NA000022 NA000022 - 1 month ago 25
Objective-C Question

Authentication error in twitter login

I am facing some authentication error using Twitter Rest APis. Although it is working on Postman.On postman there is an option of adding Consumer Secret in Authorization but I don't understand where to put that key in my URLRequest. I am using same code snippet as of Postman but on my app side i face following auth error.

let requestTokenURL = URL(string:"https://api.twitter.com/oauth/request_token")
let consumerKey = "xxxxxxxxxxxxxxxxxxxxxx"
let consumerSecretKey = "xxxxxxxxxxxxxxxxx"
let signatureMethod = "HMAC-SHA1"
let signature = "hgjhagdAGFSSAJKaqhsugqggqskugkg"
let timestamp = String(Date().timeIntervalSince1970)
let nonce = UUID().uuidString
let version = "1.0"


class TwitterHelper{

func getAuthToken(){

let session = URLSession.shared
let info = [["OAuth oauth_consumer_key":consumerKey],
["oauth_signature_method":signatureMethod],
["oauth_timestamp":timestamp],
["oauth_nonce":nonce],
["oauth_version":"1.0"],
["oauth_signature":signature]
]

var formattedString = ""
for case let authData in info {
for (key,value) in authData{
formattedString += key + "=" + (value) + ","
}
}



let headers = [
"content-type": "application/x-www-form-urlencoded",
"Authorization":formattedString
]

var request = URLRequest(url: requestTokenURL!, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers

session.dataTask(with: request) { (data, response, error) in

if let parsedData = parseJsonData(data: data){
print(parsedData)


}
}.resume()

}
}


Response:

{
code = 32;
message = "Could not authenticate you.";
}


It is due to the consumer secret key. In twitter documentation it is not defined to use but when I use it in Postman Authorization , it works. I don't understand how to use that "consumer secret key" in header.

Answer

You don't require the Consumer Secret for oauth 1.0, which is what you are trying to do in your code (just for oauth 2).

The issue is most likely around the oauth signature you are creating as this is quite involved and tricky to get right.

Make sure you are following all the steps outlined here to create the signature base. Remember also to convert your consumer key to utf8 and then base64 encode it too.