I'm attempting to retrieve a bearer token from the twitter API to allow app-only authentication as described in Twitter's API documentation. The conf.ini contains the consumer_key and consumer_secret.
Here's my code so far:
import configparser
import requests
import base64
conf = configparser.ConfigParser()
conf.read('conf/conf.ini')
consumer_key = conf['consumer-api-key']['value']
consumer_secret = conf['consumer-secret']['value']
key_secret = base64.urlsafe_b64encode('{}:{}'.format(consumer_key, consumer_secret).encode('ascii')).decode('ascii')
base_url = 'https://api.twitter.com/'
auth_url = '{}oauth2/token'.format(base_url)
auth_headers = {
'Authorization': 'Basic {}'.format(key_secret),
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'
}
auth_data = {
'grant_type': 'client_credentials'
}
auth_resp = requests.post(auth_url, headers=auth_headers, data=auth_data)
print(auth_resp.status_code)
So, I've tried this a number of different ways and even gone so far as regenerating my consumer key and secret. In every case I have received a response of:
'< HTTP/1.1 403 Forbidden' and {"errors":[{"code":99,"message":"Unable to verify your credentials","label":"authenticity_token_error"}.
I tried all of the following in troubleshooting:
- Manually writing out the command in cURL. Ref: curl -u $CONSUMER_KEY:$CONSUMER_SECRET" --compressed --data 'grant_type=client_credentials' 'https://api.twitter.com/oauth2/token'
- Removing the .ini and instead just importing the consumer key and secret as a string
- Using Twython with the exact sample source code (using my key).
- Waiting for 15 minutes, the timeout for the rate limiter.
- Logged out of Twitter, just in case!
- Referenced the reasoning in this blog post.
I also had someone try using my keys with their code and it was able to successfully app authenticate. I also checked at each step of the code and I can see that the variables all seem to be what I expect.
I understand this is a repeat topic, but none of the previously provided answers seem to solve it. Thank you in advance for any help you can provide.
Edits of me continuing to troubleshoot below:
Trying again with cURL just trying to make sure my keys work:
curl -i -X POST -H "Authorization: Basic TOKEN" -d "grant_type=client_credentials" -H "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" "https://api.twitter.com/oauth2/token"
HTTP/1.1 403 Forbidden
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: attachment; filename=json.json
content-length: 105
content-type: application/json;charset=utf-8
date: Wed, 18 Jul 2018 18:06:00 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Wed, 18 Jul 2018 18:06:00 GMT
ml: S
pragma: no-cache
server: tsa_b
status: 403 Forbidden
strict-transport-security: max-age=631138519
x-connection-hash: 4c3591363bea2e655f52dc9ec52aa5ee
x-content-type-options: nosniff
x-frame-options: DENY
x-response-time: 66
x-transaction: 001f3cd100c15114
x-tsa-request-body-time: 0
x-twitter-response-tags: BouncerCompliant
x-ua-compatible: IE=edge,chrome=1
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
Connection: Keep-Alive
Set-Cookie: personalization_id="v1_Ro1inxBH+QRZGVyrYilreg=="; Expires=Fri, 17 Jul 2020 18:06:00 GMT; Path=/; Domain=.twitter.com
Set-Cookie: guest_id=v1%3A153193716084353644; Expires=Fri, 17 Jul 2020 18:06:00 GMT; Path=/; Domain=.twitter.com
{"errors":[{"code":99,"message":"Unable to verify your credentials","label":"authenticity_token_error"}]}
Where TOKEN is the result of...
base64.urlsafe_b64encode('{}:{}'.format(twconsumer_key, twconsumer_secret).encode('UTF-8')).decode('UTF-8')
