Sorry you're having trouble, Dossy. Can you share the complete path you're using to fetch a request token (with host, domain, protocol, path, and any query parameters), your signature base string, and an authorization header if you're using header-based auth?
Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, May 20, 2010 at 12:29 PM, Dossy Shiobara <do...@panoptic.com> wrote: > On 5/20/10 3:16 PM, Taylor Singletary wrote: > > While we have been having some performance issues that should give you > > occasional 401s, it shouldn't be as widespread as the experience you've > > been having. > > OK, you know, until *literally* 60 seconds ago, requests for > http://twitter.com/oauth_clients/details/1574 were returning 502 fail > whales. NOW, it just loaded. > > OK, who fixed it just now? What was broken? > > > When we throw a 401, we typically provide an error message within the > > body of the response -- if you can share that it would be helpful. > > As I said in my email the other day: > > HTTP 401, "Failed to validate oauth signature and token" > > > Has anything about your environment changed? > > Sadly, no. I wish it were that simple. > > > Have you reset your consumer key or secret? > > No, and I just verified again that it still matches what is showing in > the Twitter OAuth apps page. > > > Does this happen for all access tokens or is > > there a specific access token that you use that is failing? Is it > > possible that access token's access was revoked? The error message > > provided on 401s will help shine some light on some of this. > > It's happening on the very first, and every single, /oauth/request_token > API call. > > > One recent change we made is that if you're trying to access resources > > that don't require authentication, but you are still providing OAuth > > credentials and those credentials are invalid, we no longer provide the > > data but instead properly inform you that your credentials aren't valid. > > Again, I'm not even getting as far as making a Twitter API call any > more. The whole OAuth process is failing at the request_token endpoint. > > > Which, if any, OAuth library do you use? > > Homegrown. Has been working for over a year, and has not been modified > the entire time. > > -- > Dossy Shiobara | do...@panoptic.com | http://dossy.org/ > Panoptic Computer Network | http://panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70) >