xAuth 403 (Forbidden) request


Hi all,

I sent a request like that:

var oauthObject = {
      oauth_consumer_key: clientId,
      oauth_nonce: $cordovaOauthUtility.createNonce(10),
      oauth_signature_method: "HMAC-SHA1",
      oauth_timestamp: Math.round((new Date()).getTime() / 1000.0),
      oauth_version: "1.0"
    var signatureObj = $cordovaOauthUtility.createSignature("POST", "https://api.twitter.com/oauth/access_token", oauthObject,  {x_auth_username: username, x_auth_password: password, x_auth_mode: 'client_auth'}, clientSecret);
    var xhr = new XMLHttpRequest();
    var params = 'x_auth_username=' + username
               + '&x_auth_password=' + password
               + '&x_auth_mode=client_auth';
    var authorization = signatureObj.authorization_header;
    xhr.open('POST', 'https://api.twitter.com/oauth/access_token', true);
    xhr.setRequestHeader('Authorization', authorization);
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

But i got error “403 (Forbidden) request”. What wrong is in my code request?


Is your app whitelisted for use of xAuth? If not you’ll need to apply for xAuth permissions via the platform support forms.