked my date/time and it’s ok, I tested on another machine (with another OS) and the same result. I’m really frustrated because I can’t debug anymore, I’ve readed almost every single discussion about similar issues and nothing works. I’m passing the oauth_* params in the header sorted alphabetically, I added the oauth_callback=oob and nothing happens, the same 401 error with the same message.

This is the header of my request (POST) to https://api.twitter.com/oauth/request_token:

{‘Authorization’: u’OAuth oauth_callback=“oob”, oauth_consumer_key="…omitted…", oauth_nonce=“23915359875795941241369355623”, oauth_signature=“90iA8HSe…trucanted…1Y3p2K5I%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1369355623”, oauth_version=“1.0”’}

And this is the answer:

{‘status’: ‘401 Unauthorized’, ‘content-length’: ‘62’, ‘set-cookie’: ‘_twitter_sess=BAh7CDoHaWQiJWVjM2EyNjdjYWEzYWZlZDkxMGQxYjg2NWNkYWQwNjJkIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIXCsr1D4B–921935c88862e608ea2ba53a87371639197db9e3; domain=.twitter.com; path=/; HttpOnly, guest_id=v1%3A136935919905736747; Domain=.twitter.com; Path=/; Expires=Sun, 24-May-2015 01:33:19 UTC’, ‘expires’: ‘Tue, 31 Mar 1981 05:00:00 GMT’, ‘vary’: ‘Accept-Encoding’, ‘last-modified’: ‘Fri, 24 May 2013 01:33:19 GMT’, ‘pragma’: ‘no-cache’, ‘date’: ‘Fri, 24 May 2013 01:33:19 GMT’, ‘x-xss-protection’: ‘1; mode=block’, ‘x-transaction’: ‘37b80cb61f3f3d5a’, ‘content-encoding’: ‘gzip’, ‘strict-transport-security’: ‘max-age=631138519’, ‘server’: ‘tfe’, ‘x-mid’: ‘ddffffd4c512d98d4ee606cc55b0f3152c4edbf5’, ‘x-runtime’: ‘0.00954’, ‘x-ua-compatible’: ‘IE=9,chrome=1’, ‘cache-control’: ‘no-cache, no-store, must-revalidate, pre-check=0, post-check=0’, ‘x-frame-options’: ‘SAMEORIGIN’, ‘content-type’: ‘text/html; charset=utf-8’}

With the message: Failed to validate oauth signature and token

Am I doing something wrong? How is it possible that if everything was working months ago now I can’t even ask for a request_token?

I really appreciate your help.

Best regards


#2

could you solve the problem? I’m having the same issue and cannot even test it using cURL =( (I’m frustrated because the app is based on the user signing in with Twitter)