[twitter-dev] Is OAuth working for *anyone* out there?
For the last few days, *every* single OAuth request I issue has been met with a 401. Also, trying to access this URL, the OAuth app details page for Twitter Karma, results in a fail whale - consistently: http://twitter.com/oauth_clients/details/1574 Is OAuth down for everyone, or just me? -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Is OAuth working for *anyone* out there?
Hi Dossy, While we have been having some performance issues that should give you occasional 401s, it shouldn't be as widespread as the experience you've been having. When we throw a 401, we typically provide an error message within the body of the response -- if you can share that it would be helpful. Also, you can find a version of your OAuth application details page on the new home at dev.twitter.com by browsing to http://dev.twitter.com/apps/show/1574 -- it doesn't try to report to you the # of access tokens registered to your application, which is the cause of failure in the old interface. The old interface will redirect to the new interface soon. Has anything about your environment changed? Have you reset your consumer key or secret? Does this happen for all access tokens or is there a specific access token that you use that is failing? Is it possible that access token's access was revoked? The error message provided on 401s will help shine some light on some of this. One recent change we made is that if you're trying to access resources that don't require authentication, but you are still providing OAuth credentials and those credentials are invalid, we no longer provide the data but instead properly inform you that your credentials aren't valid. Which, if any, OAuth library do you use? Thanks, Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, May 20, 2010 at 10:21 AM, Dossy Shiobara do...@panoptic.com wrote: For the last few days, *every* single OAuth request I issue has been met with a 401. Also, trying to access this URL, the OAuth app details page for Twitter Karma, results in a fail whale - consistently: http://twitter.com/oauth_clients/details/1574 Is OAuth down for everyone, or just me? -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Is OAuth working for *anyone* out there?
On 5/20/10 3:16 PM, Taylor Singletary wrote: While we have been having some performance issues that should give you occasional 401s, it shouldn't be as widespread as the experience you've been having. OK, you know, until *literally* 60 seconds ago, requests for http://twitter.com/oauth_clients/details/1574 were returning 502 fail whales. NOW, it just loaded. OK, who fixed it just now? What was broken? When we throw a 401, we typically provide an error message within the body of the response -- if you can share that it would be helpful. As I said in my email the other day: HTTP 401, Failed to validate oauth signature and token Has anything about your environment changed? Sadly, no. I wish it were that simple. Have you reset your consumer key or secret? No, and I just verified again that it still matches what is showing in the Twitter OAuth apps page. Does this happen for all access tokens or is there a specific access token that you use that is failing? Is it possible that access token's access was revoked? The error message provided on 401s will help shine some light on some of this. It's happening on the very first, and every single, /oauth/request_token API call. One recent change we made is that if you're trying to access resources that don't require authentication, but you are still providing OAuth credentials and those credentials are invalid, we no longer provide the data but instead properly inform you that your credentials aren't valid. Again, I'm not even getting as far as making a Twitter API call any more. The whole OAuth process is failing at the request_token endpoint. Which, if any, OAuth library do you use? Homegrown. Has been working for over a year, and has not been modified the entire time. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Is OAuth working for *anyone* out there?
Sorry you're having trouble, Dossy. Can you share the complete path you're using to fetch a request token (with host, domain, protocol, path, and any query parameters), your signature base string, and an authorization header if you're using header-based auth? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, May 20, 2010 at 12:29 PM, Dossy Shiobara do...@panoptic.com wrote: On 5/20/10 3:16 PM, Taylor Singletary wrote: While we have been having some performance issues that should give you occasional 401s, it shouldn't be as widespread as the experience you've been having. OK, you know, until *literally* 60 seconds ago, requests for http://twitter.com/oauth_clients/details/1574 were returning 502 fail whales. NOW, it just loaded. OK, who fixed it just now? What was broken? When we throw a 401, we typically provide an error message within the body of the response -- if you can share that it would be helpful. As I said in my email the other day: HTTP 401, Failed to validate oauth signature and token Has anything about your environment changed? Sadly, no. I wish it were that simple. Have you reset your consumer key or secret? No, and I just verified again that it still matches what is showing in the Twitter OAuth apps page. Does this happen for all access tokens or is there a specific access token that you use that is failing? Is it possible that access token's access was revoked? The error message provided on 401s will help shine some light on some of this. It's happening on the very first, and every single, /oauth/request_token API call. One recent change we made is that if you're trying to access resources that don't require authentication, but you are still providing OAuth credentials and those credentials are invalid, we no longer provide the data but instead properly inform you that your credentials aren't valid. Again, I'm not even getting as far as making a Twitter API call any more. The whole OAuth process is failing at the request_token endpoint. Which, if any, OAuth library do you use? Homegrown. Has been working for over a year, and has not been modified the entire time. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Is OAuth working for *anyone* out there?
Hey guys, Don't know if this is related, but I was testing a friend's iPad app this morning which uses xAuth. When setting up a new account in his app, the app authorizes in my Connections tab. However, whenever his app tries to use the tokens, we get an immediate HTTP 401. None of the calls with the tokens he has received are working for accessing. His account, which was auth'd (tokens retreived) over a month ago, still works ok with his app, but my new setup with the same client codebase is now failing. It seems like there might be something wrong with the OAuth tokens being issued, but that seems kinda crazy that there could be a problem that widespread. -damon On Thu, May 20, 2010 at 2:29 PM, Dossy Shiobara do...@panoptic.com wrote: On 5/20/10 3:16 PM, Taylor Singletary wrote: While we have been having some performance issues that should give you occasional 401s, it shouldn't be as widespread as the experience you've been having. OK, you know, until *literally* 60 seconds ago, requests for http://twitter.com/oauth_clients/details/1574 were returning 502 fail whales. NOW, it just loaded. OK, who fixed it just now? What was broken? When we throw a 401, we typically provide an error message within the body of the response -- if you can share that it would be helpful. As I said in my email the other day: HTTP 401, Failed to validate oauth signature and token Has anything about your environment changed? Sadly, no. I wish it were that simple. Have you reset your consumer key or secret? No, and I just verified again that it still matches what is showing in the Twitter OAuth apps page. Does this happen for all access tokens or is there a specific access token that you use that is failing? Is it possible that access token's access was revoked? The error message provided on 401s will help shine some light on some of this. It's happening on the very first, and every single, /oauth/request_token API call. One recent change we made is that if you're trying to access resources that don't require authentication, but you are still providing OAuth credentials and those credentials are invalid, we no longer provide the data but instead properly inform you that your credentials aren't valid. Again, I'm not even getting as far as making a Twitter API call any more. The whole OAuth process is failing at the request_token endpoint. Which, if any, OAuth library do you use? Homegrown. Has been working for over a year, and has not been modified the entire time. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- http://twitter.com/damon http://blog.damonc.com
Re: [twitter-dev] Is OAuth working for *anyone* out there?
i support dossy too From: Taylor Singletary taylorsinglet...@twitter.com To: twitter-development-talk@googlegroups.com Sent: Thu, May 20, 2010 1:27:26 PM Subject: Re: [twitter-dev] Is OAuth working for *anyone* out there? Sorry you're having trouble, Dossy. Can you share the complete path you're using to fetch a request token (with host, domain, protocol, path, and any query parameters), your signature base string, and an authorization header if you're using header-based auth? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, May 20, 2010 at 12:29 PM, Dossy Shiobara do...@panoptic.com wrote: On 5/20/10 3:16 PM, Taylor Singletary wrote: While we have been having some performance issues that should give you occasional 401s, it shouldn't be as widespread as the experience you've been having. OK, you know, until *literally* 60 seconds ago, requests for http://twitter.com/oauth_clients/details/1574 were returning 502 fail whales. NOW, it just loaded. OK, who fixed it just now? What was broken? When we throw a 401, we typically provide an error message within the body of the response -- if you can share that it would be helpful. As I said in my email the other day: HTTP 401, Failed to validate oauth signature and token Has anything about your environment changed? Sadly, no. I wish it were that simple. Have you reset your consumer key or secret? No, and I just verified again that it still matches what is showing in the Twitter OAuth apps page. Does this happen for all access tokens or is there a specific access token that you use that is failing? Is it possible that access token's access was revoked? The error message provided on 401s will help shine some light on some of this. It's happening on the very first, and every single, /oauth/request_token API call. One recent change we made is that if you're trying to access resources that don't require authentication, but you are still providing OAuth credentials and those credentials are invalid, we no longer provide the data but instead properly inform you that your credentials aren't valid. Again, I'm not even getting as far as making a Twitter API call any more. The whole OAuth process is failing at the request_token endpoint. Which, if any, OAuth library do you use? Homegrown. Has been working for over a year, and has not been modified the entire time. -- Dossy Shiobara | do...@panoptic.com| http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Is OAuth working for *anyone* out there?
Just tried establishing a new connection to a different account with Twitterrific (which I believe uses xAuth) and it worked fine. So, there is presumably a bug in the iPad client I was testing. Unrelated. -damon On Thu, May 20, 2010 at 3:33 PM, Damon Clinkscales sca...@pobox.com wrote: Hey guys, Don't know if this is related, but I was testing a friend's iPad app this morning which uses xAuth. When setting up a new account in his app, the app authorizes in my Connections tab. However, whenever his app tries to use the tokens, we get an immediate HTTP 401. None of the calls with the tokens he has received are working for accessing. His account, which was auth'd (tokens retreived) over a month ago, still works ok with his app, but my new setup with the same client codebase is now failing. It seems like there might be something wrong with the OAuth tokens being issued, but that seems kinda crazy that there could be a problem that widespread. -damon
Re: [twitter-dev] Is OAuth working for *anyone* out there?
Hi Damon, We've heard some reports of iPads setting their dates/clocks incorrectly -- sometimes back to 1969. If the client application uses the date/time on the machine (rather than querying it from some other source), and the date/time isn't within 5 minutes or so of our clocks, it results in a failed request. One work around is for clients to adjust their concept of the current time by looking at the HTTP headers we send on a failed request (which includes our server clock), or to use an external service to fetch the time prior to making a request. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, May 20, 2010 at 2:04 PM, Damon Clinkscales sca...@pobox.com wrote: Just tried establishing a new connection to a different account with Twitterrific (which I believe uses xAuth) and it worked fine. So, there is presumably a bug in the iPad client I was testing. Unrelated. -damon On Thu, May 20, 2010 at 3:33 PM, Damon Clinkscales sca...@pobox.com wrote: Hey guys, Don't know if this is related, but I was testing a friend's iPad app this morning which uses xAuth. When setting up a new account in his app, the app authorizes in my Connections tab. However, whenever his app tries to use the tokens, we get an immediate HTTP 401. None of the calls with the tokens he has received are working for accessing. His account, which was auth'd (tokens retreived) over a month ago, still works ok with his app, but my new setup with the same client codebase is now failing. It seems like there might be something wrong with the OAuth tokens being issued, but that seems kinda crazy that there could be a problem that widespread. -damon
Re: [twitter-dev] Is OAuth working for *anyone* out there?
On Thu, May 20, 2010 at 4:16 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Damon, We've heard some reports of iPads setting their dates/clocks incorrectly -- sometimes back to 1969. If the client application uses the date/time on the machine (rather than querying it from some other source), and the date/time isn't within 5 minutes or so of our clocks, it results in a failed request. One work around is for clients to adjust their concept of the current time by looking at the HTTP headers we send on a failed request (which includes our server clock), or to use an external service to fetch the time prior to making a request. Taylor Singletary Developer Advocate, Twitter Thanks Taylor. -damon
Re: [twitter-dev] Is OAuth working for *anyone* out there?
Dossy, to echo my comment to Damon -- can you check the timestamps on your server that is issuing requests? If every call of yours is failing, it's possible that that is why. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, May 20, 2010 at 12:29 PM, Dossy Shiobara do...@panoptic.com wrote: On 5/20/10 3:16 PM, Taylor Singletary wrote: While we have been having some performance issues that should give you occasional 401s, it shouldn't be as widespread as the experience you've been having. OK, you know, until *literally* 60 seconds ago, requests for http://twitter.com/oauth_clients/details/1574 were returning 502 fail whales. NOW, it just loaded. OK, who fixed it just now? What was broken? When we throw a 401, we typically provide an error message within the body of the response -- if you can share that it would be helpful. As I said in my email the other day: HTTP 401, Failed to validate oauth signature and token Has anything about your environment changed? Sadly, no. I wish it were that simple. Have you reset your consumer key or secret? No, and I just verified again that it still matches what is showing in the Twitter OAuth apps page. Does this happen for all access tokens or is there a specific access token that you use that is failing? Is it possible that access token's access was revoked? The error message provided on 401s will help shine some light on some of this. It's happening on the very first, and every single, /oauth/request_token API call. One recent change we made is that if you're trying to access resources that don't require authentication, but you are still providing OAuth credentials and those credentials are invalid, we no longer provide the data but instead properly inform you that your credentials aren't valid. Again, I'm not even getting as far as making a Twitter API call any more. The whole OAuth process is failing at the request_token endpoint. Which, if any, OAuth library do you use? Homegrown. Has been working for over a year, and has not been modified the entire time. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Is OAuth working for *anyone* out there?
I'll send it to you privately, off-list. On 5/20/10 4:27 PM, Taylor Singletary wrote: Sorry you're having trouble, Dossy. Can you share the complete path you're using to fetch a request token (with host, domain, protocol, path, and any query parameters), your signature base string, and an authorization header if you're using header-based auth? -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Is OAuth working for *anyone* out there?
AHA! I just checked, somehow my system clock is off (slow) by ~3 hours. Somehow, NTP died and time sync stopped. I'm not sure how that happened, but I restarted ntpd everywhere, and OAuth is working again! Would it be a huge deal to ask that if the OAuth request is being refused due to the oauth_timestamp, that the 401 response body reflect this fact? Could have saved me 3+ days of head-scratching. On 5/20/10 5:16 PM, Taylor Singletary wrote: Hi Damon, We've heard some reports of iPads setting their dates/clocks incorrectly -- sometimes back to 1969. If the client application uses the date/time on the machine (rather than querying it from some other source), and the date/time isn't within 5 minutes or so of our clocks, it results in a failed request. One work around is for clients to adjust their concept of the current time by looking at the HTTP headers we send on a failed request (which includes our server clock), or to use an external service to fetch the time prior to making a request. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
