Error 401 only in Target (working fine in simulator)

17 views
Skip to first unread message

Karthik

unread,
Sep 1, 2010, 12:10:13 PM9/1/10
to Twitter Development Talk
Hi ,

I am developing a Twitter application in MTK (Media tek ) platform.

I am using Oauth and and My application has the X-auth permission

I am first using POST with required params and the am using below URL

https://api.twitter.com/oauth/access_token
to get the access token in exchange with the username,
password.

I am able to get the access token and My application is working fine
in the simulator (I ma using the proxy server in simulator)

But in the Mobile (I amm not using proxy) , when I post
https://api.twitter.com/oauth/access_token
I am always getting 401 - Unauthorized (Failed to validate oauth
signature and token)

The below is my sample input string to get the signature (hmac-sha1)

POST&http%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_token&oauth_consumer_key%3D4dsadsadsasdsd%26oauth_nonce
%3D1262304301%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D1262304300%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
%26x_auth_password%3Dtest1234%26x_auth_username%3Dnareshs
%2540google.com


Please someone help me to resolve this issue..





Taylor Singletary

unread,
Sep 1, 2010, 12:34:12 PM9/1/10
to twitter-deve...@googlegroups.com
Hi Karthik,

Make sure that the time on your device is in sync with Twitter's clocks. 

We return our current time in the "Date" HTTP header of every 
response. One easy way to fixate an application's clock with our servers is 
to issue a HTTP HEAD request to http://api.twitter.com/1/help/test.xml -- 
it's a non-rate-limited request and will allow you to adjust your clock in 
relation to ours.

The oauth_timestamp in your example here is for Dec 31st, 2009.

Taylor






--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en

Karthik

unread,
Sep 1, 2010, 12:44:40 PM9/1/10
to Twitter Development Talk
Dear Taylor,

I still done get how to sync my mobile clock to the twitter server
clock.
Can you explain little more..?

On Sep 1, 9:34 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Karthik,
>
> Make sure that the time on your device is in sync with Twitter's clocks.
>
> We return our current time in the "Date" HTTP header of every
> response. One easy way to fixate an application's clock with our servers is
> to issue a HTTP HEAD request tohttp://api.twitter.com/1/help/test.xml--
> it's a non-rate-limited request and will allow you to adjust your clock in
> relation to ours.
>
> The oauth_timestamp in your example here is for Dec 31st, 2009.
>
> Taylor
>

Karthik

unread,
Sep 1, 2010, 12:46:25 PM9/1/10
to Twitter Development Talk
You mean I just issue a http request http://api.twitter.com/1/help/test.xml
to the server before I start my login..?

On Sep 1, 9:34 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Karthik,
>
> Make sure that the time on your device is in sync with Twitter's clocks.
>
> We return our current time in the "Date" HTTP header of every
> response. One easy way to fixate an application's clock with our servers is
> to issue a HTTP HEAD request tohttp://api.twitter.com/1/help/test.xml--
> it's a non-rate-limited request and will allow you to adjust your clock in
> relation to ours.
>
> The oauth_timestamp in your example here is for Dec 31st, 2009.
>
> Taylor
>

Taylor Singletary

unread,
Sep 1, 2010, 12:52:41 PM9/1/10
to twitter-deve...@googlegroups.com
You'll need to:

a) determine the system time on the device you're running on
b) determine the system time with Twitter by reading the "Date" HTTP header from a response to making a request to http://api.twitter.com/1/help/text.xml
c) Convert both times to UTC-based epoch time in seconds.
d) If Twitter's time is ahead of your device's time, adjust your oauth_timestamp by the amount of seconds your device is behind. If Twitter's time is behind your device's time, adjust your oauth_timestamp by the amount tof seconds your device is ahead. 

Taylor

M. Edward (Ed) Borasky

unread,
Sep 1, 2010, 4:39:34 PM9/1/10
to twitter-deve...@googlegroups.com, Karthik, Twitter Development Talk
I'd think mobiles - at least the common ones (iPhone, Android,
Symbian, Blackberry, Palm, etc.) would be synchronized to "world time"
automatically. At least my old LG ENV and current Verizon Droid
Incredible tell me what time it is. ;-)

--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos

Tom van der Woerdt

unread,
Sep 1, 2010, 4:42:45 PM9/1/10
to twitter-deve...@googlegroups.com
Not iOS (iPhone, iPod Touch, etc) - my iPod Touch seems to be 18 seconds
out of sync.

Tom

M. Edward (Ed) Borasky

unread,
Sep 1, 2010, 4:55:59 PM9/1/10
to twitter-deve...@googlegroups.com, Tom van der Woerdt
That's a surprise - I'd expect Apple to be on top of stuff like that!
Even so, 18 seconds is well within Twitter's outrageously generous
tolerance of five minutes.

Then again, I used to work at Goddard Space Flight Center - I was
spoiled by having clocks accurate to a microsecond available as wall
plugs. ;-)

"A mathematician is a device for turning coffee into theorems." - Paul Erdos

M. Edward (Ed) Borasky

unread,
Sep 1, 2010, 4:58:09 PM9/1/10
to twitter-deve...@googlegroups.com, M. Edward (Ed) Borasky, twitter-deve...@googlegroups.com, Tom van der Woerdt
Uh ... not counting solar flares and disrupted satellite
communications, of course ... 2012 / 2013 is supposedly going to be a
challenge ;-)

"A mathematician is a device for turning coffee into theorems." - Paul Erdos

M. Edward (Ed) Borasky

unread,
Sep 1, 2010, 5:11:35 PM9/1/10
to twitter-deve...@googlegroups.com, Taylor Singletary
So far the worst case I've heard from someone who's actually measured
it is 18 seconds. ;-) I suppose by 2012 the solar flares will be
tweeting and we'll see them within the eight minutes it takes the
signals to get here. ;-)

"A mathematician is a device for turning coffee into theorems." - Paul Erdos


Quoting Taylor Singletary <taylorsi...@twitter.com>:

> Our generous time range is actually +- ~ 15 minutes -- I just tell everyone
> within 5 minutes to keep things proper and sane. :)
>
> Understand that our correction here is a bit sudden; we may make a
> compromise tweak that will restrict future timestamps, but now with a more
> relaxed resolution than 15 minutes -- with the intention to rectify this
> more gradually in the future.
>
> In the meantime, we strongly suggest clients perform a timestamp sanity
> check. I'll work on formalizing and abstracting the few options developers
> have to make this smooth.
>
> Some day we'll finally release our improved OAuth 1.0A implementation that
> will also be very specific with you about the drift detected in your
> timestamp.
>
> Thanks,
> Taylor

Taylor Singletary

unread,
Sep 1, 2010, 5:07:58 PM9/1/10
to twitter-deve...@googlegroups.com
Our generous time range is actually +- ~ 15 minutes -- I just tell everyone within 5 minutes to keep things proper and sane. :)

Understand that our correction here is a bit sudden; we may make a compromise tweak that will restrict future timestamps, but now with a more relaxed resolution than 15 minutes -- with the intention to rectify this more gradually in the future. 

In the meantime, we strongly suggest clients perform a timestamp sanity check. I'll work on formalizing and abstracting the few options developers have to make this smooth.

Some day we'll finally release our improved OAuth 1.0A implementation that will also be very specific with you about the drift detected in your timestamp. 

Thanks,
Taylor

Andrew W. Donoho

unread,
Sep 1, 2010, 7:45:24 PM9/1/10
to twitter-deve...@googlegroups.com

On Sep 1, 2010, at 15:55 , M. Edward (Ed) Borasky wrote:

> That's a surprise - I'd expect Apple to be on top of stuff like that! Even so, 18 seconds is well within Twitter's outrageously generous tolerance of five minutes.


There are different sync. points for different devices. For example, iPhones sync with AT&T. iPads sync with Apple. There appears to be a ≈30 second difference between them. While being far from a time sync expert, I suspect leap seconds are the issue.

Anon,
Andrew
____________________________________
Andrew W. Donoho
Donoho Design Group, L.L.C.
a...@DDG.com, +1 (512) 750-7596

"We did not come to fear the future.
We came here to shape it."

-- President Barack Obama, Sept. 2009

Karthik

unread,
Sep 2, 2010, 7:21:29 AM9/2/10
to Twitter Development Talk
Thanks you all .......Actually the problem with the API which I am
using to get the target mobile time.
The API always returns local time when I change it to GMT ....The
things are fine in target.

Thanks once again for this timely help on Time...

Karthik

unread,
Sep 3, 2010, 2:20:22 AM9/3/10
to Twitter Development Talk
Dear Taylor,

I am getting one new issue.
In my application , randomly some api's returns 401 - invalid
signature error...
I am not sure whether twitter server only returns 401 randomly or some
problem in my request..?
Most of the time my requests are working fine...
Please help me out....

Regards,
Karthik




On Sep 2, 2:07 am, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Our generous time range is actually +- ~ 15 minutes -- I just tell everyone
> within 5 minutes to keep things proper and sane. :)
>
> Understand that our correction here is a bit sudden; we may make a
> compromise tweak that will restrict future timestamps, but now with a more
> relaxed resolution than 15 minutes -- with the intention to rectify this
> more gradually in the future.
>
> In the meantime, we strongly suggest clients perform a timestamp sanity
> check. I'll work on formalizing and abstracting the few options developers
> have to make this smooth.
>
> Some day we'll finally release our improved OAuth 1.0A implementation that
> will also be very specific with you about the drift detected in your
> timestamp.
>
> Thanks,
> Taylor
>
> On Wed, Sep 1, 2010 at 1:55 PM, M. Edward (Ed) Borasky <
>
> zn...@borasky-research.net> wrote:
> > That's a surprise - I'd expect Apple to be on top of stuff like that! Even
> > so, 18 seconds is well within Twitter's outrageously generous tolerance of
> > five minutes.
>
> > Then again, I used to work at Goddard Space Flight Center - I was spoiled
> > by having clocks accurate to a microsecond available as wall plugs. ;-)
>
> > --
> > M. Edward (Ed) Borasky
> >http://borasky-research.nethttp://twitter.com/znmeb
>
> > "A mathematician is a device for turning coffee into theorems." - Paul
> > Erdos
>

Karthik

unread,
Sep 3, 2010, 2:26:57 AM9/3/10
to Twitter Development Talk
Dear Taylor,

I am getting one new issue.
In my application , randomly some api's returns 401 - invalid
signature error...
I am not sure whether twitter server only returns 401 randomly or some
problem in my request..?
Most of the time my requests are working fine...
Please help me out....

Regards,

On Sep 1, 9:34 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Karthik,
>
> Make sure that the time on your device is in sync with Twitter's clocks.
>
> We return our current time in the "Date" HTTP header of every
> response. One easy way to fixate an application's clock with our servers is
> to issue a HTTP HEAD request tohttp://api.twitter.com/1/help/test.xml--
> it's a non-rate-limited request and will allow you to adjust your clock in
> relation to ours.
>
> The oauth_timestamp in your example here is for Dec 31st, 2009.
>
> Taylor
>

Matt Harris

unread,
Sep 3, 2010, 12:21:48 PM9/3/10
to twitter-deve...@googlegroups.com
Hey Karthik,

If some methods are returning 401 and others are succeeding it sounds
like your encoding could be going wrong. Can you share the calls which
401 and a couple that are successful so we can see what maybe
happening. It would be helpful to see the Auth header and signature
base string for each request.

Best,
Matt

--


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

Craig Hockenberry

unread,
Sep 8, 2010, 4:34:42 PM9/8/10
to Twitter Development Talk
5 minutes (or even 15 minutes) for the OAuth timestamp is a major
problem on the iPad. This device doesn't have a guaranteed network
connection and therefore doesn't do NTP syncs on a regular basis. It's
common for these devices to be off by an hour or more.

We do a check at startup against the Twitter servers, but that's a
pretty crappy user experience for the end user because they have to
manually go into their settings to adjust the time (often.) It
generates a lot of support requests, too.

-ch

On Sep 1, 2:07 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Our generous time range is actually +- ~ 15 minutes -- I just tell everyone
> within 5 minutes to keep things proper and sane. :)
>
> Understand that our correction here is a bit sudden; we may make a
> compromise tweak that will restrict future timestamps, but now with a more
> relaxed resolution than 15 minutes -- with the intention to rectify this
> more gradually in the future.
>
> In the meantime, we strongly suggest clients perform a timestamp sanity
> check. I'll work on formalizing and abstracting the few options developers
> have to make this smooth.
>
> Some day we'll finally release our improved OAuth 1.0A implementation that
> will also be very specific with you about the drift detected in your
> timestamp.
>
> Thanks,
> Taylor
>
> On Wed, Sep 1, 2010 at 1:55 PM, M. Edward (Ed) Borasky <
>
>
>
> zn...@borasky-research.net> wrote:
> > That's a surprise - I'd expect Apple to be on top of stuff like that! Even
> > so, 18 seconds is well within Twitter's outrageously generous tolerance of
> > five minutes.
>
> > Then again, I used to work at Goddard Space Flight Center - I was spoiled
> > by having clocks accurate to a microsecond available as wall plugs. ;-)
>
> > --
> > M. Edward (Ed) Borasky
> >http://borasky-research.nethttp://twitter.com/znmeb
>
> > "A mathematician is a device for turning coffee into theorems." - Paul
> > Erdos
>

Taylor Singletary

unread,
Sep 8, 2010, 4:47:55 PM9/8/10
to twitter-deve...@googlegroups.com
But you don't need to ask the user to update their time at all, do you Craig? You simply make a non-rate limited request to Twitter before making any other requests, scrape the current time from the Date HTTP header Twitter responds with, and then for as long as the application is "active" you adjust all of your oauth_timestamps by the delta between the system clock and Twitter's.. all of this can happen without a user interaction, correct?

Taylor
Reply all
Reply to author
Forward
0 new messages