Invalid oauth_verifier



I am currently trying to implement the 3-legged authorization with the twitter api.
The problem is that I am trying to resolve my request token to an access token (Step 3) and it returns the error “Error processing your OAuth request: Invalid oauth_verifier parameter”. Did I understand correctly that the api consumer key and secret stays the same as in the token request while the access token and access token secret changes to the earlier acquired tokens (in Step 1) and that you have to add an additional header parameter called oauth_verifier which matches the one transmitted by the callback url?

I also noticed that the oauth_verifier that I receive by the callback url is a bit shorter than the example in the twitter api documentation.

I am very grateful for every bit of help :slight_smile:


The oauth_token received in step 1 remains the same throughout the 3-legged process, the oauth_consumer_key & oauth_consumer_key_secret also remains the same (related to your Twitter app).

The oauth_verifier from step 2 will probably look something like this: bprCeUUtbl0cTuoPXWOPt6XQeAs8AJBO, unless you are using PIN-based OAuth, then it will be something like this: 8365912

On Step 3, you the oauth_token and oauth_verifier are both required.


If I got you correctly this could be a possible request, correct?

curl -X POST \ \
  -H 'Authorization: OAuth oauth_consumer_key="consumer key of my app",oauth_token="token received in step one",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1546895811",oauth_nonce="ExhAaxJllQr",oauth_version="1.0",oauth_signature="signature"' \
  -H 'oauth_verifier: verifier which was received by my callback url'


Hey there,

I am also working on the same process. I am stuck for a long time with the problem that I receive the error

“Reverse auth credentials are invalid”

when I want to request an oauth_token and an oauth_token_secret for the user (Third step in the mentioned 3-legged tutorial above).

I found that other developers also have the problem e.g.:

and also that one user was able to implement the flow in Scala.

So I attempted to work with existing tutorials for Python with regards to the Oauth workflow

and also by following the implementation in Scala (see above). However, I am still stuck with the same error message. Could someone have a look over my code and maybe tell me, where my approach was wrong? I preprared a Jupyter notebook.

EDIT: Nevermind, I found a way to implement the signin in Python.