215 Bad Authentication Data for some users

andypiper · 2016-11-23T22:00:00.964Z

Yes @jamesfzhang that is my understanding (unless you say that new logins also have this issue?)

@BaconSeason the case here would be, if you get error 215 (or if the user token is 60 chars not 50) then “throw away” any stored token and go back through the sign-in with Twitter flow.

We are looking at how we can forcibly disable the “broken” tokens on our side but it will require a batch job so may take longer.

avysotsky · 2016-11-23T22:58:09.701Z

We are experiencing the same issue with Twitter Digits. I assume Twitter auth and Digits auth are use the same auth system under the hood.

claudeschneider · 2016-11-23T23:28:12.485Z

@andypiper - still have some users getting the error on first oauth connection. So the fresh tokens we get when they auth, aren’t working for an API call immediately after. No stored tokens involved But some users have no problems.

BaconSeason · 2016-11-23T23:40:42.008Z

We’ve been “tossing” those bad tokens all along. Happens every time, even tho we send our users thru the entire oauth process from scratch

andypiper · 2016-11-24T00:23:45.852Z

Ok Thank you - it sounds like you’re saying this is not limited to 60 character tokens. If you can confirm this would be very helpful.

BaconSeason · 2016-11-24T01:05:39.623Z

I believe that was the case… But of course now that I’m trying to confirm, everything is working just fine. Did you guys deploy a fix to prod just recently?

andypiper · 2016-11-24T01:07:48.504Z

We changed so that new new tokens should work; if you picked up tokens during the issue yesterday they’ll need to be invalidated.

BaconSeason · 2016-11-24T01:20:11.251Z

Awesome. Since we always hit the verifyCredentials() endpoint before saving a token, we should be good to go. Thanks so much for being so on-top of this issue! Much appreciated!

iPlop · 2016-11-24T04:09:50.609Z

As of around two hours ago, some of my users are still getting “Your credentials do not allow access to this resource” when verifying their newly gotten tokens. The most recent user who reported this signed up for Twitter during August 2015 and has what looks like a snowflake ID? I’m unsure if this issue is related or not… I’m using reverse authentication with iOS’s twitter account.

Edit: As of 11/23/16 @ 11:38PM more and more of new users to my app are getting this issue…

andypiper · 2016-11-24T15:12:35.027Z

Just a follow-up on this.

We ran a job to attempt to locate and invalidate the “bad” user tokens. This should cause users to need to re-authenticate the app, and get them a valid token.

The other changes were previously rolled back.

We’re hoping that this is now resolved, but if not, if it is possible in your apps to reject the invalid token or force a fresh login, that should help. We’re very sorry for the issues this has caused.

Connexinet · 2016-11-24T15:17:39.099Z

Hey Andy,
What do you mean by "they’ll need to be invalidated."
Currently, I cannot revoke access for these broken tokens from settings/applications page. Is there a different way to invalidate?

Thanks,
Samir

andypiper · 2016-11-24T15:18:08.857Z

Throw them away and force the user to login again to get a new token.

Connexinet · 2016-11-24T20:38:06.697Z

That’s what we do, but we were getting the old tokens when user re-authenticate
However, as of today we are getting new tokens, so the problem has been fully fixed.
Thanks!
Samir

iPlop · 2016-11-25T08:27:57.440Z

Hey @andypiper, when would you say the issue was completely fixed? I’m just going through my logs and it looks like as of 8 hours ago users are still getting bad authentication data with fresh 60 character tokens…

andypiper · 2016-11-25T08:33:56.690Z

I believed it was all redeployed at least 24 hours ago… are those tokens definitely issued within that period? Weird :-/

iPlop · 2016-11-25T08:40:17.859Z

Yup, multiple user signup attempts getting either “Bad Authentication Data” or “Your credentials do not allow access to this resource”, resulting in fantastic reports such as this…

andypiper · 2016-11-25T08:51:46.333Z

Argh. So sorry! I’ll definitely ask folks to take another look at this (it’s Thanksgiving weekend though so I’m not sure how quickly we can dig deep). Are you getting 60 char tokens if you try with a fresh account locally?

andypiper · 2016-11-25T09:11:05.672Z

I’ve just registered a fresh account locally, and authorised a new app, and Twitter’s backed is returning me a 50 character user token. This is really odd if your users are still encountering this

iPlop · 2016-11-25T09:21:28.033Z

Like I said, this was around 9 hours ago now. Maaaaybe the deploy somehow took super long? I’m looking through other logs and it seems other people have successfully run through the registration flow and gotten 50 char tokens before this 60 char token person… This is all very strange… Also this person is located in China if that makes a difference.

andypiper · 2016-11-25T09:27:47.977Z

That’s a good question and there’s a slim chance it is related to network routing maybe taking them to an older instance, but I don’t think that’s really very likely. Again, I’m really sorry that you and your users are bearing the brunt of this issue - will continue to do what I can to help chase this down.