Why can't I authenticate with OAuth?

Question

Why can't I authenticate with OAuth?

I wrote a very simple application to update my twitter status under a given condition. I used twitter documentation to understand the requirements for creating an OAuth signature, as well as how to structure the authorization header. Then I submit the request using cURL in PHP.

Using the OAuth tools on twitter dev, I compared both my main signature line and the authorization header, and both are exactly the same:

Signature Signature String

POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.json&oauth_consumer_key%3DYNxxxxxxxxxxxWnfI6HA%26oauth_nonce%3D31077a3c7b7bee4e4c7e2b5185041c12%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340729904%26oauth_token%3D2991771-4csoiO2fxmWgSxxxxxxxxxxDjWj2AbyxATtiuadNE%26oauth_version%3D1.0%26status%3Dblah%2520test%2520blah.

Authorization Header

Authorization: OAuth oauth_consumer_key="YN4FLBxxxxxxxxxxI6HA", oauth_nonce="31077a3c7b7bee4e4c7e2b5185041c12", oauth_signature="M2cXepcxxxxxxxxxxAImeAjE%2FHc%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1340729904", oauth_token="2991771-4cxxxxxxxxxxSmRvjzMoooMDjWj2AbyxATtiuadNE", oauth_version="1.0"

Obviously, I changed some characters to xto hide my data, but comparing two characters for a character gives exactly the same result. For reference, I hard code the timestamp and nonce that the OAuth Tool creates, so my values may be the same for verification. My access level is set to read and write. There is the last example on the same page - the command to run cURL on the command line. When I run this command, it works fine and sends to my twitter without problems.

With this in mind, I believe that everything that I have created so far is wonderful, and I don’t think it seems to me that I am sending a code that generates the details mentioned earlier. However, I consider the code that I use to call using cURL to be the culprit, but I cannot understand why:

<?php
// ...
$curl = curl_init();

curl_setopt($curl, CURLOPT_URL, $baseUrl);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: $header"));
curl_setopt($curl, CURLOPT_POSTFIELDS, array('status' => $status));
$result = json_decode(curl_exec($curl));
curl_close($curl);

var_dump($result);

, $baseUrl, $header $status - , , .

:

object(stdClass)#1 (2) { ["error"]=> string(34) "Could not authenticate with OAuth." ["request"]=> string(23) "/1/statuses/update.json" }

, , - !

+5

php curl oauth twitter

LeonardChallis 26 . '12 17:21

2

, nonce. docs: " oauth_nonce - , " ( ).

: OAuth 2 + Java JavaScript, OAuth 1 + PHP.

( ), HTTP- (, WireShark) , . , " " .

+1

Will 26 . '12 20:03

LeonardChallis · Accepted Answer · 2012-06-27T18:53:05+0000

, apache_request_headers() , , cURL, , , cURL Content-type multipart/form-data; , , Content-Length. , , , - multipart/form-data;.

, . , :

curl_setopt($curl, CURLOPT_POSTFIELDS, 'status='. rawurlencode($status));

, ( , ):

$postfields = array('status' => $status);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postfields));

IMHO.

Why can't I authenticate with OAuth?

More articles: