Closed DavidRagone closed 7 years ago
I was able to solve my problem by setting the twitter callback url on the twitter web interface to http://0.0.0.0:3000/auth/twitter/callback
. However, this is not an acceptable solution. Per twitter's documentation quoted in my OP above, I need to be able to pass the callback url in each request.
Similar problem here @DavidRagone Solved it by making a dedicated Dev application in Twitter that has a callback to our local environment. And a separate Twitter app for production that points to our actual site in the callback.
@DavidRagone Are you still facing this issue?
@raysrashmi I'm not David, but I am currently facing this issue. Any help would be appreciated!
@gkassee Sorry for late reply. I will look in to this
@raysrashmi Actually I managed to fix the issue, but I'm not entirely sure what I did to correct the problem.
Thats Cool so I can close the issue. Feel free to re open it if you face it again
I'm having this issue as well. The callback_url
parameter is a required param according to the Twitter docs: https://dev.twitter.com/oauth/reference/post/oauth/request_token. I think this library should populate a sensible default for the callback url like /auth/twitter/callback
, but allow this to be over-ridden in configuration options.
@ajsharp Thanks for reporting the issue . I will look in to this.
Sure. At the very least, a more instructive error message would probably be a big improvement. Something like: ArgumentError: You forgot to specify the 'callback_url' parameter
.
Another reason for receiving the 401
can be the enabled "Callback Locking" option in Twitter Application Management panel.
16/09/22 10:47:33 INFO twitter4j.TwitterStreamImpl: Establishing connection. 16/09/22 10:47:36 INFO twitter4j.TwitterStreamImpl: 401:Authentication credentials (https://dev.twitter.com/pages/auth) were missing or incorrect. Ensure that you have set valid consumer key/secret, access token/secret, and the system clock is in sync.
\n\n\nProblem accessing '/1.1/statuses/sample.json?stall_warnings=true'. Reason:
Unauthorized
16/09/22 10:47:36 ERROR twitter.TwitterSource: Exception while streaming tweets 401:Authentication credentials (https://dev.twitter.com/pages/auth) were missing or incorrect. Ensure that you have set valid consumer key/secret, access token/secret, and the system clock is in sync.
\n\n\nProblem accessing '/1.1/statuses/sample.json?stall_warnings=true'. Reason:
Unauthorized
please solve my problem i am getting this problm from three days
@raysrashmi I had problem that after change password on Twitter account - I get old access token. How can I update access token?
@NaumenkoSergiy You can regenerate it "Key and Access Tokens" in https://apps.twitter.com
@dimanyc Thanks, that worked for me! Kept messing around with secrets.yml and generating new API keys and all sorts of stuff.
I am facing a problem, which might be related to this issue, so I am commenting here.
Apparently Twitter changed the API and now forces callback whitelisting: https://twittercommunity.com/t/action-required-sign-in-with-twitter-users-must-whitelist-callback-urls/105342 "The callback_url parameter provided must match one of the whitelisted callback URLs."
My twitter app does have the callback url set. My app still uses omniauth-twitter version 1.2.1. The app now raises OAuth::Unauthorized 403. Error occurs since June 12.
Any idea how to solve this? Do I have to update omniauth-twitter and explicitly set a callback_url?
Thanks Christian
@chriso0710 Adding /callback
to the URL worked for me (this is the path the omniauth gem uses). Credit: https://twitter.com/paulmwatson/status/1006862480453271552
Thanks @leejarvis and @paulmwatson but still not working for me. I already had both
http://<myapp>/auth/twitter
http://<myapp>/auth/twitter/callback
set in the twitter developer app dashboard. Checking or unchecking "enable callback locking" makes no difference.
@chriso0710 That's a shame. FWIW http
also didn't work for me because my website is served over https, so I added them both and it worked.. 🤷♂️
Neither working with http nor https URLs here. Still getting a 403 from twitter. Might be my version of omniauth-twitter then. Will check out the gem update next ...
Thanks @leejarvis, I will update this issue with my results.
Got it working with simple https callback URLs in my production environment, using a real domain name. Did not do a gem update yet.
In my development environment (with puma-dev, SSL and using .test domains) it does not work though.
Example app: https://myapp.test
Callback URL: https://myapp.test/auth/twitter/callback
Do you not need a model name in that @chriso0710? https://myapp.test/users/auth/twitter/callback
Also after beating my head against this all morning I added the Httplog gem in dev and it showed me the exact oauth_callback body value being sent to Twitter. Twitter would validate that oauth_callback value against the whitelist in app.twitter.com settings before it did almost anything else. If it didn't match e.g. http://example.com/users/auth/twitter <=> http://example.com/users/auth/twitter/callback in my case then it would 403.
In dev (Pow) I use .devtest and not .dev or .test anymore.
I've been beating my head too and even though all my callback URLs are all defined in the app settings I'm still getting 403s - nothing seems to make any difference.
Related to #128
That's what my debug log gives me. The oauth callback url is exactly the same as the one set in the apps twitter dashboard. Did do a gem update, no improvements.
20:54:11 log.1 | twitterwall[43690]: [httplog] Sending: POST http://api.twitter.com:443/oauth/request_token
20:54:11 log.1 | twitterwall[43690]: [httplog] Header: accept-encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
20:54:11 log.1 | twitterwall[43690]: [httplog] Header: accept: */*
20:54:11 log.1 | twitterwall[43690]: [httplog] Header: user-agent: OAuth gem v0.5.4
20:54:11 log.1 | twitterwall[43690]: [httplog] Header: content-length: 0
20:54:11 log.1 | twitterwall[43690]: [httplog] Header: content-type: application/x-www-form-urlencoded
20:54:11 log.1 | twitterwall[43690]: [httplog] Header: authorization: OAuth oauth_callback="https%3A%2F%2Fsos.test%2Fauth%2Ftwitter%2Fcallback", oauth_consumer_key="...", oauth_nonce="...", oauth_signature="...", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1528916051", oauth_version="1.0"
20:54:11 log.1 | twitterwall[43690]: [httplog] Header: connection: close
20:54:11 log.1 | twitterwall[43690]: [httplog] Data:
20:54:12 log.1 | twitterwall[43690]: [httplog] Status: 403
Do you not need a model name in that? https://myapp.test/users/auth/twitter/callback
No, I use it without a model name (Sinatra app) and it has been working for years until 2 days ago...
able to resolve this. on app settings on twitter set call back url. in my case it was set to below. Just this one change
https://echai.in/users/auth/twitter/callback
So I finally resolved by adding
http://localhost:3000/auth/twitter/callback
Ref: https://stackoverflow.com/a/50857912/3280050
Notice localhost
and callback
Still getting 403 Forbidden
even with the callbacks set.
@tchret have you tried adding /callback to the end of those URLs? http://localhost:3000/users/auth/twitter/callback
That was the problem for me.
Still having no luck here. Even after adding a "localhost" callback I am getting a 403 back from twitter. Running out of ideas now...
Well, it is working now. And no need to put localhost into the callbacks.
Had a really embarrassing bug in my twitter consumer key/secret handling, which surfaced only after twitter made these changes and started verifying the callback urls.
Thanks, guys, for making me think outside the "cackback url" box! :-)
In development mode, if localvars is your local config file containing your app credentials as environment variables, make sure to run $ source ~/.localvars before $ rails s to reload your correct environment variables (Consumer API key and Consumer API secret key).
So I finally resolved by adding
http://localhost:3000/auth/twitter/callback
Ref: https://stackoverflow.com/a/50857912/3280050
Notice
localhost
andcallback
This is it? After 2 days of f'ing around with http call methods, adding and tweaking various headers, playing with spaces and commas, re-reading Twitter's oauth docs, quintuple-checking my signing hash logic, rearranging oauth parameters randomly, regenerating keys to the point where I thought Twitter would flag me for spam, repeatedly googling "401 authorization required" and "32 could not authenticate" (links are all purple until page 5)... this is the answer?
This voodoo of adding an unneeded localhost callback (I had a real one from the start) finally makes my request_token call work. And my code still works after removing the unneeded localhost callback. THANK YOU GOOD SIR!
And may whoever is responsible for this at Twitter be forced to drink nothing but concentrated bitter-melon juice for an entire week.
Stuck into this error for a couple of days... If you are currently facing the error, I strongly suggest you confirm-
http://127.0.0.1:3000/auth/twitter/callback
instead of http://localhost:3000/auth/twitter/callback
I added both and it worked.It's so frustrating. Good luck with you.
I've set up a very simple rails app and am unable to get the request to twitter to succeed. It's unclear what the cause is. The key and secret are being ready properly from the environment variables. Twitter no longer allows setting of localhost nor 127.0.0.1 in their callback url. Instead, they state:
However, I have not been able to figure out where I am supposed to be passing this information when generating the request.
Here is the code I have written in the initializer. Help would be appreciated.