Recommended way to test consumer key/secret in Ruby?


I’m running into that dreaded invalid_response / 401: Could not authenticate you error again when using Twitter signins again via OmniAuth in a Rails 3.1 app and would like to get some confirmation about how to make sure you’re using a valid consumer key and secret in the first place, before I dig into the Rails apps ide of things further. Specifically, there’s a small Ruby script listed here, and I’m not sure if it’s sufficient for the task:

I understand some of the common problems with Twitter authentication in general and OmniAuth in particular, and think I’ve ruled those out. I’m not confusing the key with the secret when I apply them to my code, I’ve been copy & pasting them to avoid typos, I have an appropriate callback defined in my app settings on the Twitter dev dashboard, and my Rails routes are all set up the same way as in another app, where I successfully performed Twitter authentication before (using Ryan Bate’s Simple OmniAuth Railscast episode I’ve also repeatedly reset my keys and set up a different Twitter app, just in case something was wrong with the initial set.

Still, I continue to get an invalid_response call to my /auth/failure OmniAuth action after I authorize the app for my current user at Similar code worked fine in another app, so I just assumed there was a small discrepancy that I hadn’t uncovered yet. Then I stumbled across the Ruby script in the StackOverflow question above, and not only did it claim that my current credentials for the new app were incorrect, but also the credentials for the working, first app I wrote (which still works). Even those produced the invalid_response error.

So for now, my question is whether the above Ruby app that simply configures the Twitter object and then attempts to post an update should still work. particularly, because I see the app isn’t setting any access token or secret. That looks weird to me.


Here’s my exact code I’m testing with. Since these are test credentials that I’m not using in a live app, I’ll leave them active for a few days:

require "rubygems" require "twitter"

Get a user’s most recent status update

puts Twitter.user_timeline(“joostschuur”).first.text

Twitter.configure do |config|
config.consumer_key = 'yPJjDaQcIUOCKrYGb0JWFg’
config.consumer_secret = 'dvPLN1OxHYB9kqU11tl53gwqzA4ny9ZrgbSqxtQS8E’

Update your status

Twitter.update(“Testing something!”)
rescue Exception => e
puts "Error: #{e.message}"

It’s worth pointing out that this particular app during this test does have a callback defined as well. I’m not sure if this is relevant when I’m using credentials in this way, and not outside the scope of my Rails app.


Looks like the twitter gem needs to be configured with an oauth_token and oauth_token_secret:

Changing the config to my own values and adding

config.oauth_token = "MY_OAUTH_TOKEN"
config.oauth_token_secret = “MY_OAUTH_TOKEN_SECRET”

posted the update correctly, so you should be able to verify your credentials by adding these lines (you can get these values for your own account from the application dashboard).


Thanks for clarifying that those were still required, Arne. I guess the StackOverflow answer was just flat out insufficient, and nobody ever called the poster on it. I assumed that because the account I was trying to access was the creator of the app with the credentials I was passing in, that some magic under the hood should forgive it for lacking token and secrets.

I was able to confirm that the credentials were definitely valid, and I also discovered my actual app. It was a dumb mistake of me not having copied over some model code from my last implementation. Problem solved now.

Finally, some advice if anyone stumbles across this in the future. When the dev dashboard says changes won’t take affect immediately, sometimes it can take 5-10 minutes or longer. Also, if you’re working with Rails, remember that any initializers where you might store your consumer credentials do not get reloaded upon each page request, even in development mode. You need to force a full restart of the server if you’re swapping out credentials stored there, or at least to something like touch tmp/restart.txt depending on your stack (use pow BTW:


heres an example app using sign_in_with_twitter and omniauth:


I’ve seen that one, Mike, but the Railscast one ( is just a little bit better, since it uses a full blown user model too.


how to get counsumer key and secret without register blackberry application on twitter


You need to register an application on to obtain an API key.


Hi @episod,

Where we can add consumer keys and secret(from twitter) in rails project.