Struggling with oauth request token


#1

Hi, few days trying to implement auth for my website and stuck at first step - getting request_token
I’m using PHP + apache2, sending request via curl (more data on SO link below)

asked a question at StackOverflow (http://stackoverflow.com/questions/19362649/twitter-oauth-request-token-fails?answertab=active#tab-top) and found a few mistakes, done them but no affect, still getting error

actionally i’m getting 2 errors with different curl options:

400 - Bad request if - curl_setopt($ch, CURLOPT_POST, true);
401 - Failed to validate oauth signature and token - if with no option CURLOPT_POST

tryied to send request with Fiddler:

request :
Authorization Header is present: OAuth oauth_callback=“http%3A%2F%2Fhybridauth.vbox%2Fhybridauth%2F”, oauth_consumer_key=“my_key_M7jZK81tBY3g”, oauth_nonce=“4861042efe40c9c002b5afb138f8d7ea”, oauth_signature=“82POAZyEe2efa1fn6CLYcYez9SM%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1381957439”, oauth_version=“1.0”

response:
HTTP/1.1 401 Unauthorized
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 44 content-type: text/html;
charset=utf-8 date: Wed, 16 Oct 2013 21:04:12 GMT expires: Tue, 31 Mar 1981 05:00:00 GMT last-modified: Wed, 16 Oct 2013 21:04:12 GMT pragma: no-cache server: tfe set-cookie: _twitter_sess=BAh7CDoPY3JlYXR; domain=.twitter.com; path=/; secure;
HttpOnly set-cookie: guest_id=v1%3A138195745263989662;
Domain=.twitter.com; Path=/; Expires=Fri, 16-Oct-2015

status: 401 Unauthorized strict-transport-security: max-age=631138519 vary: Accept-Encoding x-frame-options: SAMEORIGIN x-mid: 180d99fa260045196d32786d29345c4f84b5e142 x-runtime: 0.01649 x-transaction: 85c34cd45118ba03 x-ua-compatible: IE=10,chrome=1 x-xss-protection: 1; mode=block Failed to validate oauth signature and token`

what am i doing wrong?
thanks in advance


#2

sorry for the mess
one good men told me to read https://dev.twitter.com/docs/auth/application-only-auth
i’d like someone made a small remark in old API, that new users should not use it, i wasted much time