Hey guys,

Don't know if this is related, but I was testing a friend's iPad app
this morning which uses xAuth.

When setting up a new account in his app, the app authorizes in my
Connections tab.  However, whenever his app tries to use the tokens,
we get an immediate HTTP 401.  None of the calls with the tokens he
has received are working for accessing.

His account, which was auth'd (tokens retreived) over a month ago,
still works ok with his app, but my new setup with the same client
codebase is now failing.

It seems like there might be something wrong with the OAuth tokens
being issued, but that seems kinda crazy that there could be a problem
that widespread.


On Thu, May 20, 2010 at 2:29 PM, Dossy Shiobara <do...@panoptic.com> wrote:
> On 5/20/10 3:16 PM, Taylor Singletary wrote:
>> While we have been having some performance issues that should give you
>> occasional 401s, it shouldn't be as widespread as the experience you've
>> been having.
> OK, you know, until *literally* 60 seconds ago, requests for
> http://twitter.com/oauth_clients/details/1574 were returning 502 fail
> whales.  NOW, it just loaded.
> OK, who fixed it just now?  What was broken?
>> When we throw a 401, we typically provide an error message within the
>> body of the response -- if you can share that it would be helpful.
> As I said in my email the other day:
> HTTP 401, "Failed to validate oauth signature and token"
>> Has anything about your environment changed?
> Sadly, no.  I wish it were that simple.
>> Have you reset your consumer key or secret?
> No, and I just verified again that it still matches what is showing in
> the Twitter OAuth apps page.
>> Does this happen for all access tokens or is
>> there a specific access token that you use that is failing? Is it
>> possible that access token's access was revoked? The error message
>> provided on 401s will help shine some light on some of this.
> It's happening on the very first, and every single, /oauth/request_token
> API call.
>> One recent change we made is that if you're trying to access resources
>> that don't require authentication, but you are still providing OAuth
>> credentials and those credentials are invalid, we no longer provide the
>> data but instead properly inform you that your credentials aren't valid.
> Again, I'm not even getting as far as making a Twitter API call any
> more.  The whole OAuth process is failing at the request_token endpoint.
>> Which, if any, OAuth library do you use?
> Homegrown.  Has been working for over a year, and has not been modified
> the entire time.
> --
> Dossy Shiobara              | do...@panoptic.com | http://dossy.org/
> Panoptic Computer Network   | http://panoptic.com/
>  "He realized the fastest way to change is to laugh at your own
>    folly -- then you can let go and quickly move on." (p. 70)


Reply via email to