Why is my callback URL never requested after oauth/authenticate?


I am trying to write a sign-in-with-twitter app in Go.

I have set the oauth_callback URL parameter in the headers, and I can successfully get the request token (oauth_callback_confirmed = true). Tests also indicate that I am signing / creating the Authorization header properly. My application settings also has a Callback URL specified.

However, after I redirect to oauth/authenticate/ and accept, I get the “Redirecting you back to your application” screen, I end up at a 404: Sorry, that page doesn’t exist!

The URL looks like https://api.twitter.com/oauth/http%3A%2F%2F[..my.domain.org..]%2Ftwitteroauth?oauth_token=[..token..]&oauth_verifier=[..verifier..]
My HTTP server never gets any request. If I use “oob” as the callback then I can successfully get the PIN screen.

What am I doing wrong that the callback url isn’t actually redirected to? It would be an immense help, I’ve been struggling with this for a while :slight_smile:


Can you show the exact request you’re making to oauth/request_token in this context? The POST body you’re sending, the HTTP headers, the URL, and the signature base string? It’s probably something very minor.


I am also facing the same problem. Please help.



this is also my problem :expressionless: i hope someone can answer this :slight_smile:


I’m also facing the very same problem.

Here is the Twitter form url:

And here is the url Twitter stopped at:


When you build your URL to oauth/authorize are you really including the oauth_token_secret and oauth_callback_confirmed parameters? They don’t belong on this step – in fact, you shouldn’t really be sending an oauth_token_secret anywhere.

Make sure that you’re providing an explicit URL as the oauth_callback parameter on the oauth/request_token step.


Is it that I should not use this url:


but instead use this one:




Thanks for the comments. Yes I do provide explicitly a oauth_callback parameter on the oauth/request_token step.

Here it is:

$redirectUrl = urlencode("$gUserUrl/login.php");

$consumerKey = $this->consumerKey;
$consumerSecret = $this->consumerSecret;

$url = 'http://api.twitter.com/oauth/request_token';

$params = array();
$params['oauth_version'] = '1.0';
$params['oauth_nonce'] = mt_rand();
$params['oauth_timestamp'] = time();
$params['oauth_consumer_key'] = $consumerKey;
$params['oauth_callback'] = $redirectUrl;

$params['oauth_signature_method'] = 'HMAC-SHA1';
$params['oauth_signature'] = LibUtils::computeHmacSha1Signature('POST', $url, $params, $consumerSecret, null);

$queryParameterString = LibUtils::oauthHttpBuildQuery($params);

$headers[] = 'Content-Type: application/x-www-form-urlencoded';
$response = LibUtils::sendPostCurlRequest($url, $queryParameterString, 80, $headers);

$authenticateUrl = '';

if (!empty($response)) {
  list($info, $header, $body) = $response;
  $parsedBody = LibUtils::queryStringToArray($body);
  if ($info['http_code'] == 200 && !empty($body) && $body['oauth_callback_confirmed'] == true) {
    $oauth_token = $body['oauth_token'];
    $oauth_token_secret = $body['oauth_token_secret'];
    $authenticateUrl = "http://api.twitter.com/oauth/authorize?" . LibUtils::rfc3986Decode($body);

// $authenticateUrl = “https://api.twitter.com/oauth/authenticate?oauth_token=” . LibUtils::rfc3986Decode($oauth_token);


I fixed it and now get to the following point:


with the message:

Sorry, that page doesn’t exist!


What seems to be happening is that your callback is being overly escaped in transit to Twitter. Are you sure you’re not URL encoding the oauth_callback parameter more so than is necessary?


Spot on ! Thanks Taylor.

I now get back to my redirect url with the oauth_token url parameter



Hello Taylor,

Is there any way to get the email, firstname and lastname from the LinkedIn account ?

As of now, I only get the login name (screen_name) in the response body:

body: oauth_token=102779905-yuJ823fPLtZEzpm6oMokQ8UzHM4npUxwTn6dVm4&oauth_token_secret=cDRy8M5Rio2ZbSwVi49dCXAfKIxoZBhLT4UWvzS9nOY&user_id=102779905&screen_name=learnintouch

That would allow me to preset these form fields on my user registration form.


Hi @LearnInTouch,

Glad that helped.

Twitter accounts can belong to just about anything, not just humans. So first names and last names are paren’t of the structured data we have for an account. We also do not yield a user’s email address at all… we do have a single name field that in most cases will have a first and last name within it.

The best way to obtain more information about the current user after they authenticate is to take that screen_name that came with your request and use it in a request to [node:66] which will yield you just about all the information in the [node:7827] object.


Thanks for the explanation Taylor.

I shall see what I can get from the users/show url.

I’m now trying to post a tweet but I get a

<?xml version="1.0" encoding="UTF-8"?> Could not authenticate you. /1/statuses/update.xml response.

I wonder why since I’m currently logged in twitter.com and using the same opened browser instance of Firefox from which my website posts the tweet.

Do I need to have more parameters than these ?

function postNotification($message) {

$consumerSecret = $this->consumerSecret;

$url = 'http://api.twitter.com/1/statuses/update.format';

$params = array();
$params['oauth_version'] = '1.0';
$params['oauth_nonce'] = mt_rand();
$params['oauth_timestamp'] = time();
$params['oauth_signature_method'] = 'HMAC-SHA1';
$params['oauth_signature'] = LibUtils::computeHmacSha1Signature('POST', $url, $params, $consumerSecret, null);
$params['status'] = $message;

$queryParameterString = LibUtils::oauthHttpBuildQuery($params);
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
$response = LibUtils::sendPostCurlRequest($url, $queryParameterString, 80, $headers);

if (!empty($response)) {
  list($info, $header, $body) = $response;
  if ($info['http_code'] == 200 && !empty($body)) {
    $parsedBody = LibUtils::queryStringToArray($body);





The body of the response is:

You are being redirected.


I tried with the following url https://api.twitter.com/1/statuses/update.json but got no response.

I then tried to have the curl post parameters set to true as in:
but it did not help and I got no response when using https.


I had twitter login successfully working for my site. I use the EpiTwitter api for this implementation.However today when i tried login in login was unsuccessful as in it didnt return any of the user info.Then after reading about the changes made i too made those changes in the EpiTwitter.php file

  1. class EpiTwitter extends EpiOAuth
  2. {
  4. protected $requestTokenUrl = ‘https://api.twitter.com/oauth/request_token’;
  5. protected $accessTokenUrl = ‘https://api.twitter.com/oauth/access_token’;
  6. protected $authorizeUrl = ‘https://api.twitter.com/oauth/authorize’;
  7. protected $apiUrl = ‘https://api.twitter.com/1/’;
    but now i get this error
    ’Whoa there!
    There is no request token for this page. That’s the special key we need from applications asking to use your Twitter account. Please go back to the site or application that sent you here and try again; it was probably just a mistake.'
    with the link as given in summary. Clearly no oauth_token value is generated for the login link.
    On my applications page on twitter i do get the access token and accesstoken secret but i am not sure where to use it!!!
    i wonder what is going wrong cos everything was working veryfine!!


Verify that your code actually checks to see if you’ve received the proper response from oauth/request_token before sending the user to oauth/authorize. Verify your system clock. Consider using another library, as a lot of folks seem to have trouble with EpiTwitter.


Hey Taylor,

I am getting the same response. After the Authorization, page is redirecting to blank page. I think I am missing your point “overly escaped”. I am not encoding the url, it was working till yesterday.