Reverse auth credentials are invalid :3-legged authorization



I am trying to implement basic read functions supported by Twitter API.
Here is the flow which I am following in my implementation to get access token:

  1. POST
    Parameters sent : Consumer Key (API Key), Consumer Secret (API Secret), Redirect URL
    Parameters received : oauth_token, oauth_token_secret,auth_callback_confirmed

  2. Redirect
    Parameters sent : oauth_token
    Parameters received : oauth_verifier,oauth_token

  3. POST
    Parameters sent : oauth_verifier
    Error: Reverse auth credentials are invalid, Auth Required

For the third call, I am supposed to be receiving a token which will be long-lived but it is not getting successful.
And which ever post I have referred, the link provided in the post is broken.
I have already submitted my application for developer account, it is under review.

Is there something else I am missing here?

Reverse auth credentials are invalid
Invalid oauth_verifier

Reverse auth is not supported, so I’m surprised you’re seeing this error. Are you definitely using the POST method in all of these cases?


@andypiper yes I am using POST method in all three calls.


I have the same issue as bhawnaj94 has. I used all three steps with POST method. I even tried with Postman and having the same result but mine just says ‘Reverse auth credentials are invalid’.

EDIT: I was able to pass all post and get requests working as well as getting user information with email done in Postman (link).

I read an article that your Authentication header required alphabetical order. Whether believe it or not, simply test your request (as well as others) with basic authentication feature from Postman. It will add signature, nonce, and a few other fields filled automatically. Use its automatically generated Authentication header for your code.


Hey guys, I’m finishing my twitter login and I’m getting the same “Reverse auth credentials are invalid”.

Have you found anything yet, @bhawnaj94 ??

EDIT: I haven’t had any luck replicating @exploit021 solution. I didn’t use Postman. Instead, I’ve developed an AkkaHttp Server for my angular web page. Everything works perfectly just until I POST to oauth/access_token from my server to Twitter, who always respond “Reverse auth credentials are invalid”, no matter what changes I make to my Authorization headers, signature, nonce, etc.

Please, do someone have any idea of what might be happening here? Anything is helpful to me.



Thank you guys for not answering and letting me get it all by myself.

I had a typo in my code which was messing up my Authorization credentials. I fixed that and now it works !


Glad you figured it out!


Glad you figured out. Would you like to share your solution with us?
I don’t think anyone would ignore answering a question, just none figured out.


I wrote another post sharing my solution. If you need any extra information, send me a Twitter DM and I’ll be glad to help you out with anything I can.