Magento2: Oauth token Request results in error "cannot create request token because consumer token is not a verifier token"

any updates on this ? I am also stuck on this issue

@bbraspenning , thank you for reporting the issue. Internal ticket MAGETWO-46678

Any update on this ?
I'm also facing same error.

I haven't found a solution on my own. Last update was 7 days ago by okorshenko. ==>Internal ticket MAGETWO-46678. I hope that will solve the issue eventually.

Internal ticket: MAGETWO-47296

I got something regarding this.
Magento sends at time of activation

• Magento store URL. For example, http://my-magento-store.com/.
• oauth_verifier
• OAuth consumer key
• OAuth consumer key secret
  to defined url while creating integration using POST method. You need to read these values and then try the steps again using recieved values.
  Check this again ... http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-oauth.html#http-post
  Create a PHP script and read POST values and you will be able to get verifier token.

This is not a bug, The flow should be well defined in documentation. Its lack of definition.

@amansrivastava Could you provide more detail about what needs to be fixed in the documentation?

@keharper There should be a step by step guide for this. When I was trying to learn OAuth, I found it much confusing either due to complicated structure or insufficient information or tutorials available.
If someone is just using OAuth integration provided by Magento2, he should get a step by step guide to configure it.
(Its my personal opinion after struggling for a week)

I am also having this issue
when sending POST request to /oauth/token/request I get back

Cannot+create+request+token+because+consumer+token+is+not+a+verifier+token

What does this error mean?

@amansrivastava : You say this is not an issue and point back to the very poor Magento documentation. It would be helpful if you say what you specifically saw in the original documentation that helped you get to get round the issue. Or is your comment generally about oAuth ?

Has anybody got past this error message?

I am working on updating the documentation. I believe the problem is that the page you specify in the Callback URL field in Admin is not extracting the verifier token. Magento sends this when you first click Activate in Admin.

@IqbalMobarik @amansrivastava I've updated the docs. I hope to add some code samples next week. See http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-oauth.html and http://devdocs.magento.com/guides/v2.0/howdoi/webapi/integration.html#integrate

@keharper looks better now. I didn't get time to go in depth and I was already able to run it so steps are easily understandable for me now. I hope other newbies will be able to get help from it.

@IqbalMobarik try to trim the values you are passing in request.

I have followed every step and still getting the original error posted here, it says nothing about using the Verifier in the linked documentation to get the Request token? I have added it to my string anyway and still getting the same failure response?

UPDATE: this error occurs if you already have a request token created in Magento DB table oauth_token (if you're like me and developing an app and raising multiple requests), clear this table of its entries (request and verify) before retrying and this error disappears...

I feel that if you ask for another request token magento should create another not get upset that there is already a request token created... But that's just me...

Struggled with this for a while until applied the solution @EridianBrian proposed. Deleting entries from oauth_token worked for me. Thanks @EridianBrian!

@rgoncharuk This still feels like a bug. While @EridianBrian and @jmg were able to "fix" this by deleting the tokens in oauth_token, the system shouldn't get in a state when failure to successfully complete the request token process results in an unusable integration.

i.e.

1. System Owner (either directly or via a module) creates an integration, listed in Stores -> Integration
2. System owner requests activation of integration
3. Application/Service owner successfully receives oauth verifier token
4. Application/Service owner successfully makes request to oauth/token/request
5. For [uncontrollable reason x -- tokens expires, failure to capture result of oauth/token/request], Application/Service owner fails to call oauth/token/access
6. Application/Service owner tells system owner to reactivate

Based on my experience, and the experiences of @EridianBrian and @jmg above, if the system owner attempts to reactive they'll get back the same verifier token. While the token's expiration will be reset, they won't be able to successfully fetch a new request token without the system owner manually clearing the old tokens from their tables.

This means an Integration is rendered useless if the application/server owner fails to successfully get a response token on the first try. This is bad for developer experience, and could also impact real world users. This is a bug and should be fixed.

/cc @piotrekkaminski

@bbraspenning, thank you for your report.
The issue is already fixed in 2.1.10

@magento-engcom-team I am still experiencing this is 2.2.1.
Solution by @EridianBrian still works.

And still experiencing this on 2.2.3.

Can confirm that this STILL happens on 2.3 when calling multiple 'Get a request token' requests in succession during development...

Is any news on this- still having this problem in 2.3

Any update on this? The issue still exists in v2.3.3.

Edit: Resolved! Turns out it was the callback URL of the application failing to load properly; in my case it was the Laravel's CSRF Token protection. I had to add the callback route to the $except parameter in App\Http\Middleware\VerifyCsrfToken in order for it to work.

Hi All,
I've Magento 2.3.4 but I got the same error
oauth_problem=Cannot+create+request+token+because+consumer+token+is+not+a+verifier+token

I set an Integrations with ConsumerKey and ConsumerSecret.

In Stores -> Setting Oauth -> Expiration Period I need to enter value 1000000000000
If I leave default value (300) I got oauth_problem=Consumer+key+has+expired

Testing with Postman I have this error.

Anyone resolve it?
Best Regards,
Francesco