Getting token expired or Invalid error randomly



I am facing some weird issues with access tokens.

When a user logs in, the IOS app send the token and secret. I make a call to verify_credentials and store the user’s details. Then based on user actions I send tweets time to time.

We started getting ‘invalid or expired token’ error when sending tweets for some users. So we decided to logout the user when that happens. When the user logins again we would have a valid token. The problem now is verify_credentials works fine during login and all the api calls after that give ‘invalid or expired token’ error.

When debugging this issue using my account’s access tokens, the server could send tweets. When I tried to do update_status using the same access tokens locally with tweepy I got ‘invalid or expired token issue’. Thought It was tweepy issue. So tried the same with twython. Got the same error. Guessed the token has actually expired. But again tried from server and it could send the tweets. Looks very strange.

Anyone faced this issue? Twitter people, any advice on this?

Getting same access token after logout and login again in iOS?

Thanks for reaching out on this @shotwhat. Are you using keys generated from Fabric or those create via


@bonnell Yeah! keys are generated from Fabric.


Can you share the full error message including the http error code that you’re getting?


@bonnell The http code is 401 and the error json is

  [{u'message': u'Invalid or expired token.', u'code': 89}].


Thanks and just to be sure this is login via Twitter, not Digits correct?


Oh ya, it is Login via Twitter only. We are using iOS Twitter kit that comes with Fabric.


Thanks for confirming. I’m going to do some more testing and work with a few other engineers. There will likely be a delay due to the upcoming New Year holidays, but I’ll keep you updated.


@bonnell any updates? We have to submit our iOS build to Appstore. We are just waiting for this bug to get fixed.


Unfortunately not yet, the other engineers I need to work have been unavailable, but I’m hoping to make progress today or tomorrow.


@shotwhat @kidsid49 Can let me know your app’s identifier - either from Apple or the bundle id? Also, which version of Twitter Kit are you using?


@bonnell We are using TwitterKit “1.14.6” (Which comes with fabric suite) and bundle id is “com.goodshows.goodshows” .


@bonnell Does that help?


It does help and I’m investigating further. Thanks for your patience, I know you’re trying to release!


@kidsid49 @shotwhat Can you try recreating your Twitter consumer key and secret from the Fabric dashboard and let me know if that fixes it after replacing the old keys with the new values?


@bonnell But can you guys check what’s happening here?
A lot of beta users already using our app right now and we also submitted the build yesterday since we thought its surely a backend issue and can be fixed without updating the app.


It looks like that key was invalidated. I’m looking into why this happens, but at this point a new key would need to be generated.

I am sorry for the inconvenience and frustration as this is far from ideal, but I wanted to let you know as soon as I had confirmed this.


@bonnell What exactly is invalidated? The consumer key and secret? If that is the case, then everything should be failing, right? But login and posting a tweet are working just fine for most of the users.

For a couple of our users whose tokens were getting expired randomly, it’s working fine now. Thought it was because of you guys working on it. We are yet to confirm if the problem is completely gone though. We have asked few people to logout and login again. We will know for sure when the actions they do is tweeted successfully.

And we also did a login and tweeting an action from the app with a brand new account, everything was working fine. @kidsid49


@shotwhat Yes, the key was invalidated for certain actions which was a bug that has been corrected for new tokens that have been generated.


@bonnell Oh okay. So we can logout the user when it fails and when they login back we will get a access token which will work for all actions, is that right?