Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to validate oauth signature and token #59

Closed
idancali opened this issue Jun 27, 2012 · 6 comments
Closed

Failed to validate oauth signature and token #59

idancali opened this issue Jun 27, 2012 · 6 comments
Assignees
@themattharris
Labels
support

Comments

@idancali
Copy link

Hi Matt,

I've been playing with your library and for some reason I got stuck when attempting to authenticate. I can actually do a status update and I can even get a list of friends but unfortunately I cannot seem to be able to get a request_token. I keep getting a 401 Unauthorized with "Failed to validate oauth signature and token".

This is what I'm trying to do. Pretty straight forward:

        $this->twitter = new tmhOAuth(array(
              'consumer_key'    => TWITTER_CONSUMER_KEY,
              'consumer_secret' => TWITTER_CONSUMER_SECRET,
              'user_token'      => TWITTER_ACCESS_TOKEN,
              'user_secret'     => TWITTER_ACCESS_SECRET,
              ));

        $params = array(
            'oauth_callback'     => tmhUtilities::php_self()
        );

        $this->twitter->request('POST', $this->twitter->url('oauth/request_token', ''), $params);

I've verified the credentials, it works, like I said I can post a tweet but I can't get a request token back. I've verified that the time is in sync with GMT and I've even tried your utility which tries to auto fix the time issue but I'm still getting the same error.

Any idea what's going on?

Thanks
@ghost ghost assigned themattharris Jun 27, 2012
@themattharris
Copy link
Owner

hey,

if i'm reading your code correctly you're making a request to oauth/request_token but signing it with the user_token and secret. the thing is, the request_token phase is the beginning of the oauth process for which there must not be a user_token and user_secret.

if you have a user_token and user_secret the oauth authentication process is complete and you don't need to do it again - at least not for that particular user.

if you want to authenticate as a different user you would need to remove the user_token and user_secret from the $tmhOAuth object and go through the request_token -> authorize -> access_token process again.

let me know if that fixes it for you.

@idancali
Copy link
Author

Thanks for the prompt reply, Matt.
You're right, those two params should've been removed. I did that though and same result unfortunately.

@themattharris
Copy link
Owner

can you do a var_dump($tmhOAuth) at the end and share it.
just remember to remove anything you consider sensitive like the oauth keys and secret and IP.

@idancali
Copy link
Author

You know what the second time around I actually got an error message related to the fact that my callback on the App Details page was empty. I added a placeholder and everything just worked. Thanks again for your support. Cheers!

@themattharris
Copy link
Owner

excellent - glad you got it worked out.

@idancali
Copy link
Author

Yeah thanks really appreciate your support I'm impressed at how promptly you answered my question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@themattharris themattharris

Labels
support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@themattharris @idancali