Failed to validate signature and token - answer still not found after reading tons of answers (PHP)


#1

Dear developers taking time to read this,

I’ve been trying to get a token (the first step in authorization), but no matter what i change, how long i search on here and google,
i have not found an answer yet.

Some information:

Signature base: ‘POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3D[customer key]%26oauth_nonce%3DR4dDdaZNcjpMdiou3eqTK1Yd4vSRb7bR%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1329078102%26oauth_version%3D1.0’

signature: base64_encode(hash_hmac(‘sha1’, $signature_base, $consumer_secret.’&’, true) = ‘qOeBHhUo4MUqFn0WfO69I9lBQnU=’

Authorization header:
'OAuth oauth_callback=“http%253A%252F%252Fmark_hendriks.informatica-mwc.nl%252FTweetMeet%252Flogin.php”, oauth_consumer_key="[customer key]", oauth_nonce=“R4dDdaZNcjpMdiou3eqTK1Yd4vSRb7bR”, oauth_signature=“qOeBHhUo4MUqFn0WfO69I9lBQnU%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1329078102”, oauth_version=“1.0” ’

cURL:
$cu = curl_init();
curl_setopt($cu, CURLOPT_HEADER, true);
curl_setopt($cu, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($cu, CURLOPT_POST, TRUE);
curl_setopt($cu, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($cu, CURLOPT_URL, ‘https://api.twitter.com/oauth/request_token’);
curl_setopt($cu, CURLOPT_HTTPHEADER, array('Authorization: '. $authorize, 'Expect: '));
curl_exec($cu);


                    ... and so on, retrieve the data etc.

Some people suggested it was the server clock, but according to a callback to https://api.twitter.com/1/help/test.json my server time was fine
(more info: https://dev.twitter.com/discussions/1245; i used both methods to validate and my server was 5 mins ahead of twitter)

Any suggestions why i get a 401 'failed to validate oauth signature and token'. If you need more information, feel free to ask

Thanks in advance,

Mark

#2

Your signature base string does not appear to have the oauth_callback value within it that you’re sending in your OAuth authorization header.


#3

Maybe this could be of some help to you : https://dev.twitter.com/discussions/5710

Cheers,
Krishley