Error processing your OAuth request: Invalid oauth_verifier parameter

[caessard]

I created a this new issue because is different than #619 and #587 . We are developing a social media management system and always it had worked it to link the Twitter profiles, getting the access token of each one.

But recently I had a problem to SSL connection, solved with indications in #787 . We can continue to post tweets in profiles already linked but the new profiles we can not link to our system.

//Create link
$adapterTwitter = new Adapter\TwitterAdapter(
                      $config_consumerKey, 
                      $config_consumerSecret, 
                       null, null);
$twitterLink = $adapterTwitter->getLoginURL();

//Class Adapter\TwitterAdapter
public function __construct(
                 $consumerKey, 
                 $consumerSecret, 
                 $accessToken = null, 
                 $accessTokenSecret = null)
    {
    	....
    	$this->api =  new TwitterOAuth(
                          $consumerKey, 
                          $consumerSecret, 
                          $accessToken, 
                          $accessTokenSecret );
    	...
    }

public function getLoginURL(){
    	$request_token = $this->api->oauth('oauth/request_token', array('oauth_callback' => 'callback url as app configuration in Twitter API')); 
    	    	
    	$url = $this->api->url('oauth/authorize', array('oauth_token' => $request_token['oauth_token'])); 
    	    	
    	return array('url' => $url, 'oauth_token' => $request_token['oauth_token'], 'oauth_token_secret' => $request_token['oauth_token_secret']);
    }

After I save the oauth_token and oauth_token_secret in a plain text file to use later at the moment in callback.

When the callback is return agein to our system, after login and authorize

public function authenticationOauthTwitterAction()
    {
      $requestGETParams = //get url parameters: oauth_token and oauth_verifier in an array
      $request_token = //get the oauth_token and oauth_token_secret of file previously saved
      $adapterTwitter = new Adapter\TwitterAdapter(
                                   $config_consumerKey, 
                                   $config_consumerSecret, 
                                   $request_token[0], 
                                   $request_token[1] );
      try {    
            $accessToken = $adapterTwitter->api->oauth('oauth/access_token', array("oauth_verifier" => $requestGETParams['oauth_verifier']));
       } catch (\Exception $exception) {   
           var_dump($exception);
           // Error processing your OAuth request: Invalid oauth_verifier parameter
       }
   ....
  }

At the moment of get access token generated this error.

[abraham]

As I understand your post this is the timeline:

1. Everything stopped working because of TLS changes with the Twitter API.
2. You fixed the SSL issue
3. Posting tweets works again
4. Authenticating new twitter users fails

Is that correct?

I would start by validating that every value in the OAuth token exchange flow is correct. Make sure the code getting the oauth_verifier is correct, the code saving/getting the request token is correct, ect. Are there any other changes that might have been made to the Twitter code that you might have forgotten about that might have broken the OAuth flow?

[caessard]

Your summary is correct.

I have been debug all parameter and they are corrects, works in all cases, inclusive to get oauth_verifier and the only change that I made in TwitterOAuth.php was the #787 issue: adding CURLOPT_SSLVERSION => 6 line in $options field array.

[abraham]

I don't know of any particular reason that one method would not work other than something is different in how you setup or configure the different API calls.

[caessard]

While reviewing the documentation of API I saw the current version is 6.0 different that the constant const API_VERSION = '1.1'; in TwitterOAuth.php that it is out according with Versions Documentation. Maybe could it make a problem with functionality of library?

[abraham]

That link is for the Ads API which this library doesn't currently support. #684 is tracking adding support. The standard API endpoint is still on 1.1.

[caessard]

Ok. So I do not know that what other thing could be affect the functionallity.

[abraham]

I would recommend trying two things:

1. Take your code and run it on a different computer and see if might be environment specific.
2. Take the twitteroauth.com source code and see if that works with your credentials.

[caessard]

With the TwitterOauth demo works to login and post tweet, maybe I have to reformulate the code taking as guide the demo.

[caessard]

I think this tis the problem:

• Before save oauth_token and oauth_secret token in plain file they are xxxxxxx-xxxx and aaaaaaaaaa

• After save and make cat in file the content is yyyyyyy-yyyy and bbbbbbbbbb respectively

I had not setted the conditional $_REQUEST['oauth_token'] == $request_token['oauth_token'] at the moment in callback then the code continue and throw the error for oauth_verifier

[abraham]

Glad to hear you figured it out.

[caessard]

Yes, I replaced the method to save now in database these tokens, but the behavior is the same, the values ​​are replace when saved. However, I think this strange issue is out of this library. Thank you