Twitter API Failed to validate oauth signature and token java

Question

I'm trying to access resources of a twitter account with http protocol, in an Android app. Twitter uses the open authentication standard OAuth for authentication, consequently I'm following the example in https://dev.twitter.com/docs/auth/oauth#Overview . My problem is: I whant to acquiring a request token but when I make the request to the endpoint https://api.twitter.com/oauth/request_token the response is "Failed to validate oauth signature and token". My code:

FOR SIGNATURE STEP

Timestamp and Nonce

oauthTimestamp = String.valueOf(new Date().getTime());
oauthNonce = Base64.encodeToString(oauthTimestamp.getBytes(),Base64.DEFAULT);
    //remove /n at the end of the string
oauthNonce = oauthNonce.substring(0, oauthNonce.length() - 1);

Signature base string

String signatureBaseString = 
     "POST"                                                                                             
     + "&"
     + URLEncoder.encode("https://api.twitter.com/oauth/request_token")
     + "&"
     + URLEncoder.encode("oauth_callback=" + redirectUrl)
     + URLEncoder.encode("&" + "oauth_consumer_key=" + consumerKey)
     + URLEncoder.encode("&" + "oauth_nonce=" + oauthNonce)
     + URLEncoder.encode("&" + "oauth_signature_method=" +  "HMAC-SHA1")
     + URLEncoder.encode("&" + "oauth_timestamp=" + oauthTimestamp)
     + URLEncoder.encode("&" + "oauth_version=" + "1.0");

signature call

signature = getSignatureToken(applicationSecret, signatureBaseString, "HmacSHA1");

signature method

private String getSignatureToken(String consumerSecret, String baseString, String algotithm) {
    byte[] keyBytes = (consumerSecret+"&").getBytes();
    SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, algotithm);
    Mac mac;
    String res = null;
    try {
        mac = Mac.getInstance(algotithm);
        mac.init(secretKeySpec);
        byte[] rawHmac = mac.doFinal((baseString).getBytes());
        res = android.util.Base64.encodeToString(rawHmac, android.util.Base64.DEFAULT);
        res = res.substring(0, res.length() - 1);
        System.out.println("MAC : " + res);

    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    }
    return res;
}

REQUEST TOKEN STEP

HttpResponse response;
HttpPost authorization = new HttpPost("https://api.twitter.com/oauth/request_token");
final String headerValue = 
    "OAuth " + 
    "oauth_nonce=\""+oauthNonce+"\", " +
    "oauth_callback=\""+redirectUrl+"\", " +
    "oauth_signature_method=\"HMAC-SHA1\", " +
    "oauth_timestamp=\""+oauthTimestamp+"\", " +
    "oauth_consumer_key=\""+consumerKey+"\", " +
    "oauth_signature=\""+URLEncoder.encode(signature)+"\", " +
    "oauth_version=\"1.0\"";    

authorization.addHeader("Authorization", headerValue);
response = this.httpClient.execute(authorization);
System.out.println(EntityUtils.toString(response.getEntity()));

response = this.httpClient.execute(authorization) give me HTTP/1.1 401 Unauthorized

Any ideas?

Thanks

Answer 1

Well, you'll have to debug this in stages, but one thing I find strange: why are you removing the last character of the HMAC (signature) in getSignatureToken() ? That could break the Base64 encoding.