Error 401: Unauthorized

dbounds · 2013-04-04T18:12:00.000Z

Hi. For some reason today we band receiving 401s for all Twitter 1.0 web OAuth flows for both our product and temporary. The systems impacted have been unchanged for some time.

I’ve included a sample of the HTTP flow that’s resulting in the 401.

GET /oauth/request_token?oauth_consumer_key=OCK&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1365098454&oauth_nonce=7170606765253016&oauth_version=1.0&oauth_signature=ZBEE0hDtllqHlWxpho7jBdJn0mY%3D HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: api.twitter.com
Cookie: $Version=0; k=10.40.17.124.1365097763166946; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJZwKtY9ASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTkz%250AN2Y3ZDNmNjZjYmRjZjI2YmUyNWFjOGYwYjRiMjc3–83976c473a885783ee2fa5ac7982ef5322c8c2bb; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; guest_id=v1%3A136509776305849994; $Path=/; $Domain=.twitter.com

HTTP/1.1 200 OK
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 147
content-type: text/html; charset=utf-8
date: Thu, 04 Apr 2013 18:00:54 GMT
etag: "1903d30c449aa942cc264a46ad099298"
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Thu, 04 Apr 2013 18:00:54 GMT
pragma: no-cache
server: tfe
set-cookie: _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJZwKtY9AToHaWQiJTkz%250AN2Y3ZDNmNjZjYmRjZjI2YmUyNWFjOGYwYjRiMjc3–09326408a927d60b057b01f3fed7d0e730c8d6a9; domain=.twitter.com; path=/; HttpOnly
status: 200 OK
strict-transport-security: max-age=631138519
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-mid: 426312eb36c2d7548cd32c949cd229754aded249
x-runtime: 0.02272
x-transaction: ede17dcb8ba42630
x-xss-protection: 1; mode=block

GET /oauth/access_token?oauth_token=3PeniFWMRpkeYiTL4538iDPZe0miSP9kNpgS1LToGI&oauth_consumer_key=OCK&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1365098455&oauth_nonce=7170607798106033&oauth_version=1.0&oauth_signature=hcVN1JmXRL%2BMMarFXFJmQAZoAy0%3D HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: api.twitter.com
Cookie: $Version=0; k=10.40.17.124.1365097763166946; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; guest_id=v1%3A136509776305849994; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJZwKtY9AToHaWQiJTkz%250AN2Y3ZDNmNjZjYmRjZjI2YmUyNWFjOGYwYjRiMjc3–09326408a927d60b057b01f3fed7d0e730c8d6a9; $Path=/; $Domain=.twitter.com

HTTP/1.1 401 Unauthorized
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 434
content-type: text/html; charset=utf-8
date: Thu, 04 Apr 2013 18:00:55 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Thu, 04 Apr 2013 18:00:55 GMT
pragma: no-cache
server: tfe
set-cookie: k=10.41.3.127.1365098455245574; path=/; expires=Thu, 11-Apr-13 18:00:55 GMT; domain=.twitter.com
set-cookie: guest_id=v1%3A136509845510848576; Domain=.twitter.com; Path=/; Expires=Sat, 04-Apr-2015 18:00:55 UTC
status: 401 Unauthorized
strict-transport-security: max-age=631138519
vary: Accept-Encoding
www-authenticate: OAuth realm="https://api.twitter.com"
x-frame-options: SAMEORIGIN
x-mid: 49c7394d408ff0fda3b321023eaacbb51be09189
x-transaction: 7097129b9c90566e
x-xss-protection: 1; mode=block

sameeh_harfoush · 2013-04-05T09:02:00.000Z

i am facing the 401 error. i am using jsOAuth-1.3.6.js library.
1- I call fetchRequestToken (ok)
2- i open the user authorization / login window (ok)
3 - enter username and password and get the callback url (ok)
4 - call fetchAccessToken (get 401 error)

below is my header:

oauth_callback = http://192.168.1.74:8888/callback/twitterOauthCallback.html
oauth_consumer_key = E3xxxxxxxxxxxxxxHfg
oauth_token = J1fxxxxxxxxxxxxxxxxxxxxxxxxxxxx20
oauth_signature_method = HMAC-SHA1
oauth_timestamp = 1365151792
oauth_nonce = 36222C667E353A51
oauth_verifier =
oauth_version = 1.0

any idea what might be the problem ?? i am blocked

episod · 2013-04-05T14:32:31.000Z

See [node:16443] and make sure you’re sending the oauth_verifier on the oauth/access_token step.

yirgabdm · 2013-04-19T07:08:27.000Z

Not Yet

zararsiddiqi · 2013-04-25T14:40:06.000Z

Yup, this actually is still relevant. Thank you.

QcSolutInternet · 2013-04-30T14:10:29.000Z

wow… had same issue and this 1 year and a half old comment helped me!!! Thanks @mello702 !

saboonike · 2013-05-21T16:10:00.000Z

Hi
I am facing The Issue in getting the Access token For Twitter

In Windows I am able to generate the access token successfully using sign-in-twitter method.
When i tried to deploy in the Linux(tomcat server) i am getting the 401 Unauthorized error…
For https://api.twitter.com/oauth/request_token
Response i am getting …

http response : HTTP/1.1 401 Unauthorized
[cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0,
content-length: 44, content-type: text/html; charset=utf-8,
date: Tue, 21 May 2013 14:59:41 GMT, expires: Tue, 31 Mar 1981 05:00:00 GMT,
last-modified: Tue, 21 May 2013 14:59:41 GMT,
pragma: no-cache, server: tfe,
set-cookie: _twitter_sess=BAh7CDoHaWQiJWRkZmFlOTQwOGE0NzMxY2E2MGRmMWJhYjdmMTE0ZGU0Og9j%250AcmVhdGVkX2F0bCsIBVuaxz4BIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–b443e454dd6978065d01c66dab1d4bab7b12b1a3;
domain=.twitter.com; path=/; HttpOnly,
set-cookie: guest_id=v1%3A136914838194546230;
Domain=.twitter.com; Path=/; Expires=Thu, 21-May-2015 14:59:41 UTC,
status: 401 Unauthorized, strict-transport-security: max-age=631138519,
vary: Accept-Encoding, x-frame-options: SAMEORIGIN, x-mid: 2fe33275026baf8bfe76aad15be713ee0e043706,
x-runtime: 0.01648, x-transaction: 6febc9ccdcce8bca, x-xss-protection: 1;
mode=block]

Is anything to be changed in Linux Server… because when with windows it is working fine i am able to get the access token.

episod · 2013-05-22T14:37:53.000Z

There are number of environmental things that effect making connections to the API – the system clock and the SSL implementation on the server being two of the most common things. Take a look at [node:204] for some debugging tips.

harpreetsb · 2013-05-24T20:37:15.000Z

old comment but works like a charm. thank you.

omalave · 2013-06-25T14:47:32.000Z

Did you check the time?

Agence3pp · 2013-09-03T15:36:31.000Z

perfect ! thanks a lot !

swanshi_saxena · 2013-10-23T12:18:01.000Z

I am getting The remote server returned an error: (401) Unauthorized

in this function pls reply me as soon as

public string WebResponseGet(HttpWebRequest webRequest)
{
StreamReader responseReader = null;
string responseData = “”;

        try
        {
            responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
            responseData = responseReader.ReadToEnd();
        }
        catch
        {
            throw;
        }
        finally
        {
            webRequest.GetResponse().GetResponseStream().Close();
            responseReader.Close();
            responseReader = null;
        }

        return responseData;
    }

swanshi_saxena · 2013-10-23T12:44:20.000Z

StreamReader(webRequest.GetResponse().GetResponseStream()); giving me 401 error

Pls help me

gascasf · 2013-12-06T18:32:17.000Z

For me this problem was resolved when I unchecked the box that says
"Allow this application to be used to Sign in with Twitter".

Using Omniauth-twitter gem, Rails 3.2.1.4.

mgarcia_dm · 2013-12-27T13:21:52.000Z

This works for me. One app works without filling this field, and another app does not. I can’t believe this kind of bugs in Twitter…

ThoughtsByBen · 2014-01-28T16:56:56.000Z

This worked for me too! Thanks for this hint, I can finally stop banging my head!

Oh, and I am also using Omniauth-twitter gem

SivaBalan2610 · 2014-03-05T05:40:00.000Z

can someone provide the complete solution for this issue?

As part of the process(https://dev.twitter.com/docs/auth/implementing-sign-twitter ) provided by twitter to obtain final auth_token , i’m able to get the response for step 1 & 2.

But when i try to get the final auth_token by making the request using the below URL, i’m still geting 401 error.


string loginURL ="https://api.twitter.com/oauth/access_token?oauth_consumer_key="+TwitterAPI.Consumerkey +"&oauth_nonce="+nonce+"&oauth_signature="+sign+"&oauth_signature_method=HMAC-SHA1&oauth_timestamp="+timeStamp+	"&oauth_token="+TwitterAPI.AuthToken+"&oauth_verifier="+TwitterAPI.AuthTokenVerifier+"&oauth_version=1.0";

what’s is wrong in this URL?

it’ll be of great help, if some one provide the solution for this issue.

Auguronomics · 2014-03-11T09:54:59.000Z

Hi, Just to take care about the time sync on your computer, plus minus 5 min you’ll be too late:
401 Autorization Failed on Twitter oAuth #

$oauth_timestamp = [System.Convert]::ToInt64($ts.TotalSeconds + 305).ToString();

swarnendu_dtt · 2014-04-02T18:02:00.000Z

thanks that helped

swarnendu_dtt · 2014-04-02T18:02:00.000Z

God Bless You… i had to spend days sorting it out…