401 unauthorized

[Trevor Dean]

Is anyone else experiencing any 401 errors all of a sudden?  I was doing some testing this morning and was logging in fine using twitter and then 10 min later I started getting 401 unauthorized errors.

Thanks,

Trevor

[Matt Harris]

Hi Trevor,

Could you share the request and response you are sending so we can investigate. Remember to obscure user and consumer secrets.

Thanks,
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris

--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: http://groups.google.com/group/twitter-development-talk

[Ninjamonk]

I am still getting this issue and I think it's time related at
twitters end.

steps:

1. go to twitter and let user auth app
2. on return use verifier and token to ask twitter for the tokens and
get a 401

Now if I pause step 2 before asking twitter for the tokens for 10
seconds it works fine.

This code has worked for over 6 months and now I am getting this issue
all of a sudden.

I would look at my code but there are a lot of people getting the same
issue.

Cheers

Darren

On Mar 19, 6:05 pm, Matt Harris <thematthar...@twitter.com> wrote:
> Hi Trevor,
>
> Could you share the request and response you are sending so we can
> investigate. Remember to obscure user and consumer secrets.
>
> Thanks,
> @themattharris

> Developer Advocate, Twitterhttp://twitter.com/themattharris

[Joe Mayo]

I'm seeing the same problem with 401's during authentication. I have
an app that has worked flawlessly (with no code changes) for months
that is now receiving 401's. I'm also have multiple support issues on
users experiencing intermittent 401 errors. For some apps, every
authentication request results in a 401, but it seems to happen every
other authentication for others.

Joe

> > >http://groups.google.com/group/twitter-development-talk- Hide quoted text -
>
> - Show quoted text -

[Ninjamonk]

well it's stopped working completely now even if I pause.

Can someone from twitter let us know the progress of this bug?

> > > >http://groups.google.com/group/twitter-development-talk-Hide quoted text -

[akiyoshi]

Well it stopped working for me as well. My scenario was the same as
Joe Mayo's till yesterday.

> > > > >http://groups.google.com/group/twitter-development-talk-Hidequoted text -
>
> > > - Show quoted text -- Ocultar texto das mensagens anteriores -
>
> - Mostrar texto das mensagens anteriores -

[Trevor Dean]

Yup, totally stopped working for me as well and my scenario is the same as Joe's too.  Any status updates on this issue?

[Tatham Oddie]

I'm getting this same behaviour on http://ivebeen.to

If I wait about 30 seconds before trying to convert the request token
to an access token, it all works fine.

This happens on both my local machine and on the deployed website -
two distinct machines in different locations, timezones, etc.

Both machines use network updated time from time.windows.com and I've
manually triggered each of them to make sure their time is up to date.

> >http://groups.google.com/group/twitter-development-talk-Hidequotedtext -

>
> > > > > - Show quoted text -- Ocultar texto das mensagens anteriores -
>
> > > - Mostrar texto das mensagens anteriores -
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:

> >http://groups.google.com/group/twitter-development-talk- Hide quoted text -

[Tatham Oddie]

Please go and star this issue: http://code.google.com/p/twitter-api/issues/detail?id=2118

[Taylor Singletary]

Thanks everyone for the detailed information in these reports; they'll help a lot while we track down the issue. Will update this thread when we know more.

@episod - Taylor Singletary - Twitter Developer Advocate

[Taylor Singletary]

If you're experiencing this issue, can you please provide these additional details:

  * are the OAuth URLs you are using http or https?

  * do your OAuth URLs contain the api subdomain? (you really should be if you aren't)

  * what OAuth library (if any) are you using to sign your requests?

  * If you're observing the response HTTP headers on failed requests, what server time is presented in the "Date" HTTP header? What is your OAuth timestamp?

Thanks!

@episod - Taylor Singletary - Twitter Developer Advocate

[Tatham Oddie]

Hi Taylor,

 

I’m using the TweetSharp library.

 

Here are my requests…

 

Getting the request token works:

 

UTC now: 21/03/2011 2:15:44 PM

 

https://api.twitter.com/oauth/request_token

 

GET /oauth/request_token HTTP/1.1

Authorization: OAuth oauth_callback="...",oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300716944",oauth_version="1.0"

User-Agent: TweetSharp

Host: api.twitter.com

Connection: Keep-Alive

 

200 OK

X-Transaction: 1300716948-77667-49892

X-Runtime: 0.00938

Pragma: no-cache

X-Revision: DEV

Content-Length: 144

Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0

Content-Type: text/html; charset=utf-8

Date: Mon, 21 Mar 2011 14:15:48 GMT

Expires: Tue, 31 Mar 1981 05:00:00 GMT

ETag: "00fdd191cfa579128843a85a7a58be9f"

Last-Modified: Mon, 21 Mar 2011 14:15:48 GMT

Set-Cookie: k=124.169.147.184....; path=/; expires=Mon, 28-Mar-11 14:15:48 GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 14:15:48 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly

Server: hi

Vary: Accept-Encoding

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

 

oauth_token=...&oauth_token_secret=...&oauth_callback_confirmed=true

 

Getting the access token straight away fails with 401:

 

UTC now: 21/03/2011 2:15:46 PM

 

https://api.twitter.com/oauth/access_token

 

POST /oauth/access_token HTTP/1.1

Authorization: OAuth oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300716946",oauth_token="...",oauth_verifier="...",oauth_version="1.0"

Content-Type: application/x-www-form-urlencoded

User-Agent: TweetSharp

Host: api.twitter.com

Content-Length: 0

 

401 Unauthorized

X-Transaction: 1300716950-90707-10498

X-Runtime: 0.00684

Pragma: no-cache

X-Revision: DEV

Content-Length: 1

Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0

Content-Type: text/html; charset=utf-8

Date: Mon, 21 Mar 2011 14:15:50 GMT

Expires: Tue, 31 Mar 1981 05:00:00 GMT

Last-Modified: Mon, 21 Mar 2011 14:15:50 GMT

Set-Cookie: k=124.169.147.184....; path=/; expires=Mon, 28-Mar-11 14:15:50 GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 14:15:50 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly

Server: hi

Vary: Accept-Encoding

 

Trying the same request again 10 minutes later works (only oauth_timestamp changed):

 

UTC now: 21/03/2011 2:25:42 PM

 

https://api.twitter.com/oauth/access_token

 

POST /oauth/access_token HTTP/1.1

Authorization: OAuth oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300717542",oauth_token="...",oauth_verifier="...",oauth_version="1.0"

Content-Type: application/x-www-form-urlencoded

User-Agent: TweetSharp

Host: api.twitter.com

Content-Length: 0

Connection: Keep-Alive

 

200 OK

X-Transaction: 1300717546-72934-39621

X-Runtime: 0.03056

Pragma: no-cache

X-Revision: DEV

Content-Length: 163

Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0

Content-Type: text/html; charset=utf-8

Date: Mon, 21 Mar 2011 14:25:46 GMT

Expires: Tue, 31 Mar 1981 05:00:00 GMT

ETag: "9ac6161371b0ee90ef8f6db5322287df"

Last-Modified: Mon, 21 Mar 2011 14:25:46 GMT

Set-Cookie: k=124.169.147.184.1300717546945450; path=/; expires=Mon, 28-Mar-11 14:25:46 GMT; domain=.twitter.com,guest_id=130071754695116305; path=/; expires=Wed, 20 Apr 2011 14:25:46 GMT,admobuu=989196f7fa5728c90e815cc8f97cd56a; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMitztguAToHaWQiJTk4NDllMmVhZTM1OTJk%250ANzQ0MGFlMWM2YzQ1ZTU2MDg4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--dad7912a647454357cfa6f0d07804b5c4b5d6ae4; domain=.twitter.com; path=/; HttpOnly

Server: hi

Vary: Accept-Encoding

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

 

oauth_token=...&oauth_token_secret=...&user_id=14051560&screen_name=tathamoddie

 

I’m noting that the time offset here is only about 4 seconds, however it certainly takes longer than that to work.

 

You can see this for yourself trying to sign in to http://ivebeen.to

 

 

--

Tatham Oddie

au mob: +61 414 275 989, us cell: +1 213 280 3556, skype: tathamoddie

If you’re printing this email, you’re doing it wrong. This is a computer, not a typewriter.

[akiyoshi]

Ok, here's what I've got so far in my development machine:

All requests to: https://api.twitter.com/oauth/
I'm using Twitterizer OAuth library.
All testing was done trying to authenticate the same user.

Request Token -> Access Token response headers:

Local Machine Time: 21/03/2011 - 11:24 a.m (-3 São Paulo, Brazil)

{Status: 401 Unauthorized
X-Transaction: 1300717410-27747-18545
X-Runtime: 0.00612

Pragma: no-cache
X-Revision: DEV
Content-Length: 1
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0

Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:23:30 GMT

Expires: Tue, 31 Mar 1981 05:00:00 GMT

Last-Modified: Mon, 21 Mar 2011 14:23:30 GMT
Set-Cookie: k=186.204.24.164.1300717410112809; path=/; expires=Mon, 28-
Mar-11 14:23:30 GMT; domain=.twitter.com,guest_id=130071741011897398;
path=/; expires=Wed, 20 Apr 2011 14:23:30
GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEeXzNguAToHaWQiJWY0YWJkOTg5MzA5N2Jk
%250ANmU2MjRlN2Q4OTY4ZDVlOGE3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--5f19c3e4b79f1e24195a532adf988bc5764dc878;

domain=.twitter.com; path=/; HttpOnly
Server: hi
Vary: Accept-Encoding

}

Local Machine Time: 21/03/2011 - 11:26 a.m (-3 São Paulo, Brazil)

{Status: 401 Unauthorized
X-Transaction: 1300717553-71682-48532
X-Runtime: 0.00788

Pragma: no-cache
X-Revision: DEV
Content-Length: 1
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0

Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:25:54 GMT

Expires: Tue, 31 Mar 1981 05:00:00 GMT

Last-Modified: Mon, 21 Mar 2011 14:25:53 GMT
Set-Cookie: k=186.204.24.164.1300717553990342; path=/; expires=Mon, 28-
Mar-11 14:25:53 GMT; domain=.twitter.com,guest_id=130071755399831650;
path=/; expires=Wed, 20 Apr 2011 14:25:53
GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCE
%252FJztguAToHaWQiJWMwNjU4N2ZjMzU1Zjkw
%250AOTYxNzZiODcyNjRhNjU1YTIxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--475d60acc3baee4151254364e9ffddb0ed8a4e76;

domain=.twitter.com; path=/; HttpOnly
Server: hi
Vary: Accept-Encoding
}

Successful response:

Achieved by waiting some seconds between requesting and reading the
response when getting the RequestToken.

Local Machine Time: 21/03/2011 - 11:49 a.m (-3 São Paulo, Brazil)

{Status: 200 OK
X-Transaction: 1300718905-61910-2260
X-Runtime: 0.02514
Pragma: no-cache
X-Revision: DEV
Content-Length: 170

Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Content-Type: text/html; charset=utf-8

Date: Mon, 21 Mar 2011 14:48:25 GMT

Expires: Tue, 31 Mar 1981 05:00:00 GMT

ETag: "82276158764a17db3bb7fd96d46eb377"
Last-Modified: Mon, 21 Mar 2011 14:48:25 GMT
Set-Cookie: k=186.204.24.164.1300718905898781; path=/; expires=Mon, 28-
Mar-11 14:48:25 GMT; domain=.twitter.com,guest_id=130071890590494715;
path=/; expires=Wed, 20 Apr 2011 14:48:25
GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDBq49guAToHaWQiJWRiMzgxYWFhOTFmMjVl
%250AODI3NDI5NmFjZjI0ZmMyYzgyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
c2deb47c8c0545588cb18f77aa3516546f350e26; domain=.twitter.com; path=/;

HttpOnly
Server: hi
Vary: Accept-Encoding

}


On Mar 21, 11:30 am, Tatham Oddie <tat...@oddie.com.au> wrote:
> Hi Taylor,
>

> I’m using the TweetSharp<http://tweetsharp.codeplex.com/> library.

>
> Here are my requests…
>
> Getting the request token works:
>
> UTC now: 21/03/2011 2:15:44 PM
>
> https://api.twitter.com/oauth/request_token
>
> GET /oauth/request_token HTTP/1.1

> Authorization: OAuth oauth_callback="...",oauth_consumer_key="...",oauth_nonce="...",oauth_signa ture="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300716944", oauth_version="1.0"

> Authorization: OAuth oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign ature_method="HMAC-SHA1",oauth_timestamp="1300716946",oauth_token="...",oau th_verifier="...",oauth_version="1.0"

> Content-Type: application/x-www-form-urlencoded
> User-Agent: TweetSharp
> Host: api.twitter.com
> Content-Length: 0
>
> 401 Unauthorized
> X-Transaction: 1300716950-90707-10498
> X-Runtime: 0.00684
> Pragma: no-cache
> X-Revision: DEV
> Content-Length: 1
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
> Content-Type: text/html; charset=utf-8
> Date: Mon, 21 Mar 2011 14:15:50 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> Last-Modified: Mon, 21 Mar 2011 14:15:50 GMT
> Set-Cookie: k=124.169.147.184....; path=/; expires=Mon, 28-Mar-11 14:15:50 GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 14:15:50 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly
> Server: hi
> Vary: Accept-Encoding
>
> Trying the same request again 10 minutes later works (only oauth_timestamp changed):
>
> UTC now: 21/03/2011 2:25:42 PM
>
> https://api.twitter.com/oauth/access_token
>
> POST /oauth/access_token HTTP/1.1

> Authorization: OAuth oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign ature_method="HMAC-SHA1",oauth_timestamp="1300717542",oauth_token="...",oau th_verifier="...",oauth_version="1.0"

> Content-Type: application/x-www-form-urlencoded
> User-Agent: TweetSharp
> Host: api.twitter.com
> Content-Length: 0
> Connection: Keep-Alive
>
> 200 OK
> X-Transaction: 1300717546-72934-39621
> X-Runtime: 0.03056
> Pragma: no-cache
> X-Revision: DEV
> Content-Length: 163
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
> Content-Type: text/html; charset=utf-8
> Date: Mon, 21 Mar 2011 14:25:46 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> ETag: "9ac6161371b0ee90ef8f6db5322287df"
> Last-Modified: Mon, 21 Mar 2011 14:25:46 GMT

> Set-Cookie: k=124.169.147.184.1300717546945450; path=/; expires=Mon, 28-Mar-11 14:25:46 GMT; domain=.twitter.com,guest_id=130071754695116305; path=/; expires=Wed, 20 Apr 2011 14:25:46 GMT,admobuu=989196f7fa5728c90e815cc8f97cd56a; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMitztguAToHaWQiJTk4NDllMmVhZTM1O TJk%250ANzQ0MGFlMWM2YzQ1ZTU2MDg4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOj pGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--dad7912a647454357cfa6f0d07804b5c4b5 d6ae4; domain=.twitter.com; path=/; HttpOnly

> Server: hi
> Vary: Accept-Encoding
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
>

> oauth_token=...&oauth_token_secret=...&user_id=14051560&screen_name=tathamo ddie

>
> I’m noting that the time offset here is only about 4 seconds, however it certainly takes longer than that to work.
>

> You can see this for yourself trying to sign in tohttp://ivebeen.to

>
> --
> Tatham Oddie
> au mob: +61 414 275 989, us cell: +1 213 280 3556, skype: tathamoddie
> If you’re printing this email, you’re doing it wrong. This is a computer, not a typewriter.
>

> From: Taylor Singletary [mailto:taylorsinglet...@twitter.com]
> Sent: Tuesday, 22 March 2011 1:05 AM
> To: twitter-deve...@googlegroups.com
> Cc: Tatham Oddie
> Subject: Re: [twitter-dev] Re: 401 unauthorized
>
> If you're experiencing this issue, can you please provide these additional details:
>   * are the OAuth URLs you are using http or https?
>   * do your OAuth URLs contain the api subdomain? (you really should be if you aren't)
>   * what OAuth library (if any) are you using to sign your requests?
>   * If you're observing the response HTTP headers on failed requests, what server time is presented in the "Date" HTTP header? What is your OAuth timestamp?
>
> Thanks!
>

> @episod<http://twitter.com/episod> - Taylor Singletary - Twitter Developer Advocate

>
> On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary <taylorsinglet...@twitter.com<mailto:taylorsinglet...@twitter.com>> wrote:
> Thanks everyone for the detailed information in these reports; they'll help a lot while we track down the issue. Will update this thread when we know more.
>

> @episod<http://twitter.com/episod> - Taylor Singletary - Twitter Developer Advocate

>
> On Mon, Mar 21, 2011 at 6:03 AM, Tatham Oddie <tat...@oddie.com.au<mailto:tat...@oddie.com.au>> wrote:
>
> Please go and star this issue:http://code.google.com/p/twitter-api/issues/detail?id=2118
>

[Craig Walls]

I'm seeing the same thing that Ninjamonk reported on Mar 20 at
10:10am. That is, if I pause before asking for the access token, it
will work. The only difference is that Ninjamonk said he paused for 10
seconds...I found that I have to pause for at least 15 seconds. I also
discovered that just waiting 15 seconds before pressing the accept
button has the same effect.

I also discovered that if I *don't* pause and it fails that I can re-
issue the same request for the access token again (recalculating the
signature with a new timestamp and nonce) and it will work the 2nd
time.

And, much like everyone else has reported, this is in code that has
been working well for quite awhile, hasn't changed, and is only very
recently started to exhibit this behavior.

FWIW, I also debugged down to the base string (just before it is
encrypted) to see if there's any difference between the base string of
a working request and one that doesn't work. Aside from the nonce and
timestamp, there's no difference at all.

To repeat: It *always* works if there's a 15 second or more delay
between obtaining the request token and trying to get the access
token. And it *always* fails the first time if there is no delay, but
works the 2nd time.

[Craig Walls]

Okay, more information for you to consider...
- I am using HTTPS in the requests
- I am using the api subdomain in the OAuth requests

First, the failed attempt:

I fetched the request token:
oauth_timestamp: 1300825895
Date header in response: [Tue, 22 Mar 2011 20:31:36 GMT]
I then authorized and exchanged for the access token and it failed
with a 401:
oauth_timestamp: 1300825900
Date header in response: [Tue, 22 Mar 2011 20:31:40 GMT]
My code immediately tried again after the failure and it worked the
2nd time:
oauth_timestamp: 1300825900
Date header in response: [Tue, 22 Mar 2011 20:31:40 GMT]

Notice that there was only a 4 second time lapse between obtaining the
request token and exchanging for the access token. I then tried again
with a ~15 second delay:

I fetched the request token:
oauth_timestamp: 1300825933
Date header in response: [Tue, 22 Mar 2011 20:32:13 GMT]
I then waited at the authorization screen for over 15 seconds before
clicking accept...then tried to exchange for the access token...and it
worked:
oauth_timestamp: 1300825976
Date header in response: [Tue, 22 Mar 2011 20:32:56 GMT]

So, again in summary: If there is less than 15 seconds of delay
between obtaining the request token and the access token, it always
fails. If there is a >15 second delay, it always works. And, when it
fails, trying to exchange the request token and verifier a 2nd time
will always work.

On Mar 21, 9:04 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:

> If you're experiencing this issue, can you please provide these additional
> details:
>   * are the OAuth URLs you are using http or https?
>   * do your OAuth URLs contain the api subdomain? (you really should be if
> you aren't)
>   * what OAuth library (if any) are you using to sign your requests?
>   * If you're observing the response HTTP headers on failed requests, what
> server time is presented in the "Date" HTTP header? What is your OAuth
> timestamp?
>
> Thanks!
>

> @episod <http://twitter.com/episod> - Taylor Singletary - Twitter Developer

> Advocate
>
> On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary <
>

> taylorsinglet...@twitter.com> wrote:
> > Thanks everyone for the detailed information in these reports; they'll help
> > a lot while we track down the issue. Will update this thread when we know
> > more.
>

> > @episod <http://twitter.com/episod> - Taylor Singletary - Twitter

[kraigh]

I am seeing exact same behavior (only works with delay) and am using
Twitterizer Library. I am new to Twitter and Twitterizer libarary and
though I was doing something wrong. Clearly not. Thanks for posting
this.

[Gary M]

I'd like to add another confirmation of this issue. I am the lead developer for a commercial application that has started receiving reports of Twitter sign-in failures over the last couple days and I was able to reliably reproduce the 15-second workaround before I came across this thread. I'm using the Hammock (.NET) library, against the api.twitter.com URLs over SSL, but I found the problem persists when I tried over HTTP and/or directed to the regular twitter.com URLs.

[Gary M]

Correction. Switching to HTTP does remove the issue, so I'm making that a configurable setting in our app as a temporary workaround.

[Craig Walls]

I've just confirmed what Gary M says...switching to HTTP does seem to
make it work. But HTTPS requires a >15 second delay between obtaining
a request token and exchanging it for an access token.

[Milos Golubovic]

I can also confirm this behavior. Is it me or is everyone in here
using .NET? Did I possibly miss somewhere that this is a .NET forum?
I am also using a .NET library (Twitterizer). Wondering if anyone not
using .NET is experiencing this issue?

[Craig Walls]

No, I'm using the Java-based Spring Social for this. And I've seen other
threads describing the same problem with PHP. Definitely not just a .NET
problem.

[Ninjamonk]

any news on this? bit of a joke that it's been going on for a week now
and we have no eta on a fix. I have 2 apps waiting to release but as
they feature sign in with twitter I cannot do it. One is for the new
F1 season which kicks off this weekend...

[Trevor Dean]

Yes I was also hoping or a more recent update, the last one was over 18 hours ago and didn't provide much detail (http://code.google.com/p/twitter-api/issues/detail?id=2118).  

[Ninjamonk]

Thanks for the link to the issue, now I can watch it. I have reverted
to the http work around which I hate due to the lack of security.

[AG]

I am using Twitterizer (.NET) and I am also experiencing this issue.

This is very annoying...

[r9handa]

Are you guys still experimenting the issue? My application is still
very unstable, got the Unauthorized all the time.
Anyone knows if we have to change our application, or Twitter will fix
the problem?
Thanks.

[Trevor Dean]

I know Twitter is still working on finding a fix but it's been a couple of weeks now and it might be a good idea to implement the https to http hack for now until they resolve the issue.  I was hoping there would be a fix by now but I can't wait any longer so I will be making that change.

[Jeremy Dunck]

On Mon, Mar 28, 2011 at 10:40 AM, Trevor Dean <trevo...@gmail.com> wrote:
> I know Twitter is still working on finding a fix but it's been a couple of
> weeks now and it might be a good idea to implement the https to http hack
> for now until they resolve the issue.  I was hoping there would be a fix by
> now but I can't wait any longer so I will be making that change.

Sorry, what hack is that? I've heard a bunch of advice on working
around this, but nothing conclusive.

[Nick Spacek]

> Sorry, what hack is that?  I've heard a bunch of advice on working
> around this, but nothing conclusive.

I believe he means changing from https://api.twitter.com to
http://api.twitter.com. I can confirm that this works for me as well.
Obviously not ideal, but an interim solution?

[Milos Golubovic]

The https to http hack worked for me consistently for a while but now
even this no longer works for my app. Can anyone else confirm this?

On Mar 30, 8:10 am, Nick Spacek <nick.spa...@gmail.com> wrote:
> > Sorry, what hack is that?  I've heard a bunch of advice on working
> > around this, but nothing conclusive.
>

> I believe he means changing fromhttps://api.twitter.comtohttp://api.twitter.com. I can confirm that this works for me as well.