Reverse auth credentials are invalid :3-legged authorization

oauth

#1

I am trying to implement basic read functions supported by Twitter API.
Here is the flow which I am following in my implementation to get access token:

  1. POST https://api.twitter.com/oauth/request_token
    Parameters sent : Consumer Key (API Key), Consumer Secret (API Secret), Redirect URL
    Parameters received : oauth_token, oauth_token_secret,auth_callback_confirmed

  2. Redirect https://api.twitter.com/oauth/authorize?oauth_token=
    Parameters sent : oauth_token
    Parameters received : oauth_verifier,oauth_token

  3. POST https://api.twitter.com/oauth/access_token?oauth_verifier=
    Parameters sent : oauth_verifier
    Error: Reverse auth credentials are invalid, Auth Required

For the third call, I am supposed to be receiving a token which will be long-lived but it is not getting successful.
And which ever post I have referred, the link provided in the post is broken.
I have already submitted my application for developer account, it is under review.

Is there something else I am missing here?


Reverse auth credentials are invalid
Invalid oauth_verifier
#2

Reverse auth is not supported, so I’m surprised you’re seeing this error. Are you definitely using the POST method in all of these cases?


#4

@andypiper yes I am using POST method in all three calls.


#6

I have the same issue as bhawnaj94 has. I used all three steps with POST method. I even tried with Postman and having the same result but mine just says ‘Reverse auth credentials are invalid’.

EDIT: I was able to pass all post and get requests working as well as getting user information with email done in Postman (link).

I read an article that your Authentication header required alphabetical order. Whether believe it or not, simply test your https://api.twitter.com/oauth/request_token request (as well as others) with basic authentication feature from Postman. It will add signature, nonce, and a few other fields filled automatically. Use its automatically generated Authentication header for your code.


#7

Hey guys, I’m finishing my twitter login and I’m getting the same “Reverse auth credentials are invalid”.

Have you found anything yet, @bhawnaj94 ??

EDIT: I haven’t had any luck replicating @exploit021 solution. I didn’t use Postman. Instead, I’ve developed an AkkaHttp Server for my angular web page. Everything works perfectly just until I POST to oauth/access_token from my server to Twitter, who always respond “Reverse auth credentials are invalid”, no matter what changes I make to my Authorization headers, signature, nonce, etc.

Please, do someone have any idea of what might be happening here? Anything is helpful to me.

Thanks


#8

Thank you guys for not answering and letting me get it all by myself.

I had a typo in my code which was messing up my Authorization credentials. I fixed that and now it works !


#9

Glad you figured it out!


#10

Glad you figured out. Would you like to share your solution with us?
I don’t think anyone would ignore answering a question, just none figured out.


#11

I wrote another post sharing my solution. If you need any extra information, send me a Twitter DM and I’ll be glad to help you out with anything I can.


#12