Unable to authorize/authenticate via web app


#1

I’m attempting to build a extremely basic web app that allows a user to view own tweets and post tweets.

However I’m been stuck at oauth verification.

Docs I’m following:
https://developer.twitter.com/en/docs/basics/authentication/overview/3-legged-oauth
https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter

I’m still trying things out in Postman at the moment. These’s a nifty feature in there that automatically constructs the Authorization header given my app secret and token.

The /oauth/request_token is successful, and I’m able to get a oauth_token and oauth_token_secret.

But I’ve been stuck at the next call
/oauth/authenticate (or /oauth/authorize ? What’s the difference ?). I’m sending a GET request to /oauth/authenticate?oauth_token=from_prev_response, with postman inserts the Authorize header.

The response returns a 403 status and HTML markup that says I’m missing a request token. What’s wrong?


#2

For step 2, instead of you making a GET request, you should try just plugging that into your browser.

GET oauth / authenticate differs from GET oauth / authorize in that if the user has already granted the application permission, the redirect will occur without the user having to re-approve the application. To realize this behavior, you must enable the Use Sign in with Twitter setting on your application record.


#3

Thanks! I finally managed to get an access token from browser sign in flow, but I’m hitting error 32, “Could not authenticate you.” when attempting to use the token to post a tweet.

Relevant Request headers

POST /1.1/statuses/update.json?status=HELLO%20WORLD%20api HTTP/1.1
Authorization: OAuth
  oauth_consumer_key=$APP_KEY,
  oauth_nonce=$GENERATED,
  oauth_signature=$GENERATED,
  oauth_signature_method="HMAC-SHA1",
  oauth_timestamp=$GENERATED,
  oauth_token=$ACCESS_TOKEN_FROM_BROWSER_SIGNIN,
  oauth_version="1.0"

What’s wrong with this request?


#4

You actually have to generate the oauth_nonce, oauth_signature, and oauth_timestamp.

You can read more about this here:
https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature

Or you can try using twurl or Insomnia, both of which will generate these values for you.

You could also play around with https://twitteroauth.com/ to generate your signature.


#5

We try to keep each forum topic to a single subject. If you need any further help, please submit a new topic.
Happy developing!


#6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.