oAuth request_token returns 401 error


#1

(The platform I am coding for does not have any oAuth libraries available so I am writing my own code to interface with Twitter)

I am having an issue with the oauth/request_token endpoint always returning HTTP 401 - Unauthorised.

If I use the access token provided on my application’s page, I can post status updates etc. successfully.

I am performing a POST to http://api.twitter.com/oauth/request_token

There are no parameters being passed in the POST body

An example authorisation header is as follows :-

Authorization: OAuth oauth_callback=“http%253A%252F%252Fwww.kfa.co.uk”, oauth_consumer_key=“TJnY0B0OGa6GgfkDidIc2A”, oauth_nonce=“24E7F80126CB1954ADDD0004AC12062E”, oauth_signature=“eICO6ODHH7Ba8RpQiq5pRZhKhT0%3D”, oauth_signature_method=“HMAC–SHA1”, oauth_timestamp=“1320685370”, oauth_version=“1.0”

Other information from the request is as follows :-

POST /oauth/request_token HTTP/1.1
Host: api.twitter.com
User-Agent: KFA-Twitter
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Authorization: OAuth oauth_callback=“http%253A%252F%252Fwww.kfa.co.uk”, oauth_consumer_key=“TJnY0B0OGa6GgfkDidIc2A”, oauth_nonce=“24E7F80126CB1954ADDD0004AC12062E”, oauth_signature=“eICO6ODHH7Ba8RpQiq5pRZhKhT0%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1320685370”, oauth_version=“1.0”

I have used an online test utility to validate my signature generation and that appears to be correct. I am at a loss to work out what the problem is with my request…

Thanks for any help.
Stu


#2

It looks like your oauth_callback in your OAuth Authorization header has been double escaped when it needn’t be. [node: 2867] should be able to help you with this part.


#3

I will remove that and try again… it was actually the testing tool I was using (http://quonos.nl/oauthTester/) that told me my URL-encoding was bad until I double-escaped it.


#4

Interesting… that may mean the testing tool (http://quonos.nl/oauthTester/) that I used has led me up the garden path a little as it rejected the oauth_callback unless it had been double escaped. I will amend and retry…


#5

Sadly that hasn’t fixed the issue…

POST /oauth/request_token HTTP/1.1
Host: api.twitter.com
User-Agent: KFA-Twitter
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Authorization: OAuth oauth_callback=“http%3A%2F%2Fwww.kfa.co.uk”, oauth_consumer_key=“TJnY0B0OGa6GgfkDidIc2A”, oauth_nonce=“16A3A80137F91954ADDD0004AC12062E”, oauth_signature=“56bttpbC9VOuz8ZL46zTm27zd40%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1320759155”, oauth_version=“1.0”

Still results in a 401…


#6

I’ve also tried passing “oob” as the oauth_callback… no difference

Authorization: OAuth oauth_callback=“oob”, oauth_consumer_key=“TJnY0B0OGa6GgfkDidIc2A”, oauth_nonce=“66F14801387F1954ADDD0004AC12062E”, oauth_signature=“EgR5qbL%2BwoLeJE%2F7F8CpnjXJQfE%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1320761409”, oauth_version=“1.0”


#7

Ack! I screwed up my signature code with a typo when I reversed the change above… It’s now working!


#8

Hello… Have you solved?