Twitter OAuth - Invalid/Expired Token

问题

twitter_login

        $twitteroauth = new TwitterOAuth($this->__twitterKey, $this->__twitterSecret);

        $request_token = $twitteroauth->getRequestToken(Router::url(array('action' => 'twitter', 'authorize'), true));
        $this->Session->write('Twitter', $request_token);

        if($twitteroauth->http_code==200){
            // Let's generate the URL and redirect
            $url = $twitteroauth->getAuthorizeURL($request_token['oauth_token']);
            header('Location: '. $url);
        } else {
            $this->Session->setFlash('Something went wrong');
        }

twitter_callback

    $data['oauth_verifier'] = $_GET['oauth_verifier'];
    $data['oauth_token'] = $this->Session->read('Twitter.oauth_token');
    $data['oauth_token_secret'] = $this->Session->read('Twitter.oauth_token_secret');

    $twitteroauth = new TwitterOAuth($this->__twitterKey, $this->__twitterSecret, $data['oauth_token'], $data['oauth_token_secret']);

    $access_token = $twitteroauth->getAccessToken($data['oauth_verifier']);

When i do a var_dump

i get the following

Array
(
    [ "1.0" encoding="UTF-8"?>

  /oauth/access_token?oauth_consumer_key=Z2R8QqJYCthif67Qba4vzA
    [amp;oauth_nonce] => 78576d8eaaabb422fdbd3097e385adcc
    [amp;oauth_signature] => T23hCeJ5PM2rdYvdZ0mvoHzOfLk=
    [amp;oauth_signature_method] => HMAC-SHA1
    [amp;oauth_timestamp] => 1301392825
    [amp;oauth_token] => JKlpOBGaENFzuXbs4bSzVZCTWnelKX5WeJ1EA1MLfB0
    [amp;oauth_verifier] => ifPBR18Pw2iTs74GAqyFlLXbvQAoOgG3AjWpPxXV2E
    [amp;oauth_version] => 1.0
  Invalid / expired Token


)

回答1:

Try ksorting just before $twitteroauth = new TwitterOAuth(...) Most of the times, OAuth problems occur because of the requirements of the protocol.

$data['oauth_token_secret'] = $this->Session->read('Twitter.oauth_token_secret');

ksort($data);

$twitteroauth = new TwitterOAuth($this->__twitterKey, $this->__twitterSecret,

Here is a link explaining the normalization (sorting) of the parameters http://oauth.net/core/1.0/#anchor14

回答2:

Try to increase OAuth oauth_timestamp by a couple of hours.

In PHP OAuth client it looks like this:

private static function generate_timestamp() {
    return time()+5*3600;
}

resources

http://www.backwardcompatible.net/149-Twitter-Timestamp-out-of-bounds-solved

来源：https://stackoverflow.com/questions/5470854/twitter-oauth-invalid-expired-token