Twitter rest api request_token Issue

Question

I'm trying to get oauth token for my app. I followed this tutorial but I'm getting error like this:

{
  "errors": [
    {
      "code": 32,
      "message": "Could not authenticate you."
    }
  ]
}

Here is my signature base string:

POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Drntwttr%3A%2F%2Ftwitter&oauth_consumer_key%3DzvWr0ySiGLedBLvFM4CZgW6ut&oauth_nonce%3D144692544640700&oauth_signature_method%3DHMAC-SHA1&oauth_timestamp%3D1446921846&oauth_version%3D1.0

Here is my Authorization header value:

OAuth oauth_callback="rntwttr%3A%2F%2Ftwitter", oauth_consumer_key="zvWr0ySiGLedBLvFM4CZgW6ut", oauth_nonce="144692544640700", oauth_signature="%2BHGWye0I4QeBbHWYiJnXhHJGPn4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1446921846", oauth_version="1.0"

I encrypt my signature base string with my consumer key and secret:

var key = 'myConsumerKey&myConsumerSecret';
var signature = CryptoJS.HmacSHA1(signature_without_sha, key);
var _signature = signature.toString(CryptoJS.enc.Base64);

What is the problem here ? Callback url: rntwttr://twitter

Answer 1

You have constructed your signing key incorrectly. The signing key is formed by combining the consumer secret and the token secret with an ampersand in between:

consumer_secret&token_secret

In the case of obtaining a request token you do not have a token secret yet so the signing key is just the consumer secret followed by an ampersand:

consumer_secret&

In your code above you are combining the consumer key with the consumer secret resulting in the authorization error.

Answer 2

Your signature base string's parameter string part is not percent encoded correctly (i.e., & should be %26) according to twitter docs about creating signatures.

You can validate your base string using this website