Ok, here's what I've got so far in my development machine:

All requests to: https://api.twitter.com/oauth/
I'm using Twitterizer OAuth library.
All testing was done trying to authenticate the same user.

Request Token -> Access Token response headers:

Local Machine Time: 21/03/2011 - 11:24 a.m (-3 São Paulo, Brazil)

{Status: 401 Unauthorized
X-Transaction: 1300717410-27747-18545
X-Runtime: 0.00612
Pragma: no-cache
X-Revision: DEV
Content-Length: 1
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:23:30 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Mon, 21 Mar 2011 14:23:30 GMT
Set-Cookie: k=186.204.24.164.1300717410112809; path=/; expires=Mon, 28-
Mar-11 14:23:30 GMT; domain=.twitter.com,guest_id=130071741011897398;
path=/; expires=Wed, 20 Apr 2011 14:23:30
GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEeXzNguAToHaWQiJWY0YWJkOTg5MzA5N2Jk
%250ANmU2MjRlN2Q4OTY4ZDVlOGE3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--5f19c3e4b79f1e24195a532adf988bc5764dc878;
domain=.twitter.com; path=/; HttpOnly
Server: hi
Vary: Accept-Encoding

}

Local Machine Time: 21/03/2011 - 11:26 a.m (-3 São Paulo, Brazil)

{Status: 401 Unauthorized
X-Transaction: 1300717553-71682-48532
X-Runtime: 0.00788
Pragma: no-cache
X-Revision: DEV
Content-Length: 1
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:25:54 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Mon, 21 Mar 2011 14:25:53 GMT
Set-Cookie: k=186.204.24.164.1300717553990342; path=/; expires=Mon, 28-
Mar-11 14:25:53 GMT; domain=.twitter.com,guest_id=130071755399831650;
path=/; expires=Wed, 20 Apr 2011 14:25:53
GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCE
%252FJztguAToHaWQiJWMwNjU4N2ZjMzU1Zjkw
%250AOTYxNzZiODcyNjRhNjU1YTIxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--475d60acc3baee4151254364e9ffddb0ed8a4e76;
domain=.twitter.com; path=/; HttpOnly
Server: hi
Vary: Accept-Encoding
}

Successful response:

Achieved by waiting some seconds between requesting and reading the
response when getting the RequestToken.

Local Machine Time: 21/03/2011 - 11:49 a.m (-3 São Paulo, Brazil)

{Status: 200 OK
X-Transaction: 1300718905-61910-2260
X-Runtime: 0.02514
Pragma: no-cache
X-Revision: DEV
Content-Length: 170
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:48:25 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
ETag: "82276158764a17db3bb7fd96d46eb377"
Last-Modified: Mon, 21 Mar 2011 14:48:25 GMT
Set-Cookie: k=186.204.24.164.1300718905898781; path=/; expires=Mon, 28-
Mar-11 14:48:25 GMT; domain=.twitter.com,guest_id=130071890590494715;
path=/; expires=Wed, 20 Apr 2011 14:48:25
GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDBq49guAToHaWQiJWRiMzgxYWFhOTFmMjVl
%250AODI3NDI5NmFjZjI0ZmMyYzgyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
c2deb47c8c0545588cb18f77aa3516546f350e26; domain=.twitter.com; path=/;
HttpOnly
Server: hi
Vary: Accept-Encoding

}


On Mar 21, 11:30 am, Tatham Oddie <tat...@oddie.com.au> wrote:
> Hi Taylor,
>
> I’m using the TweetSharp<http://tweetsharp.codeplex.com/> library.
>
> Here are my requests…
>
> Getting the request token works:
>
> UTC now: 21/03/2011 2:15:44 PM
>
> https://api.twitter.com/oauth/request_token
>
> GET /oauth/request_token HTTP/1.1
> Authorization: OAuth 
> oauth_callback="...",oauth_consumer_key="...",oauth_nonce="...",oauth_signa 
> ture="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300716944", 
> oauth_version="1.0"
> User-Agent: TweetSharp
> Host: api.twitter.com
> Connection: Keep-Alive
>
> 200 OK
> X-Transaction: 1300716948-77667-49892
> X-Runtime: 0.00938
> Pragma: no-cache
> X-Revision: DEV
> Content-Length: 144
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
> Content-Type: text/html; charset=utf-8
> Date: Mon, 21 Mar 2011 14:15:48 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> ETag: "00fdd191cfa579128843a85a7a58be9f"
> Last-Modified: Mon, 21 Mar 2011 14:15:48 GMT
> Set-Cookie: k=124.169.147.184....; path=/; expires=Mon, 28-Mar-11 14:15:48 
> GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 
> 14:15:48 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 
> 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly
> Server: hi
> Vary: Accept-Encoding
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
>
> oauth_token=...&oauth_token_secret=...&oauth_callback_confirmed=true
>
> Getting the access token straight away fails with 401:
>
> UTC now: 21/03/2011 2:15:46 PM
>
> https://api.twitter.com/oauth/access_token
>
> POST /oauth/access_token HTTP/1.1
> Authorization: OAuth 
> oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign 
> ature_method="HMAC-SHA1",oauth_timestamp="1300716946",oauth_token="...",oau 
> th_verifier="...",oauth_version="1.0"
> Content-Type: application/x-www-form-urlencoded
> User-Agent: TweetSharp
> Host: api.twitter.com
> Content-Length: 0
>
> 401 Unauthorized
> X-Transaction: 1300716950-90707-10498
> X-Runtime: 0.00684
> Pragma: no-cache
> X-Revision: DEV
> Content-Length: 1
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
> Content-Type: text/html; charset=utf-8
> Date: Mon, 21 Mar 2011 14:15:50 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> Last-Modified: Mon, 21 Mar 2011 14:15:50 GMT
> Set-Cookie: k=124.169.147.184....; path=/; expires=Mon, 28-Mar-11 14:15:50 
> GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 
> 14:15:50 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 
> 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly
> Server: hi
> Vary: Accept-Encoding
>
> Trying the same request again 10 minutes later works (only oauth_timestamp 
> changed):
>
> UTC now: 21/03/2011 2:25:42 PM
>
> https://api.twitter.com/oauth/access_token
>
> POST /oauth/access_token HTTP/1.1
> Authorization: OAuth 
> oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign 
> ature_method="HMAC-SHA1",oauth_timestamp="1300717542",oauth_token="...",oau 
> th_verifier="...",oauth_version="1.0"
> Content-Type: application/x-www-form-urlencoded
> User-Agent: TweetSharp
> Host: api.twitter.com
> Content-Length: 0
> Connection: Keep-Alive
>
> 200 OK
> X-Transaction: 1300717546-72934-39621
> X-Runtime: 0.03056
> Pragma: no-cache
> X-Revision: DEV
> Content-Length: 163
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
> Content-Type: text/html; charset=utf-8
> Date: Mon, 21 Mar 2011 14:25:46 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> ETag: "9ac6161371b0ee90ef8f6db5322287df"
> Last-Modified: Mon, 21 Mar 2011 14:25:46 GMT
> Set-Cookie: k=124.169.147.184.1300717546945450; path=/; expires=Mon, 
> 28-Mar-11 14:25:46 GMT; domain=.twitter.com,guest_id=130071754695116305; 
> path=/; expires=Wed, 20 Apr 2011 14:25:46 
> GMT,admobuu=989196f7fa5728c90e815cc8f97cd56a; domain=.m.twitter.com; path=/; 
> expires=Tue, 19 Jan 2038 03:14:07 
> GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMitztguAToHaWQiJTk4NDllMmVhZTM1O 
> TJk%250ANzQ0MGFlMWM2YzQ1ZTU2MDg4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOj 
> pGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--dad7912a647454357cfa6f0d07804b5c4b5 
> d6ae4; domain=.twitter.com; path=/; HttpOnly
> Server: hi
> Vary: Accept-Encoding
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
>
> oauth_token=...&oauth_token_secret=...&user_id=14051560&screen_name=tathamo 
> ddie
>
> I’m noting that the time offset here is only about 4 seconds, however it 
> certainly takes longer than that to work.
>
> You can see this for yourself trying to sign in tohttp://ivebeen.to
>
> --
> Tatham Oddie
> au mob: +61 414 275 989, us cell: +1 213 280 3556, skype: tathamoddie
> If you’re printing this email, you’re doing it wrong. This is a computer, not 
> a typewriter.
>
> From: Taylor Singletary [mailto:taylorsinglet...@twitter.com]
> Sent: Tuesday, 22 March 2011 1:05 AM
> To: twitter-development-talk@googlegroups.com
> Cc: Tatham Oddie
> Subject: Re: [twitter-dev] Re: 401 unauthorized
>
> If you're experiencing this issue, can you please provide these additional 
> details:
>   * are the OAuth URLs you are using http or https?
>   * do your OAuth URLs contain the api subdomain? (you really should be if 
> you aren't)
>   * what OAuth library (if any) are you using to sign your requests?
>   * If you're observing the response HTTP headers on failed requests, what 
> server time is presented in the "Date" HTTP header? What is your OAuth 
> timestamp?
>
> Thanks!
>
> @episod<http://twitter.com/episod> - Taylor Singletary - Twitter Developer 
> Advocate
>
> On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary 
> <taylorsinglet...@twitter.com<mailto:taylorsinglet...@twitter.com>> wrote:
> Thanks everyone for the detailed information in these reports; they'll help a 
> lot while we track down the issue. Will update this thread when we know more.
>
> @episod<http://twitter.com/episod> - Taylor Singletary - Twitter Developer 
> Advocate
>
> On Mon, Mar 21, 2011 at 6:03 AM, Tatham Oddie 
> <tat...@oddie.com.au<mailto:tat...@oddie.com.au>> wrote:
>
> Please go and star this 
> issue:http://code.google.com/p/twitter-api/issues/detail?id=2118
>
> On Mar 19, 11:47 pm, Trevor Dean 
> <trevord...@gmail.com<mailto:trevord...@gmail.com>> wrote:
>
> > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> > some testing this morning and was logging in fine using twitter and then 10
> > min later I started getting 401 unauthorized errors.
>
> > Thanks,
>
> > Trevor
>
> --
> Twitter developer documentation and resources:http://dev.twitter.com/doc
> API updates via Twitter:http://twitter.com/twitterapi
> Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> Change your membership to this 
> group:http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to