Ok, here's what I've got so far in my development machine: All requests to: https://api.twitter.com/oauth/ I'm using Twitterizer OAuth library. All testing was done trying to authenticate the same user.
Request Token -> Access Token response headers: Local Machine Time: 21/03/2011 - 11:24 a.m (-3 São Paulo, Brazil) {Status: 401 Unauthorized X-Transaction: 1300717410-27747-18545 X-Runtime: 0.00612 Pragma: no-cache X-Revision: DEV Content-Length: 1 Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Content-Type: text/html; charset=utf-8 Date: Mon, 21 Mar 2011 14:23:30 GMT Expires: Tue, 31 Mar 1981 05:00:00 GMT Last-Modified: Mon, 21 Mar 2011 14:23:30 GMT Set-Cookie: k=186.204.24.164.1300717410112809; path=/; expires=Mon, 28- Mar-11 14:23:30 GMT; domain=.twitter.com,guest_id=130071741011897398; path=/; expires=Wed, 20 Apr 2011 14:23:30 GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEeXzNguAToHaWQiJWY0YWJkOTg5MzA5N2Jk %250ANmU2MjRlN2Q4OTY4ZDVlOGE3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--5f19c3e4b79f1e24195a532adf988bc5764dc878; domain=.twitter.com; path=/; HttpOnly Server: hi Vary: Accept-Encoding } Local Machine Time: 21/03/2011 - 11:26 a.m (-3 São Paulo, Brazil) {Status: 401 Unauthorized X-Transaction: 1300717553-71682-48532 X-Runtime: 0.00788 Pragma: no-cache X-Revision: DEV Content-Length: 1 Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Content-Type: text/html; charset=utf-8 Date: Mon, 21 Mar 2011 14:25:54 GMT Expires: Tue, 31 Mar 1981 05:00:00 GMT Last-Modified: Mon, 21 Mar 2011 14:25:53 GMT Set-Cookie: k=186.204.24.164.1300717553990342; path=/; expires=Mon, 28- Mar-11 14:25:53 GMT; domain=.twitter.com,guest_id=130071755399831650; path=/; expires=Wed, 20 Apr 2011 14:25:53 GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCE %252FJztguAToHaWQiJWMwNjU4N2ZjMzU1Zjkw %250AOTYxNzZiODcyNjRhNjU1YTIxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--475d60acc3baee4151254364e9ffddb0ed8a4e76; domain=.twitter.com; path=/; HttpOnly Server: hi Vary: Accept-Encoding } Successful response: Achieved by waiting some seconds between requesting and reading the response when getting the RequestToken. Local Machine Time: 21/03/2011 - 11:49 a.m (-3 São Paulo, Brazil) {Status: 200 OK X-Transaction: 1300718905-61910-2260 X-Runtime: 0.02514 Pragma: no-cache X-Revision: DEV Content-Length: 170 Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Content-Type: text/html; charset=utf-8 Date: Mon, 21 Mar 2011 14:48:25 GMT Expires: Tue, 31 Mar 1981 05:00:00 GMT ETag: "82276158764a17db3bb7fd96d46eb377" Last-Modified: Mon, 21 Mar 2011 14:48:25 GMT Set-Cookie: k=186.204.24.164.1300718905898781; path=/; expires=Mon, 28- Mar-11 14:48:25 GMT; domain=.twitter.com,guest_id=130071890590494715; path=/; expires=Wed, 20 Apr 2011 14:48:25 GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCDBq49guAToHaWQiJWRiMzgxYWFhOTFmMjVl %250AODI3NDI5NmFjZjI0ZmMyYzgyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA-- c2deb47c8c0545588cb18f77aa3516546f350e26; domain=.twitter.com; path=/; HttpOnly Server: hi Vary: Accept-Encoding } On Mar 21, 11:30 am, Tatham Oddie <tat...@oddie.com.au> wrote: > Hi Taylor, > > I’m using the TweetSharp<http://tweetsharp.codeplex.com/> library. > > Here are my requests… > > Getting the request token works: > > UTC now: 21/03/2011 2:15:44 PM > > https://api.twitter.com/oauth/request_token > > GET /oauth/request_token HTTP/1.1 > Authorization: OAuth > oauth_callback="...",oauth_consumer_key="...",oauth_nonce="...",oauth_signa > ture="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300716944", > oauth_version="1.0" > User-Agent: TweetSharp > Host: api.twitter.com > Connection: Keep-Alive > > 200 OK > X-Transaction: 1300716948-77667-49892 > X-Runtime: 0.00938 > Pragma: no-cache > X-Revision: DEV > Content-Length: 144 > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 > Content-Type: text/html; charset=utf-8 > Date: Mon, 21 Mar 2011 14:15:48 GMT > Expires: Tue, 31 Mar 1981 05:00:00 GMT > ETag: "00fdd191cfa579128843a85a7a58be9f" > Last-Modified: Mon, 21 Mar 2011 14:15:48 GMT > Set-Cookie: k=124.169.147.184....; path=/; expires=Mon, 28-Mar-11 14:15:48 > GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 > 14:15:48 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan > 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly > Server: hi > Vary: Accept-Encoding > Keep-Alive: timeout=15, max=100 > Connection: Keep-Alive > > oauth_token=...&oauth_token_secret=...&oauth_callback_confirmed=true > > Getting the access token straight away fails with 401: > > UTC now: 21/03/2011 2:15:46 PM > > https://api.twitter.com/oauth/access_token > > POST /oauth/access_token HTTP/1.1 > Authorization: OAuth > oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign > ature_method="HMAC-SHA1",oauth_timestamp="1300716946",oauth_token="...",oau > th_verifier="...",oauth_version="1.0" > Content-Type: application/x-www-form-urlencoded > User-Agent: TweetSharp > Host: api.twitter.com > Content-Length: 0 > > 401 Unauthorized > X-Transaction: 1300716950-90707-10498 > X-Runtime: 0.00684 > Pragma: no-cache > X-Revision: DEV > Content-Length: 1 > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 > Content-Type: text/html; charset=utf-8 > Date: Mon, 21 Mar 2011 14:15:50 GMT > Expires: Tue, 31 Mar 1981 05:00:00 GMT > Last-Modified: Mon, 21 Mar 2011 14:15:50 GMT > Set-Cookie: k=124.169.147.184....; path=/; expires=Mon, 28-Mar-11 14:15:50 > GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 > 14:15:50 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan > 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly > Server: hi > Vary: Accept-Encoding > > Trying the same request again 10 minutes later works (only oauth_timestamp > changed): > > UTC now: 21/03/2011 2:25:42 PM > > https://api.twitter.com/oauth/access_token > > POST /oauth/access_token HTTP/1.1 > Authorization: OAuth > oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign > ature_method="HMAC-SHA1",oauth_timestamp="1300717542",oauth_token="...",oau > th_verifier="...",oauth_version="1.0" > Content-Type: application/x-www-form-urlencoded > User-Agent: TweetSharp > Host: api.twitter.com > Content-Length: 0 > Connection: Keep-Alive > > 200 OK > X-Transaction: 1300717546-72934-39621 > X-Runtime: 0.03056 > Pragma: no-cache > X-Revision: DEV > Content-Length: 163 > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 > Content-Type: text/html; charset=utf-8 > Date: Mon, 21 Mar 2011 14:25:46 GMT > Expires: Tue, 31 Mar 1981 05:00:00 GMT > ETag: "9ac6161371b0ee90ef8f6db5322287df" > Last-Modified: Mon, 21 Mar 2011 14:25:46 GMT > Set-Cookie: k=124.169.147.184.1300717546945450; path=/; expires=Mon, > 28-Mar-11 14:25:46 GMT; domain=.twitter.com,guest_id=130071754695116305; > path=/; expires=Wed, 20 Apr 2011 14:25:46 > GMT,admobuu=989196f7fa5728c90e815cc8f97cd56a; domain=.m.twitter.com; path=/; > expires=Tue, 19 Jan 2038 03:14:07 > GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMitztguAToHaWQiJTk4NDllMmVhZTM1O > TJk%250ANzQ0MGFlMWM2YzQ1ZTU2MDg4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOj > pGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--dad7912a647454357cfa6f0d07804b5c4b5 > d6ae4; domain=.twitter.com; path=/; HttpOnly > Server: hi > Vary: Accept-Encoding > Keep-Alive: timeout=15, max=100 > Connection: Keep-Alive > > oauth_token=...&oauth_token_secret=...&user_id=14051560&screen_name=tathamo > ddie > > I’m noting that the time offset here is only about 4 seconds, however it > certainly takes longer than that to work. > > You can see this for yourself trying to sign in tohttp://ivebeen.to > > -- > Tatham Oddie > au mob: +61 414 275 989, us cell: +1 213 280 3556, skype: tathamoddie > If you’re printing this email, you’re doing it wrong. This is a computer, not > a typewriter. > > From: Taylor Singletary [mailto:taylorsinglet...@twitter.com] > Sent: Tuesday, 22 March 2011 1:05 AM > To: twitter-development-talk@googlegroups.com > Cc: Tatham Oddie > Subject: Re: [twitter-dev] Re: 401 unauthorized > > If you're experiencing this issue, can you please provide these additional > details: > * are the OAuth URLs you are using http or https? > * do your OAuth URLs contain the api subdomain? (you really should be if > you aren't) > * what OAuth library (if any) are you using to sign your requests? > * If you're observing the response HTTP headers on failed requests, what > server time is presented in the "Date" HTTP header? What is your OAuth > timestamp? > > Thanks! > > @episod<http://twitter.com/episod> - Taylor Singletary - Twitter Developer > Advocate > > On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary > <taylorsinglet...@twitter.com<mailto:taylorsinglet...@twitter.com>> wrote: > Thanks everyone for the detailed information in these reports; they'll help a > lot while we track down the issue. Will update this thread when we know more. > > @episod<http://twitter.com/episod> - Taylor Singletary - Twitter Developer > Advocate > > On Mon, Mar 21, 2011 at 6:03 AM, Tatham Oddie > <tat...@oddie.com.au<mailto:tat...@oddie.com.au>> wrote: > > Please go and star this > issue:http://code.google.com/p/twitter-api/issues/detail?id=2118 > > On Mar 19, 11:47 pm, Trevor Dean > <trevord...@gmail.com<mailto:trevord...@gmail.com>> wrote: > > > Is anyone else experiencing any 401 errors all of a sudden? I was doing > > some testing this morning and was logging in fine using twitter and then 10 > > min later I started getting 401 unauthorized errors. > > > Thanks, > > > Trevor > > -- > Twitter developer documentation and resources:http://dev.twitter.com/doc > API updates via Twitter:http://twitter.com/twitterapi > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list > Change your membership to this > group:http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk