Hello,
I’m having no luck trying to get a successful response from https://api.twitter.com/oauth/request_token , I’ve spent a long time reading the docs to try and build a header string that will give me an access token from the API. I’ve been following Log in with Twitter | Docs | Twitter Developer Platform
I’m using Node.js to achieve this and I currently have the following:
require('dotenv').config();
const axios = require('axios');
const crypto = require('crypto');
const timestamp = new Date().getTime();
(async () => {
const nonce = crypto.randomBytes(32).toString('base64');
const signature = createSignature();
const params = {
oauth_callback: 'http://localhost:3000',
oauth_consumer_key: process.env.CONSUMER_KEY,
oauth_nonce: nonce,
oauth_signature: signature,
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: timestamp,
oauth_token: process.env.ACCESS_TOKEN_KEY,
oauth_version: '1.0'
};
let headerString = 'OAuth ';
const headerStringParams = Object.keys(params);
for (let i = 0; i < headerStringParams.length; i++) {
const param = headerStringParams[i];
headerString += `${encodeURIComponent(param)}="${encodeURIComponent(params[param])}"`;
if (i < headerStringParams.length - 1) {
headerString += ', ';
}
}
console.log(headerString);
try {
const result = await axios.post('https://api.twitter.com/oauth/request_token', {
headers: {
'Authorization': headerString
}
});
console.log(result);
} catch (e) {
console.log(e.response.data.errors);
}
})();
function createSignature() {
const nonce = crypto.randomBytes(32).toString('base64');
const params = {
include_entities: true,
oauth_consumer_key: process.env.CONSUMER_KEY,
oauth_nonce: nonce,
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: timestamp,
oauth_token: process.env.ACCESS_TOKEN_KEY,
oauth_version: '1.0'
};
let signatureString = createSignatureString(params);
const signatureBaseString = `${encodeURIComponent('POST')}&${encodeURIComponent('https://api.twitter.com/oauth/request_token')}&${encodeURIComponent(signatureString)}`;
const signingKey = `${encodeURIComponent(process.env.CONSUMER_SECRET)}&${encodeURIComponent(process.env.ACCESS_TOKEN_SECRET)}`;
const signature = crypto.createHmac('sha1', signingKey).update(signatureBaseString).digest('base64');
return signature;
}
function createSignatureString(params) {
let signatureString = '';
const paramKeys = Object.keys(params);
for (let i = 0; i < paramKeys.length; i++) {
const param = paramKeys[i];
signatureString += `${encodeURIComponent(param)}=${encodeURIComponent(params[param])}`;
if (i < paramKeys.length - 1) {
signatureString += '&';
}
}
return signatureString;
}
The response I get back is { code: 215, message: 'Bad Authentication data.' }
I’m not sure where I’m going wrong and some guidance would be hugely appreciated
Thanks
It’s strongly recommend that you not attempt to write your own OAuth implementation. It’s very easy to get wrong. I’d recommend checking out twit. I’ve used it in several projects without any issues.
1 Like
Thanks for the response, could you shed some light on how you could achieve an authentication flow that uses “Sign in with Twitter” struggling to find many resources on the topic. What types of authentication have you used with this library in your experience?
You could check out our sample code - it’s Python but demonstrates the general flow.
system
Closed
#6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
