Search code examples
twitteroauthpostmantwitter-oauth

Twitter API error when trying to request a token

I am trying to do the first step of obtaining an access token for a user using the twitter api endpoints. But the request_token endpoint is not working and I am getting back a generic 500 Internal Server Error. Here is the endpoint I am trying to hit:

POST https://api.twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2example.com%2Fapi%2Ftwitter%2Foauth

Authorization: OAuth oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth_callback="http%3A%2F%2example.com%2Fapi%2Ftwitter%2Foauth", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1630988166522", oauth_consumer_key="<MY_CONSUMER_KEY>", oauth_signature="8cVT5tNumrTit77OZkiaA1fSo7Y=", oauth_version="1.0"
User-Agent: PostmanRuntime/7.28.4
Accept: */*
Postman-Token: 449c980f-eb74-41f4-a747-1fe1bd34c755
Host: api.twitter.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: guest_id=v1%3A163090645168923415; personalization_id="v1_Enx+SO8Z5+LYLTsALKSDtg=="
Content-Length: 0
 
HTTP/1.1 500 Internal Server Error
x-connection-hash: e6046252ae2e0f7ade3b81bd3e3aa9377e83fe0f48a686d03e14260f1f3599b6
date: Tue, 07 Sep 2021 04:16:03 GMT
server: tsa_b
content-length: 0

The callback is http://<example.com>/api/twitter/oauth

The callback is also defined in my settings on the Twitter app....

The oauth_signature is created using the following javascript:

function createSignature() {
    var str = 
        "include_entities=true" +
        "&oauth_callback=" + "http%3A%2F%2example.com%2Fapi%2Ftwitter%2Foauth" +
        "&oauth_consumer_key=" + "<MY_CONSUMER_KEY>" +
        "&oauth_nonce=kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg" +
        "&oauth_signature_method=HMAC-SHA1" +
        "&oauth_timestamp=" + Date.now() +
        "&oauth_token=" + "<MY_APP_AUTH_ACCESS_TOKEN>" +
        "&oauth_version=1.0"
        ;

    var signature_base_string = 
        "POST" +
        "&https%3A%2F%2Fapi.twitter.com%2F1.1%2Foauth%2Frequest_token" +
        "&" + encodeURIComponent(str);

    var signing_key = 
        "<MY_CONSUMER_SECRET>" +
        "&" +
        "<MY_APP_AUTH_ACCESS_SECRET>";

    var hash = CryptoJS.HmacSHA1(signature_base_string, signing_key);
    var base64 = hash.toString(CryptoJS.enc.Base64);

    return base64;
}

What is it that I am missing??

Thanks!

Solution

  • I figured this out. I was missing some information in the generation of the signature. Here is what it should be:

    var CryptoJS = require("crypto-js");
function createSignature() {

    var str =  
        "oauth_callback=" + encodeURIComponent("<MY_CALLBACK_URL>") +
        "&oauth_consumer_key=" + "<CONSUMER_KEY>" +
        "&oauth_nonce=kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg" +
        "&oauth_signature_method=HMAC-SHA1" +
        "&oauth_timestamp=" + Math.floor((new Date()).getTime() / 1000) +
        "&oauth_token=" + "<TWITTER_ACCESS_TOKEN>" +
        "&oauth_version=1.0"
        ;

    var signature_base_string = 
        "POST" +
        "&" + encodeURIComponent("https://api.twitter.com/oauth/request_token") +
        "&" + encodeURIComponent(str);

    var signing_key = 
        "<CONSUMER_SECRET>" +
        "&" +
        "<TOKEN_SECRET>";

    var hash = CryptoJS.HmacSHA1(signature_base_string, signing_key);
    return encodeURIComponent(hash.toString(CryptoJS.enc.Base64));
}

    Everything else was correct...

    Thanks!