access_token returning an empty response


#1

Having surmounted my problems with the request_token yesterday I am now having issues with exchanging the PIN retrieved from the out of bound flow for an access token.

The documentation suggests that I use this value as the oauth_verifier parameter to the oauth/access_token endpoint…

My header is as follows:

Authorization: OAuth oauth_consumer_key=“TJnY0B0OGa6GgfkDidIc2A”, oauth_nonce=“4F8EE8014C351954ADDD0004AC12062E”, oauth_signature=“Up0ZSz4GiqXQU0TAO7yWVnpee4A%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1320846065”, oauth_token=“XLf1KLRPSb23fwXT1ah3LXl85V33MwBhktPvrkVgM”, oauth_verifier=“8152134”, oauth_version=“1.0”

However I get an empty response from the server - both over SSL and unencrypted connections.

For comparison, I have downloaded Twitter4J and when I perform this stage of the process, and looking at the traffic in wireshark that application doesn’t seem to do what the documentation suggests.

Rather than adding the oauth_verifier to the authorization header as the documentation states, it is putting the PIN number into an oauth_verifier parameter in the body of the POST and omitting it from the header altogether.

I don’t want to go down the route they have done if it is not correct and I am making a different mistake though… can anyone advise if this is a mistake in the documentation, or whether I have something else going wrong?!

Cheers!
Stu


#2

I went ahead and tried it with the PIN in the post body as well and that didn’t work either… it hung for a while waiting for a response from the server, which never came…


#3

could you please,sent us the link for us to test.
Many thanks
Shopbargains Team


#4

Anyone?


#5

Can you share the exact URL you’re executing when requesting an access token (and I suppose the other steps)?

Does this happen on every attempt you make to oauth/access_token? Have you attempted the request in a context outside of your code? Have you tried it on another machine or network? Are there any known issues with your network or any kind of proxying you’re passing through?


#6

Yes, I’ve tried both https://api.twitter.com/oauth/access_token and http://api.twitter.com/oauth/access_token (i.e. over SSL and not).

For the request token, it goes to https://api.twitter.com/oauth/request_token fine… and we retrieve the PIN fine from https://api.twitter.com/oauth/authorize?oauth_token=

Yes, this happens on every request to access_token. As I say in the post above, I have done this from Twitter4J to compare to my own code, and the request works. I have captured the request that their code is making via wireshark and their oauth_verifier does not seem to be sent in the header as the documentation suggests - it is sent in the POST body. I’ve tried doing that with mine but the same happens…

I’m sure this is an issue with my code, but I’m at a loss to figure out exactly what the problem is as I appear to be doing everything the documentation says, and it has all worked fine with the other requests.


#7

Back looking at this again, I’ve been using the TCP/IP monitor in Eclipse to compare the requests from Twitter4J to the requests from my code. The difference seems to be that my code passes an HTTP header with Cookies - e.g.

Cookie: £Version=0; k=10.35.56.136.1322151748544291; £Path=/; £Domain=.twitter.com; £Version=0; guest_id=v1%3A132215174855147309; £Path=/; £Domain=.twitter.com; £Version=0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMejYtYzAToHaWQiJTM1NTNlYzA0OThhNzI5%250ANTE0Y2RhZjNkNzc3NzIzYjI3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–97bbf66085d6c7a95533acaa061388babee800f7; £Path=/; £Domain=.twitter.com;

The code from Twitter4J doesn’t.

When I take the headers from my application and post them using the TCP/IP monitor I get no response with the Cookie header included, and a response with it omitted. I will check the HTTP library for my platform and see if I can disable the cookies - but as a question for the devs, is there a reason that passing this header would cause such a failure?


#8

Well, suppressing HTTP Cookies solved it, and it’s an easily reproducible issue - if I send a Cookie: header then no response is received from twitter on access_token. If I don’t, it works fine. This doesn’t seem to have any impact on other endpoints that I have discovered, but hopefully this may help someone else in the future if they encounter this issue…


#9

Thanks for following up. Sending a cookie is basically the same as sending an authorized request, so I’d imagine that the request for a token is being rejected due to this. We should certainly have a better error message in this case though.