Search code examples
http-postruby-on-rails-5twitter-oauth

Post tweets on own Twitter account using /1.1/statuses/update.json fails, Could not authenticate you

Dears

I have invested quite some time in trying to post tweets to my own twitter user account from my web site without using any ready-made solutions. The web site is given read/write access on app.twitter.com and i have regenerated all keys.

I am following the Twitter API instructions referring to endpoint "POST /1.1/statuses/update.json"

I have double checked all my objects and am still getting

response       =--- !ruby/object:Net::HTTPUnauthorized
http_version: '1.1'
code: '401'
message: Authorization Required
header:
  connection:
  - close
  content-length:
  - '89'
  content-type:
  - application/json; charset=utf-8
  date:
  - Wed, 18 Oct 2017 15:28:19 GMT
  server:
  - tsa_o
  set-cookie:
  - personalization_id="v1_pxDMvL5ZrViFDcn8AfFemw=="; Expires=Fri, 18 Oct 2019 15:28:19
    UTC; Path=/; Domain=.twitter.com
  - guest_id=v1%3A150834049962807489; Expires=Fri, 18 Oct 2019 15:28:19 UTC; Path=/;
    Domain=.twitter.com
  strict-transport-security:
  - max-age=631138519
  x-connection-hash:
  - '05228a7a2026efc93a8a2d4b1a8c6460'
  x-response-time:
  - '142'
  x-tsa-request-body-time:
  - '1'
body: '{"errors":[{"code":32,"message":"Could not authenticate you."}]}'
read: true
uri:
decode_content: true
socket:
body_exist: true

I want to send a simple "Hello" from my web site to my twitter account and have double checked all parts which will be presented below.

Also, same logic is used to authenticate me on my web site using my twitter account. So I know authorization (3-legs) works properly.

for posting tweets with my rails app, I have tried both 1) posting the tweet using my app's consumer and access token pairs without going all the authorization steps as well as 2) guiding myself to twitter for explicitly re-authorizing my web site to post the tweet. Both scenarios lead to Error 401. Everything works, except the actual tweeting step.

Any help is very much appreciated. Please note, I am not interested in using a gem and have read thoroughly the associated API documentation.

Here all the constituents of my post request :

Parameter String:    
include_entities=true&
oauth_consumer_key=Xffffffffffffffffffffffff&
oauth_nonce=1vGbvxCqsfGi47L7ecpRnwA33fEojFoy6J2hkRpa8&
oauth_signature_method=HMAC-SHA1&
oauth_timestamp=1508340584&
oauth_token=4444444444-GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG&
oauth_version=1.0&
status=Hello

signature base string:
POST&
https%3A%2F%2Fapi.twitter.com%2F1.1%2Fstatuses%2Fupdate.json&
include_entities%3Dtrue%26
oauth_consumer_key%3DXffffffffffffffffffffffff%26
oauth_nonce%3D1vGbvxCqsfGi47L7ecpRnwA33fEojFoy6J2hkRpa8%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1508340584%26
oauth_token%3D4444444444-GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG%26
oauth_version%3D1.0%26
status%3DHello

signing key:
W6SzwsKSXwFpl8tb0UNJFoCTW6crf6p3JaS8GipJMErofZVLAA&ENxK6XHG8h2EI7dOeSL0fABJzqnzs7FhP6QirBbXvd0br

signature:
0zx68mHx/SxhHkoRpaqZmO8iC2s=

header string:
OAuth oauth_consumer_key="Xffffffffffffffffffffffff", 
oauth_nonce="1vGbvxCqsfGi47L7ecpRnwA33fEojFoy6J2hkRpa8", 
oauth_signature="0zx68mHx%2FSxhHkoRpaqZmO8iC2s%3D", 
oauth_signature_method="HMAC-SHA1", 
oauth_timestamp="1508340584", 
oauth_token="4444444444-GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG", 
oauth_version="1.0"


POST REQUEST
request        =--- !ruby/object:Net::HTTP::Post
method: POST
request_has_body: true
response_has_body: true
uri:
path: "/1.1/statuses/update.json?include_entities=true"
decode_content: true
header:
  content-type:
  - application/x-www-form-urlencoded
  authorization:
  - OAuth oauth_consumer_key="Xffffffffffffffffffffffff", oauth_nonce="1vGbvxCqsfGi47L7ecpRnwA33fEojFoy6J2hkRpa8",
    oauth_signature="0zx68mHx%2FSxhHkoRpaqZmO8iC2s%3D", oauth_signature_method="HMAC-SHA1",
    oauth_timestamp="1508340584", oauth_token="4444444444-GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG",
    oauth_version="1.0"
  host:
  - api.twitter.com
  accept-encoding:
  - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
  accept:
  - "*/*"
  user-agent:
  - Ruby
body: '{"status":"Hello"}'
body_stream:
body_data:
Solution

  • I finally got it to work. Several issues existed. Not with the signatures and the authorization headers. Instead issues existed in the time stamp used, which was not synchronized properly and also not in GMT as twitter is expecting. I synchronized my system clock against time.google.com and this part was done. Now, there was also an issue about the header which needed also sorting, contrary to twitter's own docs talking about sorting in the context of the signature base string only. I found out that also the extended header needs sorting. Extended because it contains the tweet itself which is not part of the signature calculation. once this part was built in posting the tweet was successful