Incorrect system time resulting in auth failure


#1

I am using the Twitter4J library on Android; and discovered that Twitter API does not return an auth token if I set an incorrect time on my phone (say I set the current date to one from next month). I understand the OAuth spec requires a timestamp; and I also understand the Twitter guidelines which recommend clients to check the date on Twitter servers with the “Date” response headers. My questions are :

  1. Facebook is also based on OAuth, and they work fine even if I send a wrong time. What is the difference between the way Facebook and Twitter are implementing the same (OAuth) spec ?
  2. How do I solve this problem - assuming that my app user can set his/her phone time to anything he/she wishes to. Should I get the Twitter response header on auth failures, extract the value from date header, re-compute timestamps accordingly and retry ?

Thanks !