Oauth/XAuth request get 401 Unauthorized. reproduce in twitter OAuth tool


#1

Hi,

I got an app has been working fine more than 18 months with Oauth/XAuth.

It broke recently and all the signed request returns 401 Unauthorized.

I try to use twitter OAuth tool found on dev.twitter.com to make a request to https://api.twitter.com/oauth/request_token.

I run the curl command provided by twitter OAuth tool and it returns “401 Unauthorized” and “Failed to validate oauth signature and token” message.

I got the below curl command:
curl --get ‘https://api.twitter.com/oauth/request_token’ --header ‘Authorization: OAuth oauth_consumer_key=“I212ouOxqqHvmE803gG9LQ”, oauth_nonce=“3afe8a64cc91d5ca409e3b127d2b703b”, oauth_signature=“A6f2Rq%2F5X6MZaqxh7obpo%2FP7La0%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1335263849”, oauth_token=“561901232-CBZywiSG2zVo7btPLVx9wzrRlgFxqsRkLguJAauP”, oauth_version=“1.0”’ --verbose

Please see below resutls. Could anyone help me?

GET /oauth/request_token HTTP/1.1
User-Agent: curl/7.21.2 (x86_64-unknown-linux-gnu) libcurl/7.21.2 OpenSSL/1.0.0c zlib/1.2.5 libidn/1.15 libssh2/1.2.7
Host: api.twitter.com
Accept: /
Authorization: OAuth oauth_consumer_key=“I212ouOxqqHvmE803gG9LQ”, oauth_nonce=“3afe8a64cc91d5ca409e3b127d2b703b”, oauth_signature=“A6f2Rq%2F5X6MZaqxh7obpo%2FP7La0%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1335263849”, oauth_token=“561901232-CBZywiSG2zVo7btPLVx9wzrRlgFxqsRkLguJAauP”, oauth_version=“1.0”

< HTTP/1.1 401 Unauthorized
< Date: Tue, 24 Apr 2012 10:37:59 GMT
< Status: 401 Unauthorized
< Last-Modified: Tue, 24 Apr 2012 10:37:59 GMT
< Content-Type: text/html; charset=utf-8
< X-Transaction: 2bf72a0f0df5ed1c
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< X-Frame-Options: SAMEORIGIN
< Content-Length: 44
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< X-Runtime: 0.01251
< Pragma: no-cache
< X-MID: 023d4ffcccdddc25bf9b9eda26c2721ffea062ac
< Set-Cookie: k=10.35.19.120.1335263879573821; path=/; expires=Tue, 01-May-12 10:37:59 GMT; domain=.twitter.com
< Set-Cookie: guest_id=v1%3A13352638795815518; domain=.twitter.com; path=/; expires=Thu, 24-Apr-2014 22:37:59 GMT
< Set-Cookie: _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJ7h7eM2AToHaWQiJTVh%250AMmIxMjNmMTc4N2U4ZmJhYzAxNWU5NGJmNTM3ODhi–83d75b45328131c2df95fae5766d5cd619137180; domain=.twitter.com; path=/; HttpOnly
< Vary: Accept-Encoding
< Server: tfe
<

  • Connection #0 to host api.twitter.com left intact
  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1):
    Failed to validate oauth signature and token

#2

Have you checked everything in [node:204]? The curl command you’re trying to execute is failing because you’re including an access token in the request to oauth/request_token which doesn’t accept an oauth_token parameter.


#3

Thank you. I solved it.