Search code examples
servletstwitteroauthscribe

Twitter OAuth "Failed to validate signature and token."

I am having trouble getting a response from the Twitter API. I am using scribe 1.3.5 here. When TwitterLoginServlet is called from one page it successfully redirects me to twitter and allows me to login. However, on the callback, TwitterCallbackServlet receives the following information in the oAuthResponse.

code - 401 message - Unauthorized body - Failed to validate oauth signature and token

I am new to using both servlets and oauth so it is completely possible I am making some silly mistake in the following code. I believe this is all that is needed to find a solution to the problem but if you need additional information I will be checking this post vigilantly.

Thanks!

public class TwitterServlet extends HttpServlet {
private static final String SESSION_NAME_REQUEST_TOKN = "twitter.requestToken";

protected Token getRequestToken(HttpServletRequest req) {
    HttpSession session = req.getSession();
    try {
        return (Token) session.getAttribute(SESSION_NAME_REQUEST_TOKN);
    }
    finally {
        session.removeAttribute(SESSION_NAME_REQUEST_TOKN);
    }
}

protected void setRequestToken(HttpServletRequest req, Token token) {
    HttpSession session = req.getSession();
    session.setAttribute(SESSION_NAME_REQUEST_TOKN, token);
}

protected OAuthRequest createRequest() {
    OAuthRequest request = new OAuthRequest(Verb.GET, "https://api.twitter.com/oauth/request_token");
    return request;
}
}

public class TwitterLoginServlet extends TwitterServlet {

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    String callback = "http://" + request.getServerName() + ":" + request.getServerPort() + "/******/TwitterCallbackServlet";              
    OAuthService service = new ServiceBuilder().provider(TwitterApi.SSL.class)
                            .apiKey("******")
                            .apiSecret("******")
                            .callback(callback)
                            .build();
    Token requestToken = service.getRequestToken();
    setRequestToken(request, requestToken);
    response.sendRedirect(service.getAuthorizationUrl(requestToken));
    return;
}

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    doGet(request, response);
}
}
public class TwitterCallbackServlet extends TwitterServlet {

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    OAuthService service = new ServiceBuilder().provider(TwitterApi.SSL.class)
                            .apiKey("******")
                            .apiSecret("******")
                            .build();
    Token requestToken = getRequestToken(request);
    // TODO: Check if the requestToken matches the token of this request.


    String verifier = request.getParameter(OAuthConstants.VERIFIER);

    Token accessToken = service.getAccessToken(requestToken, new Verifier(verifier));

    OAuthRequest oAuthRequest = createRequest();

    service.signRequest(accessToken, oAuthRequest);

    Response oAuthResponse = oAuthRequest.send();

    String body = oAuthResponse.getBody();

    response.sendRedirect("/******/accountSettings.xhtml");

}
Solution

  • Why are you hitting the requestToken endpoint again after getting the access token? Try accessing a different resource, for example:

    "https://api.twitter.com/1.1/account/verify_credentials.json";

    Note that you can run the TwitterExample just to check that stuff is working fine.