Reverse auth credentials are invalid

oauth

#1

I am trying to implement basic read functions supported by Twitter API.
Here is the flow which I am following in my implementation to get access token:

  1. POST https://api.twitter.com/oauth/request_token
    Parameters sent : Consumer Key (API Key), Consumer Secret (API Secret), Redirect URL
    Parameters received : oauth_token, oauth_token_secret,auth_callback_confirmed
  2. Redirect https://api.twitter.com/oauth/authorize?oauth_token=
    Parameters sent : oauth_token
    Parameters received : oauth_verifier,oauth_token
  3. POST https://api.twitter.com/oauth/access_token?oauth_verifier=
    Parameters sent : oauth_verifier
    Error: Reverse auth credentials are invalid, Auth Required

For the third call, I am supposed to be receiving a token which will be long-lived but it is not getting successful.
And which ever post I have referred, the link provided in the post is broken.
I have already submitted my application for developer account, it is under review.

Is there something else I am missing here?

I’ve seen this post closed with a supposed solution and it has been closed without publishing a solution. On the other hands, I haven’t had a misspelling on my keys. I don’t understand why a Twitter staff has commented that “Reverse auth is not supported” and after another guy has published that he has encountered a “solution” the same Twitter staff has commented that he is “Glad he has figured it out!”.

@andypiper is the Twitter staff that I’m referencing on.


#3

It’s weird, because even though reverse auth is not supported anymore, for some reason I was the one that got that error message when badly authenticating in POST /oauth/access_token. I can’t tell you why does that happen, I simply don’t know, but my problem was simple: I had a typo in my code.

So if your situation is anything similar to mine, you should need to take a better look at your code. Remember you need to send the authentication header which is a little bit different from the authentication header you sent in POST /oauth/request_token. Now your tokens will be different and your signature will change (because of a new signing key).

Hope this helps!


#4

Well, I don’t know why Twitter is giving me that response, it’s just giving me that message. I don’t know whether this “Reverse Auth” is supported or not, I’m just following the Twitter API documentation which one is very poor and really complicated to make something very simple by the way.

Those are the link of my resource to implement this integration, but in step three it cracks:


#5

Can you share some of your code? I’d like to see how you are authorizing both requests (Request_Token and Access_Token).


#6

Sorry, the process is such as the documentation says. We have part of the code in React.js (frontend), Symfony (backend) and it’s going to be difficult to extract code to show you.


#7

I understand, but then it’s very little what I can do to help.

I’ll leave you with the Scala code I’ve written and shared in A Scala Akka-Http Server for Twitter Sign In Flow

Other than that, I don’t know how to help you.

Best of luck!


#8

Same here…getting something done out from twitter documentation is such a task.

Well…I got assigned to different work hence couldn’t carry forward this and need to do the whole process again.Did you find any solution for this?