Failed to validate oauth signature and token



I’ve tried in so many ways this thing to “sign” the request… And I don’t understand what I’m doing wrong…

I’m trying to post with this Authorization header:

OAuth oauth_nonce=“pkZgsQSnLFxrW8MhbUH7419vyuNZnI0zTvKBWRf5Az”, oauth_callback=“oob”, oauth_consumer_key=“HIDDEN”, oauth_signature=“YmZkNjhlMzhlMmM2NjI2YWY5ZjcyYThkNGE2YTMyYzNmMzdmZDhlYg%3D%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1971754813”, oauth_version=“1.0”

Any help would be appreciated...

PS: Even my computer and my webserver has the right timezone and time. I've checked twice even visiting to being sure that the timestamp showing up is, indeed, right.


The signature doesn’t look like a valid signature to me. Are you using a library to perform the signing?


@kurrik, I’m using Javascript with a library made by me. I found the problem. The parameters must be ordered alphabetically before send it to Twitter API… I was sending those parameters with a random order so I assume is that because when I ordered, it works.

My fault, that happened when you forgot to read. You know, RTFM! :smiley:


I’m glad to hear you figured it out :slight_smile:


Thank you



I am consuming the twitter API using a library. When i am trying to get the request token using the url it is returning as “Failed to validate oauth signature and token”

Can any one help me in resolving this issue?


Many good tips here: [node:204]. One tip, use the right path:


it took less than 30 mins to get my app using google’s youtube api. it’s 5hrs and am still on ur API 's oAuth. i wonder what to expect when am finally able to fix the “Failed to validate oauth signature and token” error.


if time is wrong, you get "Failed to validate oauth signature and token"
if you supply no param, same error. fixing it is better than dozen tips.


I have met the same problem, here is the header:
OAuth oauth_nonce=“glxomnct08x0gfialw”, oauth_callback=“”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1373014401”, oauth_consumer_key=“9BFD1XOiVFHrnS7Hw78yA”, oauth_signature=“Qm2WJtOMYAJ8FpOfBAar5THKbdo%3D”, oauth_version=“1.0”

nearly the same as the sample in

OAuth oauth_nonce=“K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw”, oauth_callback=“”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1300228849”, oauth_consumer_key=“OqEqJeafRSF11jBMStrZz”, oauth_signature=“Pc%2BMLdv028fxCErFyi8KXFM%2BddU%3D”, oauth_version=“1.0”

Do you have any idea of it? BTW, how to post a new topic on Discussions?


how found the oauth_signature, I do not understand how to make them or the SHA1 encrypted embedded parameters



$signature = base64_encode(hash_hmac(“sha1”, $sigstring, $sigkey, TRUE))

That TRUE was important as it outputs the required raw binary, rather than the default output of hexbits.


I can’t validate when asked. I used to be able to. I use an iPad.


I have been using scribe lib for authentication process .Everything was working fine ,but since last week I’m getting problem in the request_token ,the error which I get is “Failed to validate oauth signature and token”

Please help me to figure it out what may be the issuses,I have changed and checked my timezone which is correct,still getting same error.



I figured it out and found the solution.
It is due to session. When we first send call to twitter and we login form twitter then it sets the session variables. After same time we again login then this error comes. Solution is only destroy the session then again do that this time error will not come.

Hope this will help :slight_smile: