Best approach for dealing with invalid/unauthorized logged in user


#1

When I have a user that is logged in via TwitterKit 3.0.3, and I try to use that user’s session to call a REST api via the TWTRAPIClient, what is the best course of action to take if the api returns a HTTP 401 code 89? I know this means that the user token in the session is no longer valid, but I’m curious if I can do anything via the SDK to refresh/renew the token, or if I have to just log that user out, and have them log back in?

Error Domain=TwitterAPIErrorDomain Code=89 “Request failed: unauthorized (401)” UserInfo={NSLocalizedFailureReason=Twitter API error : Invalid or expired token. (code 89), NSLocalizedDescription=Request failed: unauthorized (401), NSErrorFailingURLKey=https://api.twitter.com/1.1/statuses/user_timeline.json?count=25&screen_name=ConveneTeam, TWTRNetworkingStatusCode=401}

Calling isExpiredSession: for this case returns false for some reason, and calling refreshSessionClass:sessionID:completion: doesn’t do the trick either. Do I just log the user out and start over?

TWTRSessionStore *store = [[Twitter sharedInstance] sessionStore];
NSString *userID = store.session.userID;

[store logOutUserID:userID];

#2

Today, I’m seeing this 401 Code 89 response with a user immediately after logging in. That doesn’t seem right? I know I didn’t revoke access to the app, so what else would have caused the token to be invalid?


#3

@_paulbuchanan What version of the Twitter app are you using? Is this on iPhone, iPad, or another Apple device? Settings->About Twitter->Version.


#4

I’m seeing this on iOS devices, both iPhone and iPad. iOS versions ranging from 9.3.5 to 11 beta 2. Twitter app version is 7.1, TwitterKit SDK version 3.0.3 I’m able to consistently reproduce this behavior now with a sample app with or without having the Twitter app installed. Steps are:

  1. Launch sample app, press ‘Login with Twitter’ button, complete login with your account of choice
  2. Press ‘Make REST Call’ button
  3. You should see ‘REST call Success’ at bottom
  4. Now login to twitter.com with that account and revoke the application access (TwitterKit TestAuth is the application name)
  5. Press ‘Make REST Call’ button
  6. You should see ‘Request failed’ at bottom, which is expected
  7. Press ‘Login with Twitter’ button, complete login, re-establishing a good session
  8. Press ‘Make REST Call’ button
  9. The expected result is a success, but it will fail with a 401, code 89
  10. Kill the app, and restart it
  11. Press ‘Make REST Call’ button
  12. Now the call works?!

There must be some kind of sync issue with the SDK and the keychain storage of the sessions, or the generation of the OAuth headers. Clearly something is out of sync since a cold launch of the app withouth logging in again fixes the authentication issue. This is with Twitter kit 3.0.3, and I’ve tested on an iPhone 6s at iOS 9.3.5 and an iPhone 6 at iOS 10.3.2

If you need me to dump HTTP headers before and after the problem occurs, let me know. You can do this yourself with the provided sample app, I’m dumping them to the console.

Sample app: https://www.dropbox.com/s/j72ai6ckgx1p5g8/TwitterAuthTest2.zip?dl=0


#5

Hello - thank you for making this test app available. I’m hoping that it will help me debug my own problems connecting to Twitter.

Please note though that it looks like your public and secret keys are still in your source code! You might want to clear those up.