OAuth error - Failed to validate oauth signature and token


Hello *

Having authentification issues [statusnet v0.9.9]
No changes to the configuration made. Previously working fine.

Here’s a syslog excerpt:
Dec 5 07:03:15 h1480655 statusnet: [satyrikon.net:9916.18ef08ee GET /index.php/twitter/authorization?signin=1] HTTPClient: HTTP GET https://api.twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fsatyrikon.net%2Findex.php%2Ftwitter%2Fauthorization&oauth_consumer_key=Q5b0l9YmZB54WwBzp6XLQ&oauth_nonce=d47dd6a62f0e69c037c73cf99d46823f&oauth_signature=9jwCmebQFXo%2FuqHkdkBX7QEbXHo%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1354687394&oauth_version=1.0 - 417 Expectation Failed

Dec 5 07:03:15 h1480655 statusnet: [satyrikon.net:9916.18ef08ee GET /index.php/twitter/authorization?signin=1] Twitter bridge - OAuth client error - code: 417, msg:
Dec 5 07:03:15 h1480655 statusnet: [satyrikon.net:9916.18ef08ee GET /index.php/twitter/authorization?signin=1] action.php - Server error ‘500’ on ‘twitterauthorization’: Couldn’t link your Twitter account.
Server error ‘500’ on ‘twitterauthorization’: Couldn’t link your Twitter account.

Any help appreciated.

Thanks a lot.


Make sure that you’re performing proper HTTP 1.1 – we’ve gotten stricter on that requirement. Make sure you’re sending a Host HTTP header, and if performing a POST that you’re including Content-Length and Content-Type headers.


c/o proper html 1.1
–> “Status: HTTP/1.1 200 OK”
–> source: web-sniffer.net

c/o HTTP Response Header
Name Value Delim
Date: Wed, 05 Dec 2012 16:53:18 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.17
Set-Cookie: PHPSESSID=c6bisnll9rhmtsjp6dkv7q6ou4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,Cookie
Content-Encoding: gzip
Content-Length: 6802
Connection: close
Content-Type: text/html; charset=utf-8

c/o POST
–> is sent (seeabove)

Apart from the expiry date nothing suspicious detected.
Did I overlook anything?


Subscribed + commented on a similar thread on the statusnet forum. -


look here for details: