I try to request a token via https://api.twitter.com/oauth/request_token but always get a 401 error.
I do my testing via curl (easy to see what happen).
Here is a request example :
curl --request 'POST' 'https://api.twitter.com/oauth/request_token' --header 'Authorization: OAuth oauth_callback="http%3A%2F%2Fwww.domain.tld%2Fblank.html", oauth_consumer_key="cmGkcMsffqJlmra6RD1gw", oauth_nonce="hj05psxq62tx1PAe3V", oauth_signature="2ZNWTvzEmSix1G8PGImDxVKulFY=", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1373559256", oauth_version="1.0"' --verbose
Output:
* About to connect() to api.twitter.com port 443 (#0)
* Trying 199.16.156.72... connected
(...)
> POST /oauth/request_token HTTP/1.1
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: api.twitter.com
> Accept: */*
> Authorization: OAuth oauth_callback="http%3A%2F%2Fwww.domain.tld%2Fblank.html", oauth_consumer_key="cmGkcMsffqJlmra6RD1gw", oauth_nonce="hj05psxq62tx1PAe3V", oauth_signature="2ZNWTvzEmSix1G8PGImDxVKulFY=", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1373559256", oauth_version="1.0"
>
< HTTP/1.1 401 Unauthorized
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 44
< content-type: text/html; charset=utf-8
< date: Thu, 11 Jul 2013 16:14:28 GMT
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Thu, 11 Jul 2013 16:14:28 GMT
< pragma: no-cache
< server: tfe
< set-cookie: _twitter_sess=BAh7CDoHaWQiJWY5Y2RkMjc2ZjMwNjI1MmEwZjMwNDQ2YjMyZTMzZjcxOg9j%250AcmVhdGVkX2F0bCsI8CSDzj8BIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--6299ac6198a2aa6d31ddbf73e644178b151e0938; domain=.twitter.com; path=/; HttpOnly
< set-cookie: guest_id=v1%3A137355926844621784; Domain=.twitter.com; Path=/; Expires=Sat, 11-Jul-2015 16:14:28 UTC
< status: 401 Unauthorized
< strict-transport-security: max-age=631138519
< vary: Accept-Encoding
< x-frame-options: SAMEORIGIN
< x-mid: 4265bd602c73ff13a029debc2d8161132a3ac5b9
< x-runtime: 0.01201
< x-transaction: a8f4d7f44e9ee8ba
< x-ua-compatible: IE=10,chrome=1
< x-xss-protection: 1; mode=block
<
* Connection #0 to host api.twitter.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Common issues that i have checked:
- timestamp is ok
- singing method should be ok (tested with example values from twitter doc + checked with http://quonos.nl/oauthTester/
- the app callback url is configured (it's the same url as the one in this request)
- the app is allowed to be used to Sign in with Twitter
I'm running out of ideas ...