Could not authenticate you

iamphill · 2012-01-09T01:13:37.000Z

Hi,

Getting a could not authenticate you error when sending a request to statuses/home_timeline.

I then close the app, reopen it and the error fixes itself.

Using a self built oauth library and it was working fine until 2 nights ago.

Any help would be great.

Thanks.

TweepleChat · 2012-01-09T15:26:22.000Z

that must be because you have not passed the oauth tokens correctly.

episod · 2012-01-09T15:34:42.000Z

We’ll need more details to help you with this problem – like the signature base string and fully executed request of a failed request. Since you rolled your own OAuth library, there’s a chance there’s some subtle bug that arises only in certain scenarios.

iamphill · 2012-01-09T15:34:59.000Z

That’s what I thought, but no as if the app is closed and opened again it sends the request perfectly. So the oauth token is being sent correctly.

oronnadiv · 2012-01-11T22:48:29.000Z

We here at Xobni see it too. It has started around two days ago.
Feel free to contact me if you need more information.

-Oron

episod · 2012-01-11T22:53:22.000Z

Keep in mind there are service-wide issues with OAuth at the moment causing spurious 401 unauthorized errors – depending on how your application handles these errors (and whether you consider them atomic to a single request or systemic to the validity of all requests from that access token), it may be the cause of your issues: [node:4945]

skakri · 2012-01-12T17:03:56.000Z

Is this issue affecting oauth/request_token too? I keep getting 401 Unauthorized - “Failed to validate oauth signature and tokens”. I’m sure that the request is correct (OAuth tool) and checked both on server and local environment. Time is of course synchronized on both boxes with ntpd.

twitmenulet · 2012-02-02T00:34:55.000Z

I have exactly the same problem with my xAuth app.

On first run the user enters their password, and my app retrieves the correct oath_token and oauth_token_secret. These credentials are used to make a request for home_timeline, and it comes back with “Could not authenticate you.” This is not a 401 error, but a valid response.

After quitting the app and restarting, identical (cached) oauth_token and oauth_token_secret are used. This time the request for home_timeline is successful!

Very careful comparison of the requests, one of which fails and the other of which succeeds, reveals no obvious differences, except for expected differences in the nonce and signature.

I’ve gone through this exercise at least 50 times, always with the same result. It seems obvious that my auth code is working fine. Not only does it seem to be working fine, based on a dump of the requests, but it has been working fine for several years now. I haven’t changed anything–but this problem has only cropped up recently.

twitmenulet · 2012-02-02T00:36:10.000Z

Hi Oron,

I have the same problem and am extremely frustrated with it. Have you made any progress in understanding the cause?

You can see my detailed explanation below.

Phil

BrettWontTweet · 2012-02-02T07:01:35.000Z

I am also having a problem with 401s in my iPhone app, I am using the iphone-twitter library. I can sign in okay and receive no errors, however when I make a status post I get a 401 “Could not authenticate with OAuth”.

However if I quit the app and restart it then status posts work again, the problem only occurs when trying status posts after logging in to twitter. Looking at the trace output the requests oath details look identical with the only difference being the oauth_timestamp and oath_signature which I would expect. I don’t think this is the same problem as the Spurious 401s problem as this is systematic. I have to quit the iPhone app and restart it.

Any help would be greatly appreciated.
I

twitmenulet · 2012-02-03T05:50:02.000Z

I finally SOLVED this problem!

I simply changed the twitter API urls from “http” to “https”.

That it. What a strange issue. It happened just as Brett describes (and as I’ve seen elsewhere): restarting my app also made the problem go away. This seems incomprehensible, perhaps even impossible. I would have thought that if twitter wasn’t going to allow us to use “http” then those requests would fail ALL the time.

I am ecstatic that I finally don’t have to think about this problem any more.

mfahydev · 2012-02-03T16:13:46.000Z

Having similar issues with an iOS app that has been working without problems for more than a year now. As @twitmenulet says, changing the urls to https: does in fact make the app work now, but it seems odd that such a fundamental change would have been made without a heads-up to developers, many of whom now need to resubmit their apps to the App Store review process.

episod · 2012-02-03T16:21:15.000Z

The issue here is that your clients are likely inadvertently consuming cookies and sending them in requests instead of ignoring cookies entirely. Some users, over time, have marked their accounts as SSL-only and this setting is expressed in a cookie. When you pass the cookie to methods like oauth/access_token or API methods and the connection is not over SSL, the API balks in an attempt to satisfy the requirement of the cookie. Long term, we’ll work to make the API ignore cookies in these contexts, but it’s a best practice to always use SSL anyway (which may someday become a requirement for the API).

mfahydev · 2012-02-03T16:39:06.000Z

Thanks for the info, @episod. Indeed, the existing app does work when I deselect the “Always use HTTPS” option in user settings. I’ll make the change permanent.

Out of curiosity, though: Any idea why this would have suddenly become an issue for many people at once? Until this week, I’d heard no such reports from users, but as of yesterday, even an account that was confirmed to work last week was suddenly unable to post tweets.

episod · 2012-02-03T16:51:02.000Z

There’s a bit of a snowballing effect that can happen: a) we’re increasing the amount of users who are selecting HTTPs-only options b) we’re tightening the security around how our website treats these settings c) the efforts from b also applied to the API and d) some HTTP clients are especially greedy and persistent with cookies. What’s likely happening is that you’ll be carrying around the cookie of a totally different user (or even a non-user context) while making an OAuth request on some other user’s behalf.

BrettWontTweet · 2012-02-07T01:11:43.000Z

@twitmenulet Thank You Thank You Thank You. You are a legend. I spent days on this problem and I only have a few days left before we submit our app. You solution to change from http to https works. I owe you one.

Cheers,
Brett

MySmileInspires · 2012-06-28T14:45:06.000Z

I’m having a similar problem. I’m a user of UberSocial and whenever I try to check my Timeline on interactions a message pops up and says " Error validating twitter credentials could not authenticate OAuth ". I’m 15 and totally oblivious as to what is going on. I re-installed it 3 times, revoked access to the app and the problem is still occurring.

pushpa_raja · 2012-11-07T06:35:58.000Z

Dear All,
I need twitter login authentication for my iphone app.
For example, if i clicked twitter login button it should open twitter login page if user logged-in means then it will invoke my iphone app. please can anybody give suggestion for this

mandarj_gunner · 2012-11-21T12:53:03.000Z

suddenly my twitter context replies, could not authenticate you. it was working perfectly fine few hours ago!

markbolgiano · 2012-11-23T23:42:45.000Z

I am experiencing the same thing, OAuth code that worked - then 2 days ago, starts returning

{“errors”:[{“message”:“Could not authenticate you”,“code”:32}]}