request_token 401


#1

Hi, I am trying to implement oauth for my android application. I have the following http header but I get 401 when I try to perform this call: https://api.twitter.com/oauth/request_token… I got the error Failed to validate oauth signature and token. I tried to make the same call with OAuthTool and I get the same error, is that a normal thing? In order to get the oauth_signature, I am using as key AUTH_CONSUMER_SECRET + “&” since I have not yet auth_token_secret… What am I doing wrong? Any clues? I am on Android.

Thanks in Advance
Emanuele

EDIT:

Signature base:

POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3D6gGR8PjjI7oprW01Mtn8Wg%26
oauth_nonce%3Dd2ed77f9b2b31421ad3edc10e5b478ac%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1380835443%26oauth_token%3D104113706-i9Q3ATuxKxhel7sSlv1ZW98SsRKyIIHg2fDBN6Vx%26oauth_version%3D1.0

Authorization header

OAuth oauth_nonce=“d2ed77f9b2b31421ad3edc10e5b478ac”, oauth_callback=“https%3A%2F%2Fsites.google.com%2Fsite%2Fblackbeltest”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1380835443”, oauth_consumer_key=“6gGR8PjjI7oprW01Mtn8Wg”, oauth_signature=“x8RLADii3hjfC_jwBOpNBs_bmvA%3D”, oauth_version=“1.0”


#2

Hi–

Check out [node:686] and [node:11004]. It might be a timestamp issue.

I hope that helps!


#3

Hi, I am using as timestamp the one returned by the HEAD call at https://api.twitter.com/1/help/test.json. I retrieve it from the Header of the request and send back with the request_token request, you can see it in the Authorization header.

I get the following errors:

10-06 20:22:16.903: W/DefaultRequestDirector(10924): Authentication error: Unable to respond to any of these challenges: {}
10-06 20:22:16.923: E/(10924): 401 Unauthorized Failed to validate oauth signature and token

I thing that I noticed is that signature string is like the ok, I checked it using the OAuth Tool from the developer page, but the signature is different. I tried to generate the signature from the linux console, this way

emanuele@Nabucodonosor ~ $ printf ‘%s’ “POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3D6gGR8PjjI7oprW01Mtn8Wg%26oauth_nonce%3Dcfb5fc259e3500d388bbc70caf3e6b8e%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1381078185%26oauth_token%3D104113706-i9Q3ATuxKxhel7sSlv1ZW98SsRKyIIHg2fDBN6Vx%26oauth_version%3D1.0” | openssl dgst -sha1 -hmac “XXXXX&” -binary | openssl base64

and it returns the same signature of my application. Is that normal?

Thanks for the help


#4

How else is the request formulated? Are you sending a POST body or anything in the query string? On this step, you should also be explicitly setting an oauth_callback, even if it’s possible to have one set for you by default.

If your signature appears correct and your timestamp appears correct the next place I’d look for what could be wrong is other aspects of the request. In your first example at the top of this post it looks like you have a callback specified in the auth header but not in the signature base string.


#5

I put nothing in the body of the request neither on the query. I set only the Authorization field of the Http Put request. Did I misunderstood the documentaion?

Thanks
emanuele