Reverse authentication doesn't work on some ios devices


#1

Hi there,

I’m using the TWSignedRequest class from https://github.com/seancook/TWReverseAuthExample. In general everything works ok, but on one device I get an error 89 (Error processing your OAuth request:invalid signature or token). I’ve got logs from this device and my device, but I cannot see any difference. I’ve found some solutions with incorrect time or not set Callback URL but it doesn’t help for me. I’ve used remote logs to see what exactly happend on this device (Sorry for messy format).

{
   Step1 =   {
      Data = "\OAuth 
      oauth_consumer_key=\"wJdqmlenGvIdyq9xYWu5lA\",
      oauth_version=\"1.0\",
      oauth_nonce=\"TnUox2zm9Zc2IjBvjgP7BymWlBhbBwS8B39rBVouw\",
      oauth_signature=\"CZ4mPOe0bEYdQ7yhpLPN7zyKuZg%3D\",
      oauth_timestamp=\"1401295315\",
      oauth_signature_method=\"HMAC-SHA1\",
      oauth_token=\"izgNmDJDJU2KK0ZdRAEeotmOwMnD7r3azzUru9Mdw\"\”;
      Request = \"      {
            Description = \"<NSMutableURLRequest:0         x170011670>         
            {
                URL:            https://api.twitter.com/oauth/request_token
            }\”;
            Headers = \"         
            {
                 Authorization = \"OAuth oauth_signature=\"h0mo%2BSq3SKMa50EIbDuKLaB%2BF3c%3D\",
                 oauth_signature_method=\"HMAC-SHA1\",
                 oauth_nonce=\"0FD09DF8-E8B3-449E-AF2C-34B13AA8985D\",
                 oauth_version=\"1.0\",
                 oauth_timestamp=\"1401295316\",
                 oauth_consumer_key=\"wJdqmlenGvIdyq9xYWu5lA\"\\\\\\\";\\\\n
              }
      }\”;
      ResponseUrl = \"<NSHTTPURLResponse:0      x1782301a0>      
      {
           URL:         https://api.twitter.com/oauth/request_token
      }      {
         status code:200,
         headers         {
            \"Cache-Control\" = \"no-cache,
            no-store,
            must-revalidate,
            pre-check=0,
            post-check=0\";
            \"Content-Encoding\" = gzip;
            \"Content-Length\\\" = 251;\
            \"Content-Type\" = \"text/html; charset=utf-8\";
            Date = \"Wed,
            28            May 2014 16:41:55            GMT\";
            Etag = \"\"602d146959e11d7cf5b5e4216782b78c\"\";
            Expires = \"Tue,
            31            Mar 1981 05:00:00            GMT\";
            \"Last-Modified\" = \"Wed,
            28            May 2014 16:41:55            GMT\";
            Pragma = \"no-cache\";
            Server = tfe;
            \"Set-Cookie\" = \"_twitter_sess=BAh7BzoPY3JlYXRlZF9hdGwrCCDVtENGAToHaWQiJWFiY2I3MTY2NzE2N2Yy%250AMGJkZmRjNTcxNDhiZDNjM2Ji--c2ed6832aee5662fb87c892e6d30d26e899748d8; domain=.twitter.com; path=/; secure; HttpOnly\"
            Status = \"200 OK\";
            \"Strict-Transport-Security\" = \"max-age=631138519\";
            Vary = \"Accept-Encoding\";
            \"x-content-type-options\" = nosniff;
            \"x-frame-options\" = SAMEORIGIN;
            \"x-mid\" = d5078b8cb2abc14ff57cfb280191b61412ccd528;
            \"x-runtime\" = \"0.01840\";
            \"x-transaction\" = b74f7e2baacb0834;
            \"x-ua-compatible\" = \"IE=edge,
            chrome=1\";
            \"x-xss-protection\" = \"1; mode=block\";
         }
      }
   };
    Step2 =   {
      Data = \"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>\n  <error code=\"89\">Error processing your OAuth request:invalid signature or token</error>\\n</errors>\n\";\n        Error = \"The operation couldn\\U2019t be completed. (NSURLErrorDomain error -1012.)\";       
      Request = \"      {
         Description = \"<NSMutableURLRequest:0         x170010510>         
         {
            URL:            https://api.twitter.com/oauth/access_token
         }         \";
      Headers = \"         {
         }         \";
      URL:         https://api.twitter.com/oauth/access_token
      }      {
         status code:401,
         headers         {
            \"Cache-Control\" = \"no-cache,
            no-store,
            must-revalidate,
            pre-check=0,
            post-check=0\";
         \"Content-Encoding\" = gzip;    
         \"Content-Length\" = 143;
         \"Content-Type\" = \"application/xml; charset=utf-8\";
         Date = \"Wed,
            28            May 2014 16:41:56            GMT\";
         Expires = \"Tue,
            31            Mar 1981 05:00:00            GMT\";
         \"Last-Modified\" = \"Wed,
            28            May 2014 16:41:56            GMT\";
         Pragma = \"no-cache\";
         Server = tfe;
         \"Set-Cookie\" = \"_twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCCDVtENGAToHaWQiJWFi%250AY2I3MTY2NzE2N2YyMGJkZmRjNTcxNDhiZDNjM2Ji--960847ab7fc1a4d44356089a7a52d68e0209569c; domain=.twitter.com; path=/; secure; HttpOnly\";
         Status = \"401 Unauthorized\";
         \"Strict-Transport-Security\" = \"max-age=631138519\";
         Vary = \"Accept-Encoding\";
         \"Www-Authenticate\" = \"OAuth realm=\"https://api.twitter.com\"\\";
         \"x-content-type-options\" = nosniff;
         \"x-frame-options\" = SAMEORIGIN;
         \"x-mid\" = 74f3e807da5fb771f23d204b62991834b2a4cdf3;
         \"x-runtime\" = \"0.00840\";
         \"x-transaction\" = 65a5f5cc8582fcce;
         \"x-ua-compatible\" = \"IE=edge,
            chrome=1\";
         \"x-xss-protection\" = \"1; mode=block\";
         }
      }\";       
      SignedReverseAuthSignature = \"OAuth oauth_consumer_key=\"wJdqmlenGvIdyq9xYWu5lA\",
      oauth_version=\"1.0\",
      oauth_nonce=\"TnUox2zm9Zc2IjBvjgP7BymWlBhbBwS8B39rBVouw\",
      oauth_signature=\"CZ4mPOe0bEYdQ7yhpLPN7zyKuZg%3D\",
      oauth_timestamp=\"1401295315\",
      oauth_signature_method=\"HMAC-SHA1\",
      oauth_token=\"izgNmDJDJU2KK0ZdRAEeotmOwMnD7r3azzUru9Mdw\"\";
   };
}