Google Scripts App-Only Authentication Error 99 (Unable to verify credentials)


#1

I’m a programming noob, so forgive me. I searched through several pages of Google on this but couldn’t find a solution.

I’m trying to implement app-only auth in a Google Apps Script for a spreadsheet.
The error message is as follows:

This is the code, following the instructions and form described by the Twitter and Google API resources
https://dev.twitter.com/oauth/application-only
https://developers.google.com/apps-script/reference/url-fetch/url-fetch-app

function getNew() {  
  var consumerKey = '...';
  var consumerSec = '...';
  
  var keyEncode = Utilities.base64Encode(consumerKey + ':' + consumerSec);
  
  var headers = {
    'Authorization' : ('Basic ' + keyEncode),
    'Content-Type' : 'application/x-www-form-urlencoded;charset=UTF-8'
  };
  
  var options = { 
    'method' : 'POST',
    'headers' : headers,
    'payload' : 'grant_type=client_credentials'
  };
  
  var response = UrlFetchApp.fetch('https://api.twitter.com/oauth2/token', options);
}

I verified the consumer key and secret are correct several times. I also tried moving the “content-type” parameter from the “headers” to the “options” section (with the hyphen removed), as shown in the Google examples. Doesn’t work either way.

Is there some option I need to change in the App management settings? I have the callback URL set to https://script.google.com/ and callback locking is enabled (though I tried it both ways). Don’t think it’s related, but I don’t know what I’m doing (like I said, I’m a noob).

Would appreciate if anyone can point out what I’m doing wrong :slight_smile: Thanks


#2

That all looks correct. I would try outputting the keyEncode to a log and compare that to a token encoded with a different base64 method. Also make sure that there are no invisible characters when you copy/paste the consumer key/secret.