Error 32 ( Authentication Error ) on $cordovaOauth.twitter

[emgould]

I have been using ng-cordova-oauth for about 2 months without issue. However now, I the token request always returns error 32. I have verified the client key and secret. I have looked at what is encoded for the signature. I have used the same client key/secret using twitter's oauth tool. Works succesfully with Twitter's generated headers but not the ones from this library. I am at a bit of loss how to continue to debug this. I have played with app permissions on twitter. Nothing seems to get this to return.

[nraboy]

Hi @emgould

Did you happen to follow this great tutorial by @saimon24?:

http://ionicframework.com/blog/displaying-the-twitter-feed-within-your-ionic-app/

I've not heard any other reports of this error. Can you do a console.log and tell me what the promise rejection response says?

I'm sure Saimon or myself can help you get to the bottom of this.

Regards,

[emgould]

Thanks for the help!! I did review the post originally. Keep in mind. This is not really new development. Meaning this has been working without fail for two months in user test. The log doesn't help much. Here is what happens when I step through it. My function calls $cordovaOauth.twitter(clientId, clientSecret) ... with a valid clientId and clientSecret. However the initial $http request for a token is what fails authorization:
$http({method: "post", url: "https://api.twitter.com/oauth/request_token", data: "oauth_callback=http://localhost.com/callback" })
triggering the: error(function(error) {
deferred.reject(error);
});

With the error returned: error 32 Could not authenticate you. from twitter.

How can I help you help me??

The only difference from the blog post in my code is that I put the oauth_callback in the body of the request. So my encoding has:
{ oauth_callback: "http://localhost.com/callback" } where Saimon has {}.

[nraboy]

I recently made some changes to Twitter (rumored for the best):

6310964

Instead of using url-encoded parameters, I switched it to standard parameters. I also changed the header to be local instead of global throughout the application which prevents overlap.

When I tested it had worked fine.

When I'm home I will try to authenticate again just in case the Twitter API changed between now and the last time I tested (17 days ago).

Regards,

[emgould]

Appreciate your help. This really has perplexed me and actually my code and Saimon code should be the same because the issue is inside $cordovaOauth.twitter which we are both calling. So ignore the above stated differences. As I was comparing the code where a token is already restored from localStorage.

[emgould]

Additionally, I noticed those changes and I believe I tested it both ways. Both gave me the same error. Happy to share my client secret/key in private message. I have regenned the tokens and had the same result.

[nraboy]

Let me first test on my setup tonight which I've confirmed working in the past and then I'll circle back. I'll be testing with the latest version of Ionic and the latest version of this library.

Regards,

[emgould]

Just fyi: this is output of console:
Failed to load resource: the server responded with a status of 401 (Authorization Required)

The error Object is : { code: 32, message: "Could not authenticate you" }

[emgould]

I used POSTMan and sent the request by hand and compared the headers generated by Twitter's oauth tool vs ng-cordova-oauth. The difference seems to be the repetition of "Authorization" in the header parameter name and body. Unfortunately I can't test more from where I am but by prepending "Authorization:" to the parameter body did result in Postman returning status=200. Although I could need verify if it would return the token. Hope that helps.

[nraboy]

This is very odd.

My code which I don't change and was previously working, is now not working. So I'm wondering what the heck changed in the Twitter API. Maybe they fixed a bug that was allowing lenient behavior?

I am going to do a bit of digging. I am definitely stumped though because the authorization header matches what Postman creates and I confirmed Postman is working fine.

[emgould]

I built the todo app with an attempt to authenticate. So very basic app. Same problem.

Code:
angular.module('starter', [
'ionic',
'ng-cordova',
'ngCordovaOauth'])

.run(function($ionicPlatform,$cordovaOauth) {
$ionicPlatform.ready(function() {
// Hide the accessory bar by default (remove this to show the accessory bar above the keyboard
// for form inputs)
if(window.cordova && window.cordova.plugins.Keyboard) {
cordova.plugins.Keyboard.hideKeyboardAccessoryBar(true);
}
if(window.StatusBar) {
StatusBar.styleDefault();
}
var clientId =
var clientSecret =
console.log( "Attempting to connect to twitter...");
if (window.cordova && $cordovaOauth) {
$cordovaOauth.twitter(clientId, clientSecret).then(function(result) {
window.alert( " Succesfull got token: ");
console.log(result);
},function(err){
console.error("Unable to connect to twitter");
});
};
})
});

[emgould]

Yeah...crazy. Old code and new code doesn't work. In case you did not see that.

[nraboy]

The problem is definitely in the following:

$http({
    method: "post",
    url: "https://api.twitter.com/oauth/request_token",
    headers: {
        "Authorization": signatureObj.authorization_header
    },
    params: {
        "oauth_callback": "http://localhost/callback"
    }
})

But like you, I did compare the authorization header of ngCordovaOauth with the authorization header generated by Postman and they are the same. In fact, when I add a print statement to the ngCordovaOauth library to print the header and then paste it into Postman it works fine.

You have any more ideas? A solution would be so much easier if we could figure out what exactly changed between now and a few weeks ago.

[vsanasc]

I have the same problem!!

A week ago my application login perfectly with twitter and now not working.
I'm investigating for find of solution!

[nraboy]

The three of us are smart and I know we can come up with a solution. The more great minds on this problem the quicker we can beat it.

Let us know what you find @vsanmaster

[emgould]

I will continue to look at it but I have been debugging this for a couple of days. Pretty stumped. It is almost like Twitter doesn't want to allow the particular flavor of the angular $http post request. It must be some information that is in the actual http request. Something in the header or not in the header.

[nraboy]

Yea I was wondering if Twitter was blocking AngularJS requests, but I don't know how that would even make sense. What makes the AngularJS post different than the one that Postman is doing?

When I look at the requests they look pretty much the same.

Anyone happen to have a contact at Twitter? I haven't seen any news on the internet about changes.

[nraboy]

Opened a ticket in the Twitter forums:

https://twittercommunity.com/t/oauth-endpoint-request-token-stopped-working-all-of-a-sudden/33604

[nraboy]

Got it fixed!

$http({
    method: "post",
    url: "https://api.twitter.com/oauth/request_token",
    headers: {
        "Authorization": signatureObj.authorization_header,
        "Content-Type": "application/x-www-form-urlencoded"
    },
    data: "oauth_callback=" + encodeURIComponent("http://localhost/callback")
})

Twitter must have changed something that requires the oauth_callback to be passed as a body param, not a query param.

Everything seems to be working. I will update the Ionic ngCordova module in the coming days. In the mean time use my ngCordovaOauth module.

Regards,

[emgould]

Awesome. Thanks! This did force me to embrace a hybrid model. I know check to see if there is native Twitter connection available, if so then I gen the oauth_token from that and store it. If not I fall back to this libraries approach.

[nraboy]

There is absolutely nothing wrong with that approach :-)

[dianikol]

I'm trying to get twitter login work..

In $cordovaOauthUtility factory you have a createSignature method.

console.log('before');
var oauthSignatureObject = new jsSHA(signatureBaseString, "TEXT");
console.log('after');

the second console log never triggers. So there must be something wrong there...

[dianikol]

Ok VERY IMPORTANT. Make sure to download version 1 and not the master branch of sha library....

[nraboy]

Yea it is stated in the readme.

[tamnv]

Hi @nraboy ,

When i use this API: https://api.twitter.com/1.1/statuses/home_timeline.json, it works fine, but when I change API to: https://api.twitter.com/1.1/trends/place.json?id=1, I got same error: "Failed to load resource: the server responded with a status of 401 (Authorization Required)". It's confusing,

[nraboy]

My assumption is you're using the API wrong. I offer no support when it comes to provider APIs. As long as you're receiving an access token, my job is done.

I might recommend you posting to the Twitter community forums for more specific API help.

Best,

[alacret]

@nraboy which is your library version? i'm this week using the latest and i am getting the same error:

My code:

$cordovaOauth.twitter(TWITTER_API_SECRET, TWITTER_CONSUMER_KEY).then(function(s){
  window.alert("S");
},function(e){
  if (!e.errors){
    return;
  }
  var e = e.errors;
  for (var i =  0; i < e.length; i++) {
      var error = e[i];
      window.alert(error.code + ":" + error.number + ":" + error.message);
  }
});

Response erro: 32 Could not Authenticate you.

should i manually change the code? or is it a new version that fix this?

[nraboy]

Oauth features have been removed from ng-cordova. You'll have to use ng-cordova-oauth if you wish to use them.

[alacret]

Ah ok... I've using it...

But in android is happening something weird. In my browser it saids "Can not authenticat in a web browser": Ok, but in Android it produces an error, that doesn't have any clue.

My code:

module.exports = [
'$scope',
'$cordovaOauth',
'TWITTER_CONSUMER_KEY',
'TWITTER_CONSUMER_SECRET',

function ($scope, $cordovaOauth, TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET) {
window.alert(TWITTER_CONSUMER_KEY);
window.alert(TWITTER_CONSUMER_SECRET);
window.alert(typeof $cordovaOauth);
window.alert(typeof $cordovaOauth.twitter);

var twitter = $cordovaOauth.twitter(TWITTER_CONSUMER_KEY,TWITTER_CONSUMER_SECRET, {});
window.alert(typeof twitter);
twitter.then(function(s){
  window.alert("success");
}, function(e){
  window.alert("error");
  window.alert(e);
});
window.alert("t controller2");

}

];

The code stops in the creation of the PROMISE, do you any clue? (please)

[nraboy]

Per my documentation, the library will not work with Ionic Serve, Ionic Live-Reload, Ionic View, or in a web browser.

How many of those categories do you fall into?

[alacret]

None. I'm testing in the browser with live-reload, in there it said "Can not authenticate in a web browser" this i do for testing the library availability.

But the real test is in my android phone. In there, once the create promise code executes, the execution gets stopped. I do not know why

[nraboy]

None. I'm testing in the browser with live-reload, in there it said "Can not authenticate in a web browser" this i do for testing the library availability.

Don't do that. Like I said none of that will work with this library.

In regards to the Android phone, what do the ADB logs say?

[alacret]

I'm testing directly in my phone. Where do i see ADB log?

[nraboy]

Like this:

https://www.thepolyglotdeveloper.com/2014/12/debugging-android-source-code-adb/

Best,

[alacret]

:O

I/chromium(27231): [INFO:CONSOLE(2)] "Error: Chosen SHA variant is not supported
I/chromium(27231): at Error (native)
I/chromium(27231): at new t (file:///android_asset/www/vendor-1c5b48aac5.js:23:13796)
I/chromium(27231): at Object.n as createSignature
I/chromium(27231): at Object.r as twitter
I/chromium(27231): at new t.exports (file:///android_asset/www/scripts/app-c555e48f9b.js:1:6661)
I/chromium(27231): at i (file:///android_asset/www/vendor-1c5b48aac5.js:1:19716)
I/chromium(27231): at Object.o as instantiate
I/chromium(27231): at file:///android_asset/www/vendor-1c5b48aac5.js:2:9976
I/chromium(27231): at k.appendViewElement (file:///android_asset/www/vendor-1c5b48aac5.js:18:205)
I/chromium(27231): at Object.V.render (file:///android_asset/www/vendor-1c5b48aac5.js:17:13326)", source: file:///android_asset/www/vendor-1c5b48aac5.js (2)

I think is the JSSHA version

[nraboy]

Are you using version 1.6.0 like it says in the README?

[alacret]

No i didn't tell the bower a version, so it install 2.0.0 let me try with the 1.6.0

[alacret]

Great it did work.

Now i'm stuck on geetting the token from the url. the redirect_uri does not allow file://* and only allows http://* types URL but i don not know how to capture this

PD: Sorry to botter, this is my first ionic app

[alacret]

Done! ...

Is there is a way to hide the PAGE NOTE FOUND ERROR?

[nraboy]

Since explicit grants such as Twitter were never meant to be run client side, this error will always exist due to a race condition. The only way around this would be to host your own callback page remotely so that way it does exist during the other asynchronous requests.

[alacret]

Ok i got it. As this is a web site integration it occurs to me use a page that they host as a callback URL.