CODEWITHSUNDEEP
twitteroauth-2.0
Ucello
Ucello

Reputation: 276

Twitter Oauth 2.0 making requests on behalf of other users

I am trying to use the PKCE flow for the user authentication.

After successful redirection by using the following pattern:

https://twitter.com/i/oauth2/authorize?response_type=code&client_id=M1M5R3BMVy13QmpScXkzTUt5OE46MTpjaQ&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%20offline.access&state=state&code_challenge=challenge&code_challenge_method=plain

I got the code, but then when I try to get the access token the following request fails:

curl --location --request POST 'https://api.twitter.com/2/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <base 64 encode>' \
--data-urlencode 'code=<code received>' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'redirect_uri=<my_redirect>' \
--data-urlencode 'code_verifier=challenge' \
--data-urlencode 'client_id=<my_client_id>'

Error message is {"error":"unauthorized_client","error_description":"Missing valid authorization header"}

I tried to use all of the methods described here for the Basic header, but none of them were successful:

https://twittercommunity.com/t/how-to-generate-a-bear-token-for-api-2-authentication/171837

Thanks!

Upvotes: 6

Views: 3337

Answers (3)

Santiago
Santiago

Reputation: 598

To create the basic authorization header you will need to base64 encoding on your Client ID and Client Secret which can be obtained from your App’s “Keys and Tokens” page inside of the developer portal. You can generate the Authorization here: Base64 Encode. use: {ClientID}:{ClientSecret} not apiid and apisecret.

If you choose to use confidential client, you don't need a client_id in your request body, if you do so, that would trigger a bug in twitter which returns an error code.

Upvotes: 0

Juan Pablo
Juan Pablo

Reputation: 408

I had this exact issue and spent hours trying to diagnose it. I ended up deleting the app I created in the Twitter Developer Platform, and creating a new app, generating the CLIENT_ID and CLIENT_SECRET in the exact same way and it now works.

Possibly a bug on Twitters side?

Upvotes: 1

Haris Jamal
Haris Jamal

Reputation: 111

In you App > User authentication settings > Click on edit for OAuth 1.0a and OAuth 2.0 > Turn on both OAuth 1.0a and OAuth 2.0 and Change Type of App to "Single Page App" which should be Public client.

Upvotes: 11

Related Questions