Having trouble doing application authentication, response code 32



I am attempting to do application authentication per the instructions at https://dev.twitter.com/docs/auth/application-only-auth

While I believe I am constructing the POST per the instructions, it does not work. The following log shows the precise request I send, and response I get back. Note that I have redacted the contents of my Authorization header.

Am I missing some other required header? I believe I am correctly constructing the token, when I used the codes provided in the example I get the exact string shown in the example.

Any help you could offer would be most appreciated!

D: [04/01/13 15:35:29][grifter] - ----------------------------------------
D: [04/01/13 15:35:29][grifter] - Net::HTTP::Post /oauth2/token
D: [04/01/13 15:35:29][grifter] - HEADERS: {"accept"=>["application/json"], "content-type"=>["application/x-www-form-urlencoded"], "authorization"=>["Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"], "user-agent"=>["Ruby"]}
D: [04/01/13 15:35:29][grifter] - BODY:
D: [04/01/13 15:35:30][grifter] - RESPONSE CODE: 401
D: [04/01/13 15:35:30][grifter] - RESPONSE HEADERS: {"cache-control"=>["no-cache, max-age=300"], "content-length"=>["63"], "content-type"=>["application/json; charset=utf-8"], "date"=>["Mon, 01 Apr 2013 19:35:30 GMT"], "expires"=>["Mon, 01 Apr 2013 19:40:30 GMT"], "server"=>["tfe"], "set-cookie"=>["k=; path=/; expires=Mon, 08-Apr-13 19:35:30 GMT; domain=.twitter.com", "_twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCDrlGMc9AToHaWQiJWZh%250ANDczZWQ5ZWQwNmZlNmEyYjg3MjljZTI2NGEyYzQx--694468f2dcf84f392b732ac49d1e47eef47c1863; domain=.twitter.com; path=/; HttpOnly", "guest_id=v1%3A136484493020549892; Domain=.twitter.com; Path=/; Expires=Wed, 01-Apr-2015 19:35:30 UTC"], "status"=>["401 Unauthorized"], "strict-transport-security"=>["max-age=631138519"], "vary"=>["Accept-Encoding"], "www-authenticate"=>["OAuth realm=\"https://api.twitter.com\""], "x-frame-options"=>["SAMEORIGIN"], "x-runtime"=>["0.02313"], "x-transaction"=>["26f0314e5b465ee3"], "connection"=>["close"]}
D: [04/01/13 15:35:30][grifter] - RESPONSE BODY:
  "errors": [
      "code": 32,
      "message": "Could not authenticate you"


Can you verify whether you’re using HTTPS or not?

Are you able to perform the same steps using the same keys and curl?


Good suggestion on the curl. I did get a curl request working pretty quickly, and I was able to use the curl log to analyze the differences.

The problem was my accept header. Once I started sending this header, it started working!

accept: /

This seems like a bug, since when I send application/json it does not work, but the response is in json, so why should it not work when I send accept: application/json ?

At any rate, I am happy, and thanks for the tip that helped me along!

EDIT: This forum is filtering out the asterisk character… so for clarity I am sending:
asterisk/asterisk for the header.


Great find. I’ll file a bug with the team.


Ho to delete applicatons ?