[GH-ISSUE #483] Twitter OAuth request_token returns error 32 "Could not authenticate you."

kerem commented

2026-03-03 16:47:39 +03:00

Owner

Originally created by @BalestraPatrick on GitHub (Aug 13, 2018).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/483

Description:

I've been trying to fix this error for the last couple of hours but I haven't found a way to get around it. I simply trying to Sign in the user to Twitter directly from my iOS app. Here's a snippet of my code.

public final class SignInViewController: UIViewController {

    let oauthswift = OAuth1Swift(
        consumerKey: "#####",
        consumerSecret: "#####",
        requestTokenUrl: "https://api.twitter.com/oauth/request_token?oauth_callback=tweetometer://",
        authorizeUrl: "https://api.twitter.com/oauth/authorize",
        accessTokenUrl: "https://api.twitter.com/oauth/access_token"
    )
    var handle: OAuthSwiftRequestHandle!

    @IBAction func signIn() {
        oauthswift.authorizeURLHandler = SafariURLHandler(viewController: self, oauthSwift: oauthswift)
        handle = oauthswift.authorize(
            withCallbackURL: URL(string: "tweetometer://callback/twitter")!,
            success: { credential, response, parameters in
                print(credential.oauthToken)
                print(credential.oauthTokenSecret)
                print(parameters["user_id"])
                // Do your request
        },
            failure: { error in
                print(error)
        })
    }
}

The HTTP response is a 401 with the following content which may be useful to debug the issue:

requestError[Error Domain=NSURLErrorDomain Code=401 "" UserInfo={OAuthSwiftError.response=<NSHTTPURLResponse: 0x600000a9d060> { URL: https://api.twitter.com/oauth/request_token?oauth_callback=tweetometer:// } { Status Code: 401, Headers {
    "Cache-Control" =     (
        "no-cache, no-store, must-revalidate, pre-check=0, post-check=0"
    );
    "Content-Disposition" =     (
        "attachment; filename=json.json"
    );
    "Content-Encoding" =     (
        gzip
    );
    "Content-Length" =     (
        89
    );
    "Content-Type" =     (
        "application/json; charset=utf-8"
    );
    Date =     (
        "Mon, 13 Aug 2018 08:56:43 GMT"
    );
    Expires =     (
        "Tue, 31 Mar 1981 05:00:00 GMT"
    );
    "Last-Modified" =     (
        "Mon, 13 Aug 2018 08:56:42 GMT"
    );
    Pragma =     (
        "no-cache"
    );
    Server =     (
        "tsa_o"
    );
    "Set-Cookie" =     (
        "personalization_id=\"v1_BK+br6kWIZDkiOWghoRAjg==\"; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com",
        "guest_id=v1%3A153415060294969472; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com"
    );
    Status =     (
        "401 Unauthorized"
    );
    "Strict-Transport-Security" =     (
        "max-age=631138519"
    );
    "Www-Authenticate" =     (
        "OAuth realm=\"https://api.twitter.com\""
    );
    "x-connection-hash" =     (
        35fd91b18ddbcb1391e5c963d6aee389
    );
    "x-content-type-options" =     (
        nosniff
    );
    "x-frame-options" =     (
        SAMEORIGIN
    );
    "x-response-time" =     (
        112
    );
    "x-transaction" =     (
        00c3241500c192c9
    );
    "x-twitter-response-tags" =     (
        BouncerCompliant
    );
    "x-xss-protection" =     (
        "1; mode=block; report=https://twitter.com/i/xss_report"
    );
} }, OAuthSwiftError.response.data=<7b226572 726f7273 223a5b7b 22636f64 65223a33 322c226d 65737361 6765223a 22436f75 6c64206e 6f742061 75746865 6e746963 61746520 796f752e 227d5d7d>, NSErrorFailingURLKey=https://api.twitter.com/oauth/request_token?oauth_callback=tweetometer://, NSLocalizedDescription=, Response-Headers={
    "Cache-Control" = "no-cache, no-store, must-revalidate, pre-check=0, post-check=0";
    "Content-Disposition" = "attachment; filename=json.json";
    "Content-Encoding" = gzip;
    "Content-Length" = 89;
    "Content-Type" = "application/json; charset=utf-8";
    Date = "Mon, 13 Aug 2018 08:56:43 GMT";
    Expires = "Tue, 31 Mar 1981 05:00:00 GMT";
    "Last-Modified" = "Mon, 13 Aug 2018 08:56:42 GMT";
    Pragma = "no-cache";
    Server = "tsa_o";
    "Set-Cookie" = "personalization_id=\"v1_BK+br6kWIZDkiOWghoRAjg==\"; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com, guest_id=v1%3A153415060294969472; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com";
    Status = "401 Unauthorized";
    "Strict-Transport-Security" = "max-age=631138519";
    "Www-Authenticate" = "OAuth realm=\"https://api.twitter.com\"";
    "x-connection-hash" = 35fd91b18ddbcb1391e5c963d6aee389;
    "x-content-type-options" = nosniff;
    "x-frame-options" = SAMEORIGIN;
    "x-response-time" = 112;
    "x-transaction" = 00c3241500c192c9;
    "x-twitter-response-tags" = BouncerCompliant;
    "x-xss-protection" = "1; mode=block; report=https://twitter.com/i/xss_report";
}, Response-Body={"errors":[{"code":32,"message":"Could not authenticate you."}]}}]

I have tried inserting my consumer key and secret in the demo app using Xcode 9.3 and it still doesn't work. It may have broken because of the new parameter oauth_callback which needs to be whitelisted in the Twitter developer portal since GDPR was enforced?

OAuth Provider? (Twitter, Github, ..):

Twitter

OAuth Version:

Version 1

OS (Please fill the version) :

iOS : 12

Installation method:

Carthage

Library version:

head

Xcode version:

other: Xcode 10 (Swift 4.2)

Originally created by @BalestraPatrick on GitHub (Aug 13, 2018). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/483 ### Description: I've been trying to fix this error for the last couple of hours but I haven't found a way to get around it. I simply trying to Sign in the user to Twitter directly from my iOS app. Here's a snippet of my code. ```swift public final class SignInViewController: UIViewController { let oauthswift = OAuth1Swift( consumerKey: "#####", consumerSecret: "#####", requestTokenUrl: "https://api.twitter.com/oauth/request_token?oauth_callback=tweetometer://", authorizeUrl: "https://api.twitter.com/oauth/authorize", accessTokenUrl: "https://api.twitter.com/oauth/access_token" ) var handle: OAuthSwiftRequestHandle! @IBAction func signIn() { oauthswift.authorizeURLHandler = SafariURLHandler(viewController: self, oauthSwift: oauthswift) handle = oauthswift.authorize( withCallbackURL: URL(string: "tweetometer://callback/twitter")!, success: { credential, response, parameters in print(credential.oauthToken) print(credential.oauthTokenSecret) print(parameters["user_id"]) // Do your request }, failure: { error in print(error) }) } } ``` The HTTP response is a 401 with the following content which may be useful to debug the issue: ``` requestError[Error Domain=NSURLErrorDomain Code=401 "" UserInfo={OAuthSwiftError.response=<NSHTTPURLResponse: 0x600000a9d060> { URL: https://api.twitter.com/oauth/request_token?oauth_callback=tweetometer:// } { Status Code: 401, Headers { "Cache-Control" = ( "no-cache, no-store, must-revalidate, pre-check=0, post-check=0" ); "Content-Disposition" = ( "attachment; filename=json.json" ); "Content-Encoding" = ( gzip ); "Content-Length" = ( 89 ); "Content-Type" = ( "application/json; charset=utf-8" ); Date = ( "Mon, 13 Aug 2018 08:56:43 GMT" ); Expires = ( "Tue, 31 Mar 1981 05:00:00 GMT" ); "Last-Modified" = ( "Mon, 13 Aug 2018 08:56:42 GMT" ); Pragma = ( "no-cache" ); Server = ( "tsa_o" ); "Set-Cookie" = ( "personalization_id=\"v1_BK+br6kWIZDkiOWghoRAjg==\"; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com", "guest_id=v1%3A153415060294969472; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com" ); Status = ( "401 Unauthorized" ); "Strict-Transport-Security" = ( "max-age=631138519" ); "Www-Authenticate" = ( "OAuth realm=\"https://api.twitter.com\"" ); "x-connection-hash" = ( 35fd91b18ddbcb1391e5c963d6aee389 ); "x-content-type-options" = ( nosniff ); "x-frame-options" = ( SAMEORIGIN ); "x-response-time" = ( 112 ); "x-transaction" = ( 00c3241500c192c9 ); "x-twitter-response-tags" = ( BouncerCompliant ); "x-xss-protection" = ( "1; mode=block; report=https://twitter.com/i/xss_report" ); } }, OAuthSwiftError.response.data=<7b226572 726f7273 223a5b7b 22636f64 65223a33 322c226d 65737361 6765223a 22436f75 6c64206e 6f742061 75746865 6e746963 61746520 796f752e 227d5d7d>, NSErrorFailingURLKey=https://api.twitter.com/oauth/request_token?oauth_callback=tweetometer://, NSLocalizedDescription=, Response-Headers={ "Cache-Control" = "no-cache, no-store, must-revalidate, pre-check=0, post-check=0"; "Content-Disposition" = "attachment; filename=json.json"; "Content-Encoding" = gzip; "Content-Length" = 89; "Content-Type" = "application/json; charset=utf-8"; Date = "Mon, 13 Aug 2018 08:56:43 GMT"; Expires = "Tue, 31 Mar 1981 05:00:00 GMT"; "Last-Modified" = "Mon, 13 Aug 2018 08:56:42 GMT"; Pragma = "no-cache"; Server = "tsa_o"; "Set-Cookie" = "personalization_id=\"v1_BK+br6kWIZDkiOWghoRAjg==\"; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com, guest_id=v1%3A153415060294969472; Expires=Wed, 12 Aug 2020 08:56:42 GMT; Path=/; Domain=.twitter.com"; Status = "401 Unauthorized"; "Strict-Transport-Security" = "max-age=631138519"; "Www-Authenticate" = "OAuth realm=\"https://api.twitter.com\""; "x-connection-hash" = 35fd91b18ddbcb1391e5c963d6aee389; "x-content-type-options" = nosniff; "x-frame-options" = SAMEORIGIN; "x-response-time" = 112; "x-transaction" = 00c3241500c192c9; "x-twitter-response-tags" = BouncerCompliant; "x-xss-protection" = "1; mode=block; report=https://twitter.com/i/xss_report"; }, Response-Body={"errors":[{"code":32,"message":"Could not authenticate you."}]}}] ``` I have tried inserting my consumer key and secret in the demo app using Xcode 9.3 and it still doesn't work. It may have broken because of the new parameter `oauth_callback` which needs to be whitelisted in the Twitter developer portal since GDPR was enforced? ### OAuth Provider? (Twitter, Github, ..): Twitter ### OAuth Version: - [x] Version 1 ### OS (Please fill the version) : - [x] iOS : 12 ### Installation method: - [x] Carthage ### Library version: - [x] head ### Xcode version: - [x] other: Xcode 10 (Swift 4.2)

kerem closed this issue

2026-03-03 16:47:39 +03:00

kerem commented

2026-03-03 16:47:40 +03:00

Author

Owner

@phimage commented on GitHub (Aug 13, 2018):

32 Could not authenticate you is a twitter response

did you authorize tweetometer:// on twitter as callback url?

@phimage commented on GitHub (Aug 13, 2018): 32 Could not authenticate you is a twitter response did you authorize tweetometer:// on twitter as callback url?

kerem commented

2026-03-03 16:47:40 +03:00

Author

Owner

@phimage commented on GitHub (Aug 13, 2018):

then I do not know if twitter allow custom scheme now
but in the past only http scheme was allowed
https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL

@phimage commented on GitHub (Aug 13, 2018): then I do not know if twitter allow custom scheme now but in the past only http scheme was allowed https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL

kerem commented

2026-03-03 16:47:40 +03:00

Author

Owner

@BalestraPatrick commented on GitHub (Aug 13, 2018):

I authorized the scheme in my developer portal. I tried to remove it and now it works? But before it was complaining that the callback url must be present, this is what the Twitter documentation also says.

@BalestraPatrick commented on GitHub (Aug 13, 2018): I authorized the scheme in my developer portal. I tried to remove it and now it works? But before it was complaining that the callback url must be present, this is what the Twitter documentation also says.

kerem commented

2026-03-03 16:47:40 +03:00

Author

Owner

@phimage commented on GitHub (Aug 14, 2018):

https://developer.twitter.com/en/docs/basics/developer-portal/guides/callback-urls.html
it seems that custom one is authorised now, and there is specific error if not authorized

I have just tested it, and it work fine

Did you use Consumer API keys = oauth1? (not Access token & access token secret = oauth2)

@phimage commented on GitHub (Aug 14, 2018): https://developer.twitter.com/en/docs/basics/developer-portal/guides/callback-urls.html it seems that custom one is authorised now, and there is specific error if not authorized I have just tested it, and it work fine ![screen shot 2018-08-14 at 05 41 08](https://user-images.githubusercontent.com/8875768/44070539-ad74796a-9f84-11e8-9502-f88965d5580e.png) Did you use Consumer API keys = oauth1? (not Access token & access token secret = oauth2)

kerem commented

2026-03-03 16:47:40 +03:00

Author

Owner

@phimage commented on GitHub (Sep 12, 2018):

No response, I close

@phimage commented on GitHub (Sep 12, 2018): No response, I close

kerem referenced this issue

2026-03-03 16:49:39 +03:00

[PR #317] [MERGED] Fix #316 missing renewAccessToken objc function #601

Rows
Columns

[GH-ISSUE #483] Twitter OAuth request_token returns error 32 "Could not authenticate you." #317

Description:

OAuth Provider? (Twitter, Github, ..):

OAuth Version:

OS (Please fill the version) :

Installation method:

Library version:

Xcode version: