request_token fails with 401 (Unauthorized) for one particular callback url only


#1

I have a strange issue. When trying to request a token, for one particular callback url, the request is failing with a 401 unauthorized repsonse.

The url I am trying to callback to is:

http://in2touchsa.spawtz.com/SpawtzApp/ConfigSettings/TwitterCallback.aspx?AssociationLevelId=4&AssociatedItemId=47

The url I am posting the request to is:

https://api.twitter.com/oauth/request_token

When I make the call on a dev machine with the callback url as http://localhost/SpawtzApp/ConfigSettings/TwitterCallback.aspx?AssociationLevelId=4&AssociatedItemId=47, it works fine. When I make the call on the live machine with the callbackurl as http://urban5occer.spawtz.com//SpawtzApp/ConfigSettings/TwitterCallback.aspx?AssociationLevelId=4&AssociatedItemId=47, it works fine. In the app settings for the application, the callback url is set as http://www.spawtz.com. The time on the server is correct, and it works fine for other sites. It’s only that url with the “in2touch” in it that fails - what can I be missing here?

Thanks for your help.

Kind regards,

Matt


#2

When you’re encoding the oauth_callback value for the oauth/request_token step, what does it look like?


#3

Oops, sorry for the delay - I wasn’t subscribed to the thread for some reason. Am now. Anyway, the “Authorization” header looks like this when it is encoded:

OAuth realm=“Twitter API”,oauth_callback=“http%3A%2F%2Fin2touchsa.spawtz.com%2FSpawtzApp%2FConfigSettings%2FTwitterCallback.aspx%3FAssociationLevelId%3D4%26AssociatedItemId%3D47”,oauth_consumer_key="{key}",oauth_nonce="{nonce}",oauth_signature_method=“HMAC-SHA1”,oauth_timestamp=“1380041280”,oauth_version=“1.0”,oauth_signature="{Signature}"

I’ve remove the consumer key, nonce and signature values as I’m not 100% sure how sensitive those items are. If you need to see those as well, I can post them accordingly.

It looks like it’s encoded correctly to me? And interestingly, if I remove the “2” from the url (ie, so I make it http://intouchsa.spawtz.com/SpawtzApp/ConfigSettings/TwitterCallback.aspx?AssociationLevelId=4&AssociatedItemId=47) then it works fine! (Though of course, it won’t, because the callback will not go to the right place…)


#4

Hi there. Can anyone shed any light on this issue? It still persists… And what’s even MORE interesting is that if the callback url is this:

http://in2touch.spawtz.com/SpawtzApp/ConfigSettings/TwitterCallback.aspx?AssociationLevelId=4&AssociatedItemId=47

(IE, the same as above, but without the “SA” on the end of the first bit of the subdomain) it works fine! It really seems like some sort of decoding issue at the twitter end? Can someone please help with this issue? Thanks very much in advance.

Kind regards,

Matthew