Users/lookup.json does not work, error code= 32 could not authenticate you


#1

Have the following code:

            $oauth_nonce = md5(uniqid(rand(), true));
            $oauth_timestamp = time();            
            $users_ids = implode(',',$users_ids['ids']);
            $url = 'https://api.twitter.com/1.1/users/lookup.json';                       
            $oauth_sig_text = self::sign_twitter($url,$oauth_token,false,$oauth_nonce,$oauth_timestamp,$users_ids); 
            //print_r($oauth_sig_text);           
              
            $key = __TWITTERSECRET__ . '&' . $oauth_token_secret;            
            $signature = base64_encode(hash_hmac("sha1", $oauth_sig_text, $key, true));
            
            $params = array(                
                'oauth_consumer_key'       => __TWITTERKEY__,
                'oauth_nonce'              => $oauth_nonce,
                'oauth_signature'          => $signature,
                'oauth_signature_method'   => "HMAC-SHA1",
                'oauth_timestamp'          => $oauth_timestamp,
                'oauth_token'              => urlencode($oauth_token),             
                'oauth_version'            => '1.0',
                'user_id'                  => $users_ids
            );        
            
            $url .= '?'.http_build_query($params);                 
            $users_data = json_decode(file_get_contents($url),true);
            
            echo '<pre>';
                print_r($users_data);
            echo '</pre>';

And signature:

        protected function sign_twitter($url,$token,$verifier,$nonce,$timestamp,$ids=false){     
            $oauth_base_text = "GET&";
            $oauth_base_text .= urlencode($url).'&';            
            $oauth_base_text .= urlencode('oauth_consumer_key='.__TWITTERKEY__.'&');
            $oauth_base_text .= urlencode('oauth_nonce='.$nonce.'&');
            $oauth_base_text .= urlencode('oauth_signature_method=HMAC-SHA1&');
            $oauth_base_text .= urlencode('oauth_timestamp='.$timestamp."&"); 
            $oauth_base_text .= urlencode('oauth_token='.$token."&");                       
            $oauth_base_text .= urlencode('oauth_version=1.0&');
            
            if ($verifier) {
                $oauth_base_text .= urlencode("oauth_verifier=".$verifier."&");
                $oauth_base_text .= urlencode("oauth_callback=".urlencode(__REDIRECT__)."&");    
            } else {
                $oauth_base_text .= urlencode('user_id=' . $ids);
            }
            
            return $oauth_base_text;                           
        }

I receive an error:

Array
(
    [errors] => Array
        (
            [0] => Array
                (
                    [message] => Could not authenticate you
                    [code] => 32
                )

        )

)

if you take a single identifier, the data are given ($users_ids = $users_ids[‘ids’][‘0’]).
I have read a lot of topics on this issue, and everywhere it is written that the problem in comma that it should be encoded% 2C but it does not help …

final url:

https://api.twitter.com/1.1/users/lookup.json?oauth_consumer_key=Q6KMZzN7AAW******HoxmA&oauth_nonce=ab7e09e8466e0c9893acf3da32de9565&oauth_signature=rhUPhe1HgfcR%2Fr3nkTomuksWPzo%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1378367650&oauth_token=1727480588-IlvYrJZcRnp3dKScJiyZfEEMRpiqlVMTQTr764Q&oauth_version=1.0&user_id=93456690%2C81866717

signature:

GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fusers%2Flookup.json&oauth_consumer_key%3DQ6KMZzN7AAW******HoxmA%26oauth_nonce%3Dab7e09e8466e0c9893acf3da32de9565%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1378367650%26oauth_token%3D1727480588-IlvYrJZcRnp3dKScJiyZfEEMRpiqlVMTQTr764Q%26oauth_version%3D1.0%26user_id%3D93456690%2C81866717

Just tried POST request, did not help, all the exact same error.


#2

If your querystring has %2C in it, then your signature base string must have %252C in it (the base string escapes the values again).

Also, it’s much better to separate concerns and use HTTP headers for OAuth instead of the querystring.


#3

Thank you helped!