Twurl authorize reports "Authorization failed."


#1

My Ads API application was approved last week. I just tried to used it, and in twurl, I get “Authorization failed.”

I copied and pasted the Consumer Key and Consumer Secret from the apps.twiiter.com Application Management webpage.

Please advise.

twurl trace:

opening connection to api.twitter.com:443...
opened
starting SSL for api.twitter.com:443...
SSL established
<- "POST /oauth/access_token HTTP/1.1\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: OAuth gem v0.5.3\r\nContent-Length: 57\r\nContent-Type: application/x-www-form-urlencoded\r\nAuthorization: OAuth oauth_consumer_key=\"Redacted\", oauth_nonce=\"Redacted\", oauth_signature=\"Redacted\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1509395690\", oauth_version=\"1.0\"\r\nConnection: close\r\nHost: api.twitter.com\r\n\r\n"
<- "x_auth_mode=client_auth&x_auth_password=&x_auth_username="
-> "HTTP/1.1 403 Forbidden\r\n"
-> "cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0\r\n"
-> "connection: close\r\n"
-> "content-encoding: gzip\r\n"
-> "content-length: 130\r\n"
-> "content-type: application/xml;charset=utf-8\r\n"
-> "date: Mon, 30 Oct 2017 20:34:51 GMT\r\n"
-> "expires: Tue, 31 Mar 1981 05:00:00 GMT\r\n"
-> "last-modified: Mon, 30 Oct 2017 20:34:51 GMT\r\n"
-> "pragma: no-cache\r\n"
-> "server: tsa_b\r\n"
-> "set-cookie: personalization_id=\"v1_qmYc+LsjwEV0CKvSw3JXZA==\"; Expires=Wed, 30 Oct 2019 20:34:51 UTC; Path=/; Domain=.twitter.com\r\n"
-> "set-cookie: guest_id=v1%3A150939569154431579; Expires=Wed, 30 Oct 2019 20:34:51 UTC; Path=/; Domain=.twitter.com\r\n"
-> "status: 403 Forbidden\r\n"
-> "strict-transport-security: max-age=631138519\r\n"
-> "x-connection-hash: 442d1bc09da69046c10ba741440b4c74\r\n"
-> "x-content-type-options: nosniff\r\n"
-> "x-frame-options: SAMEORIGIN\r\n"
-> "x-response-time: 11\r\n"
-> "x-transaction: 00c0b1120042dceb\r\n"
-> "x-tsa-request-body-time: 1\r\n"
-> "x-twitter-response-tags: BouncerCompliant\r\n"
-> "x-xss-protection: 1; mode=block\r\n"
-> "\r\n"
reading 130 bytes...
-> ""
-> "\x1F\x8B\b\x00\x00\x00\x00\x00\x00\x00,\x8CM\n\x83@\fF\xAF\x12\xB2\xEF\xDF\xAA.f\xC6E\xC1\x13\xE8\x01\x8A\xC66\xE0$\x92\t\xC5\xE3w\x14W\x8F\x8F\xC7\xFBB\xBB\xE5\x05~d\x85U\">\xAEw\x04\x92Q'\x96O\xC4\xA1\xEF.\r\xB6)\x90\x99Z9\tUS\xC4\xE6\x89\xE9\xB50\x89\x03\x17\x10uX\xC92\xBB\xD3\x04\xAE\xFB\x98\xD52\xF8\xB7\xDA\xF7\xE8\xF5?\xDC\x8E>\x9D,\xE9\x0F\x00\x00\xFF\xFF\x03\x00\xC4\x8C\xEC\xF9~\x00\x00\x00"
read 130 bytes
Conn close
opening connection to api.twitter.com:443...
opened
starting SSL for api.twitter.com:443...
SSL established
<- "POST /oauth/request_token HTTP/1.1\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: OAuth gem v0.5.3\r\nContent-Length: 0\r\nAuthorization: OAuth oauth_callback=\"oob\", oauth_consumer_key=\"Redacted\", oauth_nonce=\"Redacted\", oauth_signature=\"Redacted\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1509395691\", oauth_version=\"1.0\"\r\nConnection: close\r\nHost: api.twitter.com\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n"
<- ""
-> "HTTP/1.1 401 Authorization Required\r\n"
-> "cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0\r\n"
-> "connection: close\r\n"
-> "content-disposition: attachment; filename=json.json\r\n"
-> "content-encoding: gzip\r\n"
-> "content-length: 89\r\n"
-> "content-type: application/json; charset=utf-8\r\n"
-> "date: Mon, 30 Oct 2017 20:34:51 GMT\r\n"
-> "expires: Tue, 31 Mar 1981 05:00:00 GMT\r\n"
-> "last-modified: Mon, 30 Oct 2017 20:34:51 GMT\r\n"
-> "pragma: no-cache\r\n"
-> "server: tsa_b\r\n"
-> "set-cookie: personalization_id=\"v1_otmefvsKK64x66v2qhAE2A==\"; Expires=Wed, 30 Oct 2019 20:34:51 UTC; Path=/; Domain=.twitter.com\r\n"
-> "set-cookie: guest_id=v1%3A150939569173371117; Expires=Wed, 30 Oct 2019 20:34:51 UTC; Path=/; Domain=.twitter.com\r\n"
-> "status: 401 Unauthorized\r\n"
-> "strict-transport-security: max-age=631138519\r\n"
-> "www-authenticate: OAuth realm=\"https://api.twitter.com\"\r\n"
-> "x-connection-hash: 771780eb5bce8aef49f7a8210daf3c2e\r\n"
-> "x-content-type-options: nosniff\r\n"
-> "x-frame-options: SAMEORIGIN\r\n"
-> "x-response-time: 8\r\n"
-> "x-transaction: 00327cb000f95097\r\n"
-> "x-twitter-response-tags: BouncerCompliant\r\n"
-> "x-xss-protection: 1; mode=block\r\n"
-> "\r\n"
reading 89 bytes...
-> ""
-> "\x1F\x8B\b\x00\x00\x00\x00\x00\x00\x00\xAAVJ-*\xCA/*V\xB2\x8A\xAEVJ\xCEOIU\xB226\xD2Q\xCAM-.NL\ar\x94\x9C\xF3KsR\x14\xF2\xF2K\x14\x12KK2R\xF3J2\x93\x13KR\x15*\xF3K\xF5\x94jck\x01\x00\x00\x00\xFF\xFF\x03\x00\n\xF0^\f@\x00\x00\x00"
read 89 bytes
Conn close
Authorization failed. Check that your consumer key and secret are correct, as well as username and password.

#2

I would first try to test the steps from “twurl -T” tutorial mode to make sure that you’re set up the correct auth for the right user (which are eventually saved in the .twurlrc file - please don’t post the secret or full OAuth output as it’s sensitive info for you)

It’s likely that either you haven’t setup “twurl authorize” or your app ID is not associated with the account you are authorizing, you should be able to see the right consumer key appear selected as “twurl accounts” output or set it as default with the set default command.


#3

Thank you for the reply. I was using “twurl -T” to get the output in my initial post.

As I recall, there was a slight syntax error in my authorization call (which I did not include because it includes my sensitive account info). I was initially using the --consumer-key and consumer-secret (my mistake to not have any leading dashes) syntax from this video:

When I changed to -c and -s it worked.

I think twurl should have notified me of my syntax error, instead of accepting my command and telling me my credentials were incorrect.

In summary, when I entered this in twurl:
twurl authorize --consumer-key xZNotMyRealKeyJO consumer-secret tYNotMyRealSecretNotMyRealSecretNotMyRealSecretzj

twurl gave this misleading message:

Authorization failed. Check that your consumer key and secret are correct, as well as username and password.

twurl should have told me: Syntax error…


#4

Thanks for the feedback about twurl command line argument parsing!