"Failed to validate oauth signature and token" using PHP (twitteroauth.php)


I understand that this question is asked a lot of times, but yet, I still couldn’t fix my issue with all the different solutions out there.

I trying to make use of this PHP class: https://github.com/abraham/twitteroauth

I’ve been manipulating with my code for quite a while and I got nothing, except these errors:

    Notice: Undefined index: oauth_token in C:\xampp\htdocs\mywebsite\components\SocialConnect\twitter\twitteroauth.php on line 80
    Notice: Undefined index: oauth_token_secret in C:\xampp\htdocs\mywebsite\components\SocialConnect\twitter\twitteroauth.php on line 80
    Array ( [Failed to validate oauth signature and token] => )

This is very strange. I don’t see anything that I could have done wrong. This is the code I’ve been writing:

    include($mywebsite_root_path . 'components/SocialConnect/twitter/twitteroauth.php');

    define('TWITTER_CONSUMER_KEY', '123');
    define('TWITTER_CONSUMER_SECRET', 'abc');
    define('TWITTER_OAUTH_CALLBACK', 'http://localhost/mywebsite/user/connect/twitter');
    $oauth_token 	= request_var('oauth_token', '');
    $stored_token 	= $user->get_data('oauth_token');
    if (!empty($oauth_token))
    	if ($oauth_token != $stored_token)
    		$user->set_data('oauth_status', 'oldtoken');
    		redirect('user/connect/' . $service);
    	unset ($twitter);
    	$secret_token = $user->get_data('oauth_token_secret');
    	$twitter = new TwitterOAuth(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, $stored_token, $secret_token);
    	// Request access tokens from twitter 
    	$oauth_verifier = request_var('oauth_verifier', ''); 
    	$access_token 	= $twitter->getAccessToken($oauth_verifier);
    	// Save the access tokens. Normally these would be saved in a database for future use.
    	$user->set_data('access_token', $access_token);
    	// Remove no longer needed request tokens 
    	unset($oauth_token, $secret_token);
    	$user->set_data('oauth_token', '');
    	$user->set_data('oauth_token_secret', '');
    	if (200 == $twitter->http_code) 
    		$user->set_data('status', 'verified');
    		// Registration happens here
    		throw_msg("Welcome. Your account has been successfully connected with Twitter", true, null, 3, 'success');
    		throw_msg('Could not log into your Twitter account. Please try again.', true);
    	// Get temporary credentials.
    	$request_token = $twitter->getRequestToken(TWITTER_OAUTH_CALLBACK);
    	print_r($request_token); exit;
    	// Save temporary credentials to session
    	$token = $request_token['oauth_token'];
    	$user->set_data('oauth_token', $token);
    	$user->set_data('oauth_token_secret', $request_token['oauth_token_secret']);
    	switch ($twitter->http_code) 
    		case 200:
    			$url = $twitter->getAuthorizeURL($token);
    			redirect($url, 'instant', null, true);
    			throw_msg('Could not log into your Twitter account. Please try again.', true);

So as you see, I’m attempting to keep all my code in one page. The error I’ve shown above comes from the this line: $token = $request_token['oauth_token'];. I’ve exited the script right before showing the whole error in order to print_r the array and get the real cause of this problem, which is

Failed to validate oauth signature and token

I’m stuck with this and I don’t know how to continue. Any clues would be highly appreciated.

request_var() is equivalent to $_REQUEST

$user->get_data() gets data from the $_SESSION

$user->set_data() sets data to the $_SESSION

$user->quit(false) destroys the session


Please double and triple check that the consumer key, consumer secret, and callback URL exactly match your application on dev.twitter.com/apps.


I’ll make sure the consumer key and secret are identical. About the callback URL, I know it isn’t. I thought this one is irrelevant to be identical in dev.twitter.com/apps and my script, because Twitter wouldn’t care anyway (what I’ve read). In that case, I’m currently working on my localhost and the callback URL set in Twitter is, while in my PHP code it’s equal to http://localhost/mywebsite/user/connect/twitter.

If this is relevant and what I’m doing is wrong, then Twitter won’t let me set the callback URL to http://localhost… as it’s not a valid URL.

Thanks for you reply. How should I proceed?


Hey @IMGzer,

Did you have any luck getting this to work? I’m running into the same problem.



Yeah. It was exactly what Abraham suggested - My API credentials were incorrectly set. I fixed it by correcting those.


Hi Abraham, I am having same problem, but… I did test on heroku, aws and others and is ok, but same library changing token and callback on my production server not is working. For any reasons my server administrator can’t change date and date is wrong. My question is: is possible that a server date wrong could caused this error?