access_token returning an empty response


Having surmounted my problems with the request_token yesterday I am now having issues with exchanging the PIN retrieved from the out of bound flow for an access token.

The documentation suggests that I use this value as the oauth_verifier parameter to the oauth/access_token endpoint…

My header is as follows:

Authorization: OAuth oauth_consumer_key=“TJnY0B0OGa6GgfkDidIc2A”, oauth_nonce=“4F8EE8014C351954ADDD0004AC12062E”, oauth_signature=“Up0ZSz4GiqXQU0TAO7yWVnpee4A%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1320846065”, oauth_token=“XLf1KLRPSb23fwXT1ah3LXl85V33MwBhktPvrkVgM”, oauth_verifier=“8152134”, oauth_version=“1.0”

However I get an empty response from the server - both over SSL and unencrypted connections.

For comparison, I have downloaded Twitter4J and when I perform this stage of the process, and looking at the traffic in wireshark that application doesn’t seem to do what the documentation suggests.

Rather than adding the oauth_verifier to the authorization header as the documentation states, it is putting the PIN number into an oauth_verifier parameter in the body of the POST and omitting it from the header altogether.

I don’t want to go down the route they have done if it is not correct and I am making a different mistake though… can anyone advise if this is a mistake in the documentation, or whether I have something else going wrong?!



I went ahead and tried it with the PIN in the post body as well and that didn’t work either… it hung for a while waiting for a response from the server, which never came…


could you please,sent us the link for us to test.
Many thanks
Shopbargains Team




Can you share the exact URL you’re executing when requesting an access token (and I suppose the other steps)?

Does this happen on every attempt you make to oauth/access_token? Have you attempted the request in a context outside of your code? Have you tried it on another machine or network? Are there any known issues with your network or any kind of proxying you’re passing through?


Yes, I’ve tried both and (i.e. over SSL and not).

For the request token, it goes to fine… and we retrieve the PIN fine from

Yes, this happens on every request to access_token. As I say in the post above, I have done this from Twitter4J to compare to my own code, and the request works. I have captured the request that their code is making via wireshark and their oauth_verifier does not seem to be sent in the header as the documentation suggests - it is sent in the POST body. I’ve tried doing that with mine but the same happens…

I’m sure this is an issue with my code, but I’m at a loss to figure out exactly what the problem is as I appear to be doing everything the documentation says, and it has all worked fine with the other requests.


Back looking at this again, I’ve been using the TCP/IP monitor in Eclipse to compare the requests from Twitter4J to the requests from my code. The difference seems to be that my code passes an HTTP header with Cookies - e.g.

Cookie: £Version=0; k=; £Path=/; £; £Version=0; guest_id=v1%3A132215174855147309; £Path=/; £; £Version=0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMejYtYzAToHaWQiJTM1NTNlYzA0OThhNzI5%250ANTE0Y2RhZjNkNzc3NzIzYjI3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–97bbf66085d6c7a95533acaa061388babee800f7; £Path=/; £;

The code from Twitter4J doesn’t.

When I take the headers from my application and post them using the TCP/IP monitor I get no response with the Cookie header included, and a response with it omitted. I will check the HTTP library for my platform and see if I can disable the cookies - but as a question for the devs, is there a reason that passing this header would cause such a failure?


Well, suppressing HTTP Cookies solved it, and it’s an easily reproducible issue - if I send a Cookie: header then no response is received from twitter on access_token. If I don’t, it works fine. This doesn’t seem to have any impact on other endpoints that I have discovered, but hopefully this may help someone else in the future if they encounter this issue…


Thanks for following up. Sending a cookie is basically the same as sending an authorized request, so I’d imagine that the request for a token is being rejected due to this. We should certainly have a better error message in this case though.