I am working on writing and OAuth client in Java for Twitter and I am hitting the wall when trying to get the Access Token. I am able to successfully get a sign and get a token, forward to the authorize page, get a response, but after that, when trying to get the Access Token, it dies. The following is my flow:
I am first sending a message with the following information to get the token: OAuthMessage(GET, http://twitter.com/oauth/request_token, [oauth_consumer_key=RmhOF3YvERsY1uVF68tKg, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1238616948, oauth_nonce=1238616948972478000, oauth_version=1.0, oauth_signature=itlw1V%2FSbJzHyU8VHs0wu4uMWew%3D]) This is the URL: http://twitter.com/oauth/request_token?oauth_consumer_key=RmhOF3YvERsY1uVF68tKg&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1238616948&oauth_nonce=1238616948972478000&oauth_version=1.0&oauth_signature=itlw1V%2FSbJzHyU8VHs0w That seems to work great and I get back a response and a token: [Date=Wed%2C%2001%20Apr%202009%2020%3A17%3A51%20GMT, Server=hi, Last- Modified=Wed%2C%2001%20Apr%202009%2020%3A17%3A51%20GMT, Status=200%20OK, ETag=%227b36526f344e3ae8dc0efa12532c71a9%22, Pragma=no-cache, Cache-Control=no-cache%2C%20no-store%2C%20must- revalidate%2C%20pre-check%3D0%2C%20post-check%3D0, Content-Type=text %2Fhtml%3B%20charset%3DUTF-8, Content-Length=112, Expires=Tue%2C %2031%20Mar%201981%2005%3A00%3A00%20GMT, X- Revision=cac1726f8303dbd4844ed052d9f60f2118d51b8f, X- Transaction=1238617071-29428-3892, Set-Cookie=_twitter_sess %3DBAh7BzoHaWQiJTdjZDc4NDI5YzRmOTRmMDM5ODY2ODA4Njc0MmI1NjFlIgpm %25250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG %25250AOgpAdXNlZHsA--14ba7530dbc9101ea124fcf397ec1d3acd924c0b%3B %20domain%3D.twitter.com%3B%20path%3D%2F, Vary=Accept-Encoding, Connection=close] Response Parameters: {oauth_token=eKznWjog00qLi5VIWXKwWql89RyIRPuzKJHVKj0, oauth_token_secret=<secret is populated here>} Then, I use that Token to create the link to the Authorization page: Twitter Authentication http://twitter.com/oauth/authorize?oauth_token=eKznWjog00qLi5VIWXKwWql89RyIRPuzKJHVKj0&oauth_callback=http%3A%2F%2Flocalhost%3A8080%2Fdc%2Ftwitterauth After that comes back, I try to get the Access Token with the following: http://twitter.com/oauth/access_token?oauth_consumer_key=RmhOF3YvERsY1uVF68tKg&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1238617482&oauth_nonce=1238617482950207000&oauth_version=1.0&oauth_signature=b%2FInX%2BiBuMlREF99oFUeZYymuAg%3D This is where I am hitting the wall, because it is coming back as unauthorized: Access Token Response Headers: [Date=Wed%2C%2001%20Apr%202009%2020%3A25%3A57%20GMT, Server=hi, Last- Modified=Wed%2C%2001%20Apr%202009%2020%3A25%3A57%20GMT, Status=401%20Unauthorized, Pragma=no-cache, Cache-Control=no-cache%2C %20no-store%2C%20must-revalidate%2C%20pre-check%3D0%2C%20post-check %3D0, Content-Type=text%2Fhtml%3B%20charset%3DUTF-8, Content-Length=1, Expires=Tue%2C%2031%20Mar%201981%2005%3A00%3A00%20GMT, X- Revision=cac1726f8303dbd4844ed052d9f60f2118d51b8f, X- Transaction=1238617557-17087-17303, Set-Cookie=_twitter_sess %3DBAh7BzoHaWQiJTZmMTA0N2RlNzUwZjhmY2ViY2U0Yzk5MjBhNDcwYjY4Igpm %25250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG %25250AOgpAdXNlZHsA--036987088c0603e72c0639000d32ea9cf1265fbe%3B %20domain%3D.twitter.com%3B%20path%3D%2F, Vary=Accept-Encoding, Connection=close] {HTTP request=GET /oauth/access_token? oauth_consumer_key=RmhOF3YvERsY1uVF68tKg&oauth_signature_method=HMAC- SHA1&oauth_timestamp=1238617482&oauth_nonce=1238617482950207000&oauth_version=1.0&oauth_signature=b %2FInX%2BiBuMlREF99oFUeZYymuAg%3D User-Agent: Jakarta Commons-HttpClient/3.1 Host: twitter.com , HTTP status=401, HTTP response=HTTP/1.1 401 Unauthorized Date: Wed, 01 Apr 2009 20:25:57 GMT Server: hi Last-Modified: Wed, 01 Apr 2009 20:25:57 GMT Status: 401 Unauthorized Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Content-Type: text/html; charset=UTF-8 Content-Length: 1 Expires: Tue, 31 Mar 1981 05:00:00 GMT X-Revision: cac1726f8303dbd4844ed052d9f60f2118d51b8f X-Transaction: 1238617557-17087-17303 Set-Cookie: _twitter_sess=BAh7BzoHaWQiJTZmMTA0N2RlNzUwZjhmY2ViY2U0Yzk5MjBhNDcwYjY4Igpm %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG %250AOgpAdXNlZHsA--036987088c0603e72c0639000d32ea9cf1265fbe; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close , URL=http://twitter.com/oauth/access_token? oauth_consumer_key=RmhOF3YvERsY1uVF68tKg&oauth_signature_method=HMAC- SHA1&oauth_timestamp=1238617482&oauth_nonce=1238617482950207000&oauth_version=1.0&oauth_signature=b %2FInX%2BiBuMlREF99oFUeZYymuAg%3D} I am not sure if you can tell much from that, but any pointers are welcome and appreciated.