Getting 401 errors rarely (Failed to exchange tokens) on POST oauth/access_token


#1

I make “sign in with twitter” in my app.

  • In OAuth dance, I get make “oauth/request_token”, get otokens
  • Send user to api.twitter.com for “authenticate”
  • User comes with “oauth_verifier”
  • I make POST “oauth/access_token”

%99,5 “oauth/access_token” is successfull and user is authorized in my app.
%0,5 “oauth/access_token” returns a 401 and authorization is unsuccessfull.

The strange thing is, if user tries to authorize one more time %99 “oauth/access_token” becomes successfull.
Why “oauth/access_token” returns a 401 temporarily ?


#2

What can be the cause for
"oauth/request_token" successful 200
But “oauth/access_token” error 401 ??


#3

Any comments please ?
This happens very rarely but I couldn’t find the cause.


Seldom "Invalid / expired Token" errors
#4

When I check response headers for 401 error, I see this response: “Failed to exchange tokens”

One of the failure’s response header is like this.
I changed some of the keys to “12345” for security.

[headers] => Array ( [HTTP/1.1 401 Unauthorized] => [cache-control] => no-cache, no-store, must-revalidate, pre-check=0, post-check=0 [content-encoding] => gzip [content-length] => 43 [content-type] => text/html; charset=utf-8 [date] => Sun, 02 Mar 2014 11:45:39 GMT [expires] => Tue, 31 Mar 1981 05:00:00 GMT [last-modified] => Sun, 02 Mar 2014 11:45:39 GMT [pragma] => no-cache [server] => tfe [set-cookie] => Array ( [0] => _twitter_sess=12345zoHaWQiJWY1NGQzYjY4NWI5M2FlOWFlNzA2M2ZjZjZhODE1NGUzOg9j%250AcmVhdGVkX2F0bCsIWyGdgkQB--5427eae8e77bc8d9567fefa80a79d78e74e275fa; domain=.twitter.com; path=/; secure; HttpOnly [1] => guest_id=v1%3A139376073952912345; Domain=.twitter.com; Path=/; Expires=Tue, 01-Mar-2016 11:45:39 UTC )
        [status] => 401 Unauthorized
        [strict-transport-security] => max-age=631138519
        [vary] => Accept-Encoding
        [x-frame-options] => SAMEORIGIN
        [x-mid] => b55ed5874df2384395db1829c17a2a8058120276
        [x-runtime] => 0.01464
        [x-transaction] => d8d0ac1e11da3700
        [x-ua-compatible] => IE=10,chrome=1
        [x-xss-protection] => 1; mode=block
        [] => 
    )

[code] => 401
[response] => Failed to exchange tokens
[info] => Array
    (
        [url] => https://api.twitter.com/oauth/access_token
        [content_type] => text/html; charset=utf-8
        [http_code] => 401
        [header_size] => 958
        [request_size] => 566
        [filetime] => -1
        [ssl_verify_result] => 0
        [redirect_count] => 0
        [total_time] => 0.885711
        [namelookup_time] => 5.1E-5
        [connect_time] => 0.168242
        [pretransfer_time] => 0.522952
        [size_upload] => 0
        [size_download] => 43
        [speed_download] => 48
        [speed_upload] => 0
        [download_content_length] => 43
        [upload_content_length] => 0
        [starttransfer_time] => 0.885681
        [redirect_time] => 0
        [certinfo] => Array
            (
            )

        [primary_ip] => 199.16.156.40
        [redirect_url] => 
        [request_header] => POST /oauth/access_token HTTP/1.1

User-Agent: tmhOAuth 0.8.3+SSL - //github.com/themattharris/tmhOAuth
Host: api.twitter.com
Accept: /
Accept-Encoding: deflate, gzip
Authorization: OAuth oauth_consumer_key=“12345DwWfjkPyItDc9ovVg”, oauth_nonce=“12345068d8d0c8fad333847781891c3c”, oauth_signature=“123459LC20lRuxOhx64QXKmndOaFc%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1393760738”, oauth_token=“12345tqsHYJIuJbbRezQgCfPgCqH9GqjLueA0k0Uk”, oauth_verifier=“12345LNCXHugEJaSm0xelU3EIDvJNL4Lut2WCZLxqBA”, oauth_version="1.0"
Content-Length: 0

    )

[error] => 
[errno] => 0

)


Seldom "Invalid / expired Token" errors