I am using the Twitter4J library on Android; and discovered that Twitter API does not return an auth token if I set an incorrect time on my phone (say I set the current date to one from next month). I understand the OAuth spec requires a timestamp; and I also understand the Twitter guidelines which recommend clients to check the date on Twitter servers with the “Date” response headers. My questions are :
- Facebook is also based on OAuth, and they work fine even if I send a wrong time. What is the difference between the way Facebook and Twitter are implementing the same (OAuth) spec ?
- How do I solve this problem - assuming that my app user can set his/her phone time to anything he/she wishes to. Should I get the Twitter response header on auth failures, extract the value from date header, re-compute timestamps accordingly and retry ?