500 code response when requesting bearer token


#1

Starting a topic as requested: https://dev.twitter.com/issues/947

Consumer key is: A3YeFadHTTQoFQMew6RiQ

Thanks for any help!


#2

@episod I’ve included the consumer key here. Thanks.


#3

Hi @utorrent,

I’ve tried obtaining a bearer token using your credentials to verify whether it was some error intrinsic to your application record somehow. This does not appear to be the case.

Can you review the HTTP headers that are being attached to your request? Right now I know of one issue with an Accept header other than /. Our HTTP server can be pretty strict.

Here’s an example of a successful request via curl – I’ve obscured the credentials:

curl -X POST --verbose “https://api.twitter.com/oauth2/token” -d “grant_type=client_credentials” -u consumerKey:consumerSecret

  • About to connect() to api.twitter.com port 443 (#0)
  • Trying 199.59.150.9…
  • connected
  • Connected to api.twitter.com (199.59.150.9) port 443 (#0)
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using RC4-SHA
  • Server certificate:
  • subject: C=US; ST=California; L=San Francisco; O=Twitter, Inc.; OU=Twitter Security; CN=api.twitter.com
  • start date: 2012-05-02 00:00:00 GMT
  • expire date: 2013-05-03 23:59:59 GMT
  • subjectAltName: api.twitter.com matched
  • issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa ©09; CN=VeriSign Class 3 Secure Server CA - G2
  • SSL certificate verify ok.
  • Server auth using Basic with user ‘consumerKey’

POST /oauth2/token HTTP/1.1
Authorization: Basic Y29uc3VtZXJLZXk6Y29uc3VtZXJTZWNyZXQ=
User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
Host: api.twitter.com
Accept: /
Content-Length: 29
Content-Type: application/x-www-form-urlencoded

  • upload completely sent off: 29 out of 29 bytes
    < HTTP/1.1 200 OK
    < cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
    < content-length: 152
    < content-type: application/json; charset=utf-8
    < date: Thu, 04 Apr 2013 15:03:37 GMT
    < etag: “9f1f20e6eb78fd78ba12986d49a5ff85”
    < expires: Tue, 31 Mar 1981 05:00:00 GMT
    < last-modified: Thu, 04 Apr 2013 15:03:37 GMT
    < pragma: no-cache
    < server: tfe
    < status: 200 OK
    < strict-transport-security: max-age=631138519
    < vary: Accept-Encoding
    < x-frame-options: DENY
    < x-mid: 1dd3c7d052918d4ec89c5f5333f9dd6359e93718
    < x-runtime: 0.11707
    < x-transaction: b7aca9b6438a3fef
    <
  • Connection #0 to host api.twitter.com left intact
    {“token_type”:“bearer”,“access_token”:“XXXXXYYYYYYZZZZZZZ”}* Closing connection #0
  • SSLv3, TLS alert, Client hello (1):