ALERT! Invalid OAuth credentials detected for API v1.1 for already worked tokens


#1

Hello!

Today I’ve came into some of API v1.1 calls stopped worked with my application.
So for example for https://api.twitter.com/1.1/lists/list.json I get Invalid OAuth credentials detected but the same token worked fine with https://api.twitter.com/1/statuses/mentions.json

Here is my requests:

  1. This is doesn’t work (but it’s worked yesterday): https://api.twitter.com/1.1/lists/list.json?cursor=-1&oauth_version=1.0&oauth_token=72824043-KjpK8NTdFtyq3DlqxWxlAK1mcB4bBtrDpyBLp5ksg&screen_name=puxpu&oauth_nonce=81580825&oauth_timestamp=1352982983&oauth_signature=DEQl%2Bfoj18Hjunz%2BFADwtFBpW4s%3D&oauth_consumer_key=LIx1DPSYUQpoKHNe2aeh6A&oauth_signature_method=HMAC-SHA1

  2. This is still work https://api.twitter.com/1/statuses/mentions.json?count=50&oauth_nonce=06946374&oauth_timestamp=1352982853&oauth_consumer_key=LIx1DPSYUQpoKHNe2aeh6A&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=72824043-KjpK8NTdFtyq3DlqxWxlAK1mcB4bBtrDpyBLp5ksg&oauth_signature=VekdzjSTKUEafXUUlfr4zcsZGW0%3D


#2

Do you know what your signature base string looks like in the case of the failing request?


#3

Yes, here is it:

‘GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Flists%2Flist.json&cursor%3D-1%26oauth_consumer_key%3DvEYkF716b441HUtnTa4jZQ%26oauth_nonce%3D77151094%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1352995322%26oauth_token%3D72824043-4uNf2TbIAb7THR4JRCixwTS2yGWFW3AXThSIa4XYk%26oauth_version%3D1.0%26screen_name%3Dpuxpu’


#4

Thanks. That looks right by eyeball anyway. Are there any 1.1 endpoints that work for you?


#5

Further investigation shows then regardless header “X-Warning” with value “Invalid OAuth credentials detected”, Twitter API returns correct results. For example for https://api.twitter.com/1.1/followers/ids.json API end point:

ad@MacBook-Pro-Andrew:~/Projects/crm/nimble-all/server$ ./bin/python spikes/twitter_sample_script.py
{
“Content-Length”: “279”,
“Vary”: “Accept-Encoding”,
“Last-Modified”: “Thu, 15 Nov 2012 17:15:06 GMT”,
“Etag”: ““3c5ea6226d18c1609b9f801cfa175cad””,
“X-Rate-Limit-Limit”: “15”,
“X-Frame-Options”: “SAMEORIGIN”,
“Status”: “200 OK”,
“X-Warning”: “Invalid OAuth credentials detected”,
“Expires”: “Tue, 31 Mar 1981 05:00:00 GMT”,
“X-Runtime”: “0.03477”,
“Pragma”: “no-cache”,
“Date”: “Thu, 15 Nov 2012 17:15:06 GMT”,
“X-Mid”: “c2c44b9f635023a75baa9a752251243b0a50a295”,
“Server”: “tfe”,
“X-Rate-Limit-Reset”: “1353000583”,
“X-Rate-Limit-Remaining”: “14”,
“X-Transaction”: “2d4d57e08d65c51c”,
“Content-Encoding”: “gzip”,
“X-Access-Level”: “read-write-directmessages”,
“X-Transaction-Mask”: “a6183ffa5f8ca943ff1b53b5644ef11431c40d6d”,
“Cache-Control”: “no-cache, no-store, must-revalidate, pre-check=0, post-check=0”,
“Content-Type”: “application/json; charset=utf-8”
}
###########
{“previous_cursor”:0,“next_cursor_str”:“0”,“previous_cursor_str”:“0”,“ids”:[222610802,878466810,201719565,577263351,532089799,541409089,41996168,21012772,89555813,263162302,14474236,6307,288828607,16142725,308740049,15457017,286154032,149031304,169456479,198261984,252197355,14919708,59760114,39230470,49620664,11490062,84610398,2155551,126296626,19647074,76146772,26996686,16045315,194140350,3931941,20046595,101151091,99877670,92418872,20903135],“next_cursor”:0}
###########
REQUEST FAILED!
ad@MacBook-Pro-Andrew:~/Projects/crm/nimble-all/server$

So only problem Twitter API set incorrect X-Warning header


#6

In this case the X-Warning header is being passed to your erroneously. We’re working to resolve that as well. Thanks!


#7

i also (still) get his HEADER Message using the API 1.1 (oAuth)

“X-Warning”: “Invalid OAuth credentials detected”,

request works, the results are fine, so the authorization seems to be correct,
but there is this (wrong) X-Warning (Header) Message ?!? :frowning:


#8

TOUS LES APPLICATIONS API …PERDU…JE NE COMPRENT PAS CE QUI C’EST PASSE …


#9

did you resolve this issue? I’m getting the same i think:

1 down vote favorite

I’m having trouble authenticating with the Twitter api. I’m using the oauth2 module in Python to conduct a single user sign-in.

I’ve been using the following function to request follower ids:

import oauth2 as oauth

def oauth_req(url, key, secret, http_method=“GET”, post_body=None, http_headers=None):
consumer = oauth.Consumer(key=key, secret=secret)
token = oauth.Token(key=key, secret=secret)
client = oauth.Client(consumer, token)
resp, content = client.request(
url,
method=http_method,
)
return content

I’ll then run it from a document call twitter_auth.py as per the below example:

ids = twitter_auth.oauth_req(‘https://api.twitter.com/1.1/followers/ids.json?cursor=-1&screen_name=marksandspencer’, ‘CONSUMER_KEY’, ‘CONSUMER_SECRET’)

It then just returns the following:
’{“errors”:[{“message”:“Invalid or expired token”,“code”:89}]}’

I can’t seem to get it work, my application details are fine and not expired - so I’m assuming they might be invalid in some way - I just can’t work out how.

It returns the results when i specify the api version as 1.


#10

Make sure that you’re leveraging an access token and access token secret in your request – it looks like by the request signature you’re just leveraging consumer key and secret, which isn’t supported in API v1.1.


#11

Can anybody give me proper ans?

I have get invalid token. Error below,

{“errors”:[{“message”:“Bad Authentication data”,“code”:215}]}

any one put some code if possible…

Thanks