Frustrating 215 Bad Authentication Data Error


#1

I’m trying to create a ColdFusion application that can either post to our Twitter account or grab tweets from our account. The following which uses version 1.0 of the API works perfectly and I get a valid batch of JSON information:

<cfhttp url="https://api.twitter.com/1.0/statuses/user_timeline.json" method="GET">
    <cfhttpparam type="formfield" name="screen_name" value="twitterapi">
    <cfhttpparam type="formfield" name="count" value="2">
</cfhttp>

When I go to 1.1, I know I need to add the appropriate oAuth information, so my new cfhttp call is as follows:

<cfhttp url="https://api.twitter.com/1.1/statuses/user_timeline.json" method="GET">
    <cfhttpparam type="header" name="oauth_consumer_key" value="#oauthStruct.consumer_key#">
    <cfhttpparam type="header" name="oauth_nonce" value="#oauthStruct.nonce#">
    <cfhttpparam type="header" name="oauth_signature" value="#signature#">
    <cfhttpparam type="header" name="oauth_signature_method" value="#oauthStruct.signature_method#">
    <cfhttpparam type="header" name="oauth_token" value="#oauthStruct.token#">
    <cfhttpparam type="header" name="oauth_timestamp" value="#oauthStruct.timestamp#">
    <cfhttpparam type="header" name="oauth_version" value="#oauthStruct.version#">
    <cfhttpparam type="formfield" name="screen_name" value="twitterapi">
    <cfhttpparam type="formfield" name="count" value="2">
</cfhttp>

The consumer_key and token are taken directly from the Twitter application settings tab, the version is “1.0”, and the signature_method is HMAC-SHA1. The nonce, signature, and timestamp are all copied directly from Generate OAuth Signature script from your site and pasted into the code before uploading and executing, all of which is done in less than 30 seconds. Yet, every time I attempt this call, I get a 400 Bad Request from the Response Header, and the JSON response gives me a 215 Bad Authentication Data error.

Again, the call works in 1.0, but not 1.1. Unless it’s the order of the parameters, I do not know why I’m getting this same error over and over. Am I missing something in my implementation?


#2

The OAuth filter on API v1.1 is more strict than v1. In v1, even if you provided bad auth to the user timeline method, it could still potentially serve you content if the request could be reconsidered as unauthenticated. No such affordances are given in API v1.1.

Do you know more about the actual HTTP requests your code sends? How it forms the authorization header or query string parameters, any other HTTP headers it sends?

Review [node:204] for more tips on debugging OAuth.


#3

My app broke going from 1.0 to 1.1. Finally figured it out. I was not adding this header to my POSTs:

Content-Type: application/x-www-form-urlencoded

After added, it worked fine.


#4

@BrandonFuller were you having any problem with GETs?


#5

i am getting the Error: Failed to validate oauth signature and token, please some one help me to resolve the issue.

tmhOAuth Object
(
[response] => Array
(
[raw] => HTTP/1.1 401 Unauthorized
Date: Tue, 27 Nov 2012 05:07:58 GMT
Status: 401 Unauthorized
X-Runtime: 0.02925
X-MID: 45357c5c093ab3b575c7522ceee16feb2e39e2cc
Pragma: no-cache
X-Transaction: 4bbcaa405ae99106
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 27 Nov 2012 05:07:58 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: k=10.36.73.122.1353992878250073; path=/; expires=Tue, 04-Dec-12 05:07:58 GMT; domain=.twitter.com
Set-Cookie: guest_id=v1%3A135399287826539035; domain=.twitter.com; path=/; expires=Thu, 27-Nov-2014 17:07:58 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLu4Q0A7ASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWEz%250AZTA4ZDNhOGRkN2I0ZjA3YTA2MDUxMjM5N2M3ODMw–730a4398061cf4de7d3c85cd3d848b368d958157; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 62
Server: tfe

Failed to validate oauth signature and token
[headers] => Array
(
[HTTP/1.1 400 Bad Request] =>
[Content-Type] => text/html; charset=utf-8
[Date] => Tue, 27 Nov 2012 05:07:58 GMT
[Server] => tfe
[Content-Encoding] => gzip
[Content-Length] => 62
[] =>
[HTTP/1.1 401 Unauthorized] =>
[Status] => 401 Unauthorized
[X-Runtime] => 0.02925
[X-MID] => 45357c5c093ab3b575c7522ceee16feb2e39e2cc
[Pragma] => no-cache
[X-Transaction] => 4bbcaa405ae99106
[Cache-Control] => no-cache, no-store, must-revalidate, pre-check=0, post-check=0
[Expires] => Tue, 31 Mar 1981 05:00:00 GMT
[X-Frame-Options] => SAMEORIGIN
[Last-Modified] => Tue, 27 Nov 2012 05:07:58 GMT
[Set-Cookie] => _twitter_sess=XXXXX; domain=.twitter.com; path=/; HttpOnly
[Vary] => Accept-Encoding
)

        [code] => 401
        [response] => Failed to validate oauth signature and token
        [info] => Array
            (
                [url] => https://api.twitter.com/oauth/request_token
                [content_type] => text/html; charset=utf-8
                [http_code] => 401
                [header_size] => 1030
                [request_size] => 535
                [filetime] => -1
                [ssl_verify_result] => 0
                [redirect_count] => 0
                [total_time] => 0.967748
                [namelookup_time] => 2.4E-05
                [connect_time] => 0.222858
                [pretransfer_time] => 0.692888
                [size_upload] => 0
                [size_download] => 62
                [speed_download] => 64
                [speed_upload] => 0
                [download_content_length] => 62
                [upload_content_length] => 0
                [starttransfer_time] => 0.967517
                [redirect_time] => 0
                [request_header] => POST /oauth/request_token HTTP/1.1

User-Agent: tmhOAuth 0.7.2+SSL - //github.com/themattharris/tmhOAuth
Host: api.twitter.com
Accept: /
Accept-Encoding: deflate, gzip
Authorization: OAuth oauth_callback=“http%3A%2F%2F202.174.122.36%2Fplaynet%2Fmaster%2Fexamples%2Fauth.php”, oauth_consumer_key=“Cs7pxSfUBmrGMPjXWQe2Dg”, oauth_nonce=“37b0157f48a5b631dcb79bc6cb2da647”, oauth_signature=“b89Rav01zYNFS6mefY%2FdLpOgrWs%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1353888000”, oauth_version="1.0"
Content-Length: 0

            )

        [error] => 
        [errno] => 0
    )

[params] => Array
    (
    )

[headers] => Array
    (
        [Authorization] => OAuth oauth_callback="http%3A%2F%2F202.174.122.36%2Fplaynet%2Fmaster%2Fexamples%2Fauth.php", oauth_consumer_key="Cs7pxSfUBmrGMPjXWQe2Dg", oauth_nonce="37b0157f48a5b631dcb79bc6cb2da647", oauth_signature="b89Rav01zYNFS6mefY%2FdLpOgrWs%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1353888000", oauth_version="1.0"
    )

[auto_fixed_time] => 
[buffer] => 
[config] => Array
    (
        [user_agent] => tmhOAuth 0.7.2+SSL - //github.com/themattharris/tmhOAuth
        [timezone] => UTC
        [use_ssl] => 1
        [host] => api.twitter.com
        [consumer_key] => Cs7pxSfUBmrGMPjXWQe2Dg
        [consumer_secret] => b3WkfQK91QOzP07XJLP7sw3Dlbp7e0k6DoLVmrLaI
        [user_token] => 
        [user_secret] => 
        [force_nonce] => 
        [nonce] => 37b0157f48a5b631dcb79bc6cb2da647
        [force_timestamp] => 1
        [timestamp] => 1353888000
        [oauth_version] => 1.0
        [oauth_signature_method] => HMAC-SHA1
        [curl_connecttimeout] => 30
        [curl_timeout] => 10
        [curl_ssl_verifyhost] => 2
        [curl_ssl_verifypeer] => 1
        [curl_cainfo] => /var/www/html/playnet.jarloft.com/master/cacert.pem
        [curl_capath] => /var/www/html/playnet.jarloft.com/master
        [curl_followlocation] => 
        [curl_proxy] => 
        [curl_proxyuserpwd] => 
        [curl_encoding] => 
        [is_streaming] => 
        [streaming_eol] => 

        [streaming_metrics_interval] => 60
        [as_header] => 1
        [debug] => 
        [multipart] => 
    )

[method] => POST
[url] => https://api.twitter.com/oauth/request_token
[signing_params] => oauth_callback=http%3A%2F%2F202.174.122.36%2Fplaynet%2Fmaster%2Fexamples%2Fauth.php&oauth_consumer_key=Cs7pxSfUBmrGMPjXWQe2Dg&oauth_nonce=37b0157f48a5b631dcb79bc6cb2da647&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1353888000&oauth_version=1.0
[auth_params] => Array
    (
        [oauth_callback] => http%3A%2F%2F202.174.122.36%2Fplaynet%2Fmaster%2Fexamples%2Fauth.php
        [oauth_consumer_key] => Cs7pxSfUBmrGMPjXWQe2Dg
        [oauth_nonce] => 37b0157f48a5b631dcb79bc6cb2da647
        [oauth_signature] => b89Rav01zYNFS6mefY%2FdLpOgrWs%3D
        [oauth_signature_method] => HMAC-SHA1
        [oauth_timestamp] => 1353888000
        [oauth_version] => 1.0
    )

[request_params] => Array
    (
    )

[base_string] => POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252F202.174.122.36%252Fplaynet%252Fmaster%252Fexamples%252Fauth.php%26oauth_consumer_key%3DCs7pxSfUBmrGMPjXWQe2Dg%26oauth_nonce%3D37b0157f48a5b631dcb79bc6cb2da647%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1353888000%26oauth_version%3D1.0
[signing_key] => XXXXXX&
[auth_header] => OAuth oauth_callback="http%3A%2F%2F202.174.122.36%2Fplaynet%2Fmaster%2Fexamples%2Fauth.php", oauth_consumer_key="Cs7pxSfUBmrGMPjXWQe2Dg", oauth_nonce="37b0157f48a5b631dcb79bc6cb2da647", oauth_signature="b89Rav01zYNFS6mefY%2FdLpOgrWs%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1353888000", oauth_version="1.0"

)


#6

Had the same exact problem, was able to get my url at ‘users/show’ working with the Abraham TwitterOAuth library by adding the following lines of code after the TwitterOAuth object instatiation:

$connection->host = "https://api.twitter.com/1.1/"; $connection->ssl_verifypeer = TRUE; $connection->content_type = 'application/x-www-form-urlencoded';

The first 2 lines are documented in the library readme, but the 3rd one is not.
More code snips here ->http://stackoverflow.com/a/17250736/1242298

Hope this helps someone!


#7

so where we have to made changes for that ?