Good day, I am writing an iOS app that needs to authenticate with Twitter. When I POST a request to https://api.twitter.com/oauth/request_token I get a 401 error with the message "Failed to validate oauth signature and token".
Here is an example of a base string I generated:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dfy5lC1V4ojgaolKPnEsbg%26oauth_nonce%3Da55d09b40e3fc189addaf203ef7f2dc475ea2a69%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1315413303%26oauth_version%3D1.0
Can't see anything wrong with it. I also checked my signature generation method using the example base string and consumer secret in the Twitter documentation here: https://dev.twitter.com/docs/auth/oauth I get the same signature.
I also checked my timestamp but it is within a second of UTC epoch time. Here are the response headers I'm getting:
Response:{
"Cache-Control" = "no-cache, no-store, must-revalidate, pre-check=0, post-check=0";
Connection = close;
"Content-Encoding" = gzip;
"Content-Length" = 62;
"Content-Type" = "text/html; charset=utf-8";
Date = "Wed, 07 Sep 2011 16:35:05 GMT";
Expires = "Tue, 31 Mar 1981 05:00:00 GMT";
"Last-Modified" = "Wed, 07 Sep 2011 16:35:05 GMT";
Pragma = "no-cache";
Server = hi;
"Set-Cookie" = "admobuu=10208a061552e8488e7953874e764745; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT, _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBMnvkQyAToHaWQiJThkNjJhNDI5YjI1MDEz%250AOWQxYTcxYTYyODg3NWQ2OTkyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--94b10215c29c55d20de023c624296349f461f69d; domain=.twitter.com; path=/; HttpOnly";
Status = "401 Unauthorized";
Vary = "Accept-Encoding";
"X-Content-Type-Options" = nosniff;
"X-Frame-Options" = SAMEORIGIN;
"X-Mid" = d09597bbd71f66cf5869d99b2f3cf994fbf7dfb9;
"X-Revision" = DEV;
"X-Runtime" = "0.00428";
"X-Transaction" = "1315413305-15807-4243";
}
And here's my Objective C code:
// Strings
NSString *urlString = @TWITTER_REQUEST_TOKEN_URL;
NSString *urlEncoded = (NSString *)CFURLCreateStringByAddingPercentEscapes(NULL, (CFStringRef)urlString, NULL, (CFStringRef)@"!*'();:@&=+$,/?%#[]", kCFStringEncodingUTF8);
NSString *oauthCallback = @TWITTER_CALLBACK;
NSString *oauthConsumerKey = @TWITTER_KEY;
NSString *oauthConsumerSecret = @TWITTER_SECRET;
NSString *timestamp = [NSString stringWithFormat:@"%d",(long)[[NSDate date] timeIntervalSince1970]];
NSInteger randomNumber = arc4random();
NSString *randomString = [NSString stringWithFormat:@"%d",randomNumber];
NSString *oauthNonce = [HashService sha1DigestFromKey:timestamp andBaseString:randomString];
NSString *oauthSignatureMethod = @"HMAC-SHA1";
NSString *oauthVersion = @"1.0";
// Create base string and signature
NSMutableString *baseString = [NSMutableString stringWithFormat:@"POST&%@&",urlEncoded];
NSString *paramString = [NSString stringWithFormat:@"oauth_callback=%@&oauth_consumer_key=%@&oauth_nonce=%@&oauth_signature_method=%@&oauth_timestamp=%@&oauth_version=%@",oauthCallback,oauthConsumerKey,oauthNonce,oauthSignatureMethod,timestamp,oauthVersion];
NSString *paramStringEncoded = (NSString *)CFURLCreateStringByAddingPercentEscapes(NULL, (CFStringRef)paramString, NULL, (CFStringRef)@"!*'();:@&=+$,/?%#[]", kCFStringEncodingUTF8);
[baseString appendString:paramStringEncoded];
NSString *signingKey = [NSString stringWithFormat:@"%@&",oauthConsumerSecret];
NSString *oauthSignature = [HashService HmacSha1FromKey:signingKey andBaseString:baseString];
// Create request
NSURL *url = [NSURL URLWithString:urlString];
NSString *authHeader = [NSString stringWithFormat: @"OAuth oauth_nonce=\"%@\",oauth_callback=\"%@\",oauth_signature_method=\"%@\",oauth_timestamp=\"%@\",oauth_consumer_key=\"%@\",oauth_version=\"%@\",oauth_signature=\"%@\"",oauthNonce,oauthCallback,oauthSignatureMethod,timestamp,oauthConsumerKey,oauthVersion,oauthSignature];
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
[request addRequestHeader:@"Authorization" value:authHeader];
request.requestMethod = @"POST";
[request startSynchronous];
I just can't get it to work. Suggestions?
