Why does Twitter for iOS 5 not send the OAuth token (oauth_token) with X-Verify-Credentials-Authorization?


Hi, for some reason the header being sent for X-Verify-Credentials-Authorization in Twitter for iOS 5 (image upload) no longer contains the oauth_token field. Without it, passing it on to verify_credentials results in a 401 “not authorized” error.

Twitterrific continues to send the token, so verify_credentials allows the image to be uploaded.

Since I couldn’t find any issues similar to this from yFrog or Lockerz, am I doing something wrong by forwarding that authorization header to Twitter? Is there another way I should do this? Note, we are using the Custom field in Twitter’s image upload selector.


Let us know what you find… the custom field in Twitter’s image upload selector is failing for us in iOS 5 as well (works in iOS4).


Hi, i can confirm the issue. IPad with IOS5 no oauth_token which means my custom image endpoint doesnt work any longer. My IPhone is still on IOS4 and is still working. Both use the official Twitter App.


Is the oauth_token field missing from all contexts? Technically it need only be present in the Authorization header – when you’re looking for the token are you checking in the query string, POST body, or Authorization header? Do you have any captures of the erroneous request, headers, bodies, URLs, and all?



Here are the logs for new iOS5 Twitter app log details & lack of oauth_token in header

Here is the new iOS5 Twitter on custom image upload which fails:

[HTTP_USER_AGENT] => Twitter/3.5 CFNetwork/548.0.3 Darwin/11.0.0
[HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION] => OAuth oauth_timestamp=“1318875025”, oauth_nonce=“FA8E28BA-50DA-4E75-851E-04BECBA6A6DC”, oauth_version=“1.0”, oauth_consumer_key=“IQKbtXXXXXXXX0HUA”, oauth_signature_method=“HMAC-SHA1”, oauth_signature=“JpbqoXXXXXXXXXXA%3D”
[HTTP_X_AUTH_SERVICE_PROVIDER] => https://api.twitter.com/1/account/verify_credentials.json

Here is the iOS5 TweetBot version that works

[HTTP_USER_AGENT] => Tweetbot/17094 CFNetwork/548.0.3 Darwin/11.0.0
[HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION] => OAuth realm="*", oauth_consumer_key=“8AeXXXXXXXX1QGA”, oauth_nonce=“049DF542-C01C-42F7-B19A-4A6DFF4E64B5”, oauth_signature=“dcEempXXXXXXXX1Yvaws%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1318875280”, oauth_token=“15412585-JRcq4ssXXXXXXXXXnur6yNvJqlG2”, oauth_version=“1.0”
[HTTP_X_AUTH_SERVICE_PROVIDER] => https://api.twitter.com/1/account/verify_credentials.json


Here is the content of the $_SERVER variable when Twitter for IOS5 tries to upload an image to my server: http://pastebin.com/T2dXtbhZ
$_POST contains only the message and $_GET is empty.


Any updates or solutions yet?


We’re nearing completion of a few flavors of bugs client-side and outside. I’ll share a number of details soon, including some good lessons learned. Thanks!


I can confirm that I am experiencing the same issue. Hoping for a fix soon! Project is delayed due to this issue sad panda is sad. @episod any updates? Thanks so much!


An updated Twitter for iOS build should be available in the App Store this week – it will fix the issue with oauth_token not being sent and additionally correct our TWRequest-using OAuth Echo implementation.

If you’re an media provider using OAuth Echo, please ensure that you execute the URL specified in X-Auth-Service-Provider against api.twitter.com, rather than a hard-coded value such as “https://api.twitter.com/1/account/verify_credentials.json” – you’ll find that our updated build includes an application_id parameter additionally.



The oauth_token / Oauth echo implementation issue is solved on the new 3.5.1 iOS Twitter app.

Make sure you route to the X-Auth-Service-Provider and not hard coded to: https://api.twitter.com/1/account/verify_credentials.json

Solved on my system for pulling the header details and stacking in the CURL:

curl_setopt($ch, CURLOPT_URL, $header_request[‘X-Auth-Service-Provider’]);

This takes care of the new application_id.

iOS 5 X-Auth-Service-Provider looks something like:


Would you mind sharing what you did with setting up OAuth for the TWRequest if you were able to send a private message? I have read how to create an account and setting the credentials using the [[ACAccountCredential alloc] initWithOAuthToken:xxx tokenSecret:xxx]] and then setting that into the credential property. But how would I use this account so that I can be able to send a private message to followers of accounts users have setup and accessed via our app? I keep getting a statusCode of 401. Your help would be much appreciated.


Kenneth Lewis


how to post an image to twitter by using oauth? pls give some solution for me.