Can you provide any more details about the error response you're
giving (like the actual body of the error response)?

Can you share an example of a signature base string and POST body that
failed in this example?

Have you verified that the clock on the device/system originating the
request is in sync with Twitter's (returned in the Date header of
every request) by about 5 minutes?

Do you have any successes to compare against?

Are your HTTP methods in agreement between what your client is
actually using (a GET) and the method declared in your signature base


On Aug 26, 3:05 pm, Marc Mims <> wrote:
> I occasionally see 401 responses calling access_token.
> At the point of call, I have valid request tokens.  The user has been
> redirected to Twitter, has authorized the app (as evidenced by the
> fact
> that the user is redirected to the apps's callback URL).
> The application uses the oauth_token parameter to retrieve the request
> token secret from session data.  The stored request token and
> oauth_token parameters match, so I'm confident the correct request
> token
> secret is retrieved.
> Yet, calling access_token with the request token/secret and verifier
> fails.
> I thought it was perhaps a spurious error, so I wrote a retry loop.
> Here's a brief snippet from the application log:
>        access_token returned 401; retrying in 0.25 seconds
>        access_token returned 401; retrying in 0.5 seconds
>        access_token returned 401; retrying in 1 seconds
>        access_token returned 401; retrying in 2 seconds
>        final error => GET
> failed: 401 Unauthorized
> Why would a call to access_token fail immediately after the user has
> authorized the application?
>        -Marc

Twitter developer documentation and resources:
API updates via Twitter:
Issues/Enhancements Tracker:
Change your membership to this group:

Reply via email to