I have been doing a bit of Twitter development for work in the last few months. Twitter is the first time I have worked with OAuth and it was a bit to wrap my head around. I wanted to tinker around doing some of my own apps since it seems pretty easy now. However, my first attempt at getting it going was a headache. Long story short, if you are unable to get your Request Token, check to make sure your system clock is accurate.
Using the same community libraries I used for work, I would consistently get a 401:Unauthorized - "Failed to validate oauth signature and token". This seemed odd since my code is really only about 3 lines and the libraries do the rest and everything worked fine at work. Thus, I thought maybe it was my Python installation, but that was up today. Even the Twitter Dev team said that it was rare to have a Request Token fail.
I spent about 2 weeks tearing apart the libraries and checking every step of the process. I contacted the Twitter Dev team to see if my server was somehow blacklisted. Finally, yesterday via the The Twitter Development
Google group, someone posted this message
. The gist of it was that a 3rd party dev team was having issues getting the request token and traced it back to their server's system time being 3 days off. So, I pinged my host guy. As it turns out, he didn't have the time sync enabled in ubuntu and the clock was 2 hours off. As soon as he enabled sync, my code worked. Derf.
So yup, if you hit the unlikely case that your Request token doesn't validate, check your system clock. Google Juice, help spread the word.