3

I'm accessing Twitter Search api into my Angular application getting following error. Implemented this change into https. Still getting same error 

{"errors":[{"code":215,"message":"Bad Authentication data."}]}

twitter-service.js

    angular.module('TwitterServices', [], function ($provide) {
        $provide.factory('$twitter', function ($http, $log) {

            var consumerKey = encodeURIComponent('<consumerKey from twitter api>');
            var consumerSecret = encodeURIComponent('<consumerSecret from twitter api>');
            var credentials = Base64.encode(consumerKey + ':' + consumerSecret);
            var twitterOauthEndpoint = $http.post(
                'https://api.twitter.com/oauth2/token'
                , "grant_type=client_credentials"
                , {
                    headers: {
                        'Authorization': 'Basic ' + credentials, 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
                        'Access-Control-Allow-Origin': '*'
                    }
                }
            );
            twitterOauthEndpoint.success(function (response) {
                serviceModule.$httpProvider.defaults.headers.common['Authorization'] = "Bearer " + response.access_token
            }).error(function (response) {
            });
Dhana
  • 1,618
  • 4
  • 23
  • 39
  • are the credentials correctly copied? – Luca Kiebel Oct 29 '17 at 20:27
  • Yes copied correctly from the app.twitter.com. – Dhana Oct 29 '17 at 23:31
  • That 215 isn’t the response to your POST. The browser never gets to the point of actually trying your POST. That 215 is instead the response to the CORS preflight OPTIONS that the browser (automatically on its own) sends. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests. What triggers your browser to do that preflight is the `Authorization` header your code’s adding to the POST request. The browser sends the OPTIONS preflight — *without the `Authorization` request header* — in order to ask the server if it accepts POST requests that have an `Authorization` header. – sideshowbarker Oct 30 '17 at 00:27
  • @sideshowbarker am I missing something? – Dhana Oct 31 '17 at 00:12
  • You’re not missing anything. There’s no way you can fix this from the client side in your frontend code. Regardless of the particular problems you might run into, the authorization flow you’re trying isn’t going to work. That’s why it’s not documented anywhere as being supported. See the answer at https://stackoverflow.com/questions/43276462/cors-issue-while-requesting-access-token-google-oauth-2/43276710#43276710 (which is about Google auth but the general problem is the same). – sideshowbarker Oct 31 '17 at 00:27
  • @sideshowbarker I agree. Thank you for your comments. Then how do we authenticate this situation then? I'm using angularjs. – Dhana Oct 31 '17 at 01:09
  • @sideshowbarker Check this like https://developer.twitter.com/en/docs/basics/authentication/api-reference/token – Dhana Oct 31 '17 at 01:41
  • You do it from your backend code instead of from your frontend JavaScript code. – sideshowbarker Oct 31 '17 at 02:27

0 Answers0