Infuriating Inability To Create Oauth Tokens


I have a group of accounts that are low to no traffic and they exist only to hold a few private lists for some social graph stuff I am doing. Working with half a dozen accounts what I am seeing are symptoms like:

  1. Create an app, manually create the quartet of tokens, enter them in config file, web interface fails to produce working tokens for five of six.

  2. Created an app that works for one account, have a simple auth/PIN script, tokens from this work for the parent account, but not for any of the others.

  3. Create multiple apps under another new account, finally got ONE that behaved, took four attempts.

I wonder if there is some profile completion/activity requirement to create an application - some of these are innocuous eggs, some have a profile photo and a bio, they follow a handful of celebrities and otherwise try to look like someone’s false start. I’ve gone as far as firing up another VPS and installing Tweepy from scratch, but I face the same issues.

Here is a simple app to print a given user’s screen name and the auth code used to obtain keys from another account’s application.

import tweepy
import os
from simpleconfigparser import simpleconfigparser

config = simpleconfigparser()['HOME'] +'/.twitter')

auth = tweepy.OAuthHandler(config.API.consumer_key, config.API.consumer_secret)
auth.set_access_token(config.API.access_token_key, config.API.access_token_secret)
api = tweepy.API(auth)

y = api.verify_credentials()
print y.screen_name

Nor is this:

#!/usr/bin/env python
import tweepy

CONSUMER_KEY = 'from working app'
CONSUMER_SECRET = 'from working app'

auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET)
auth_url = auth.get_authorization_url()
print 'Please authorize: ' + auth_url
verifier = raw_input('PIN: ').strip()
print "consumer_key = %s" % CONSUMER_KEY
print "consumer_secret = %s" % CONSUMER_SECRET
print "access_token = %s" % auth.access_token.key
print "access_token_secret = %s" % auth.access_token.secret

This is the error message that Tweepy throws:

tweepy.error.TweepError: [{u’message’: u’Invalid or expired token’, u’code’: 89}]

pip freeze reports tweepy==2.1 installed.

Getting this work should have taken an hour from start to finish, but I’ve picked at it off and on for a couple of weeks now, and I’ve come to the point where I have to have all of the accounts running in order to take the next step. Is this some obscure bug I am facing, or some unwritten policy that thwarts creating application with new/low volume accounts?


Taking a step back, what are you trying to accomplish that you need multiple applications and multiple accounts to accomplish them?

When you’re trying to use the PIN-code/OOB flow, are you able to get to oauth/authorize? It looks like you’re missing the request token step there.


Taylor - that auth code snippet produces a URL, I log in with any of the Twitter accounts that need access, paste the URL into another tab, and I get a PIN back. I put the PIN in on the command line, it prints the consumer key, consumer secret for the app, and then it provides the access token and access token secret. This has worked for ONE account, I need to use it on half a dozen.

If I log into dev using the username/password of one of the accounts, create an app, then manually create the access & access secret tokens, they don’t work.

I need ONE application that provides reliable access for a small number of accounts. While writing this I got an older account from a friend, created an app, here are the credentials. They didn’t work. I reset keys, still didn’t work. Deleted the app, created a new one, gave it maximum permissions in settings, didn’t work. Used the consumer/consumer secret in that auth script, generated access/access secret, those don’t work.

I wrote my first oauth capable app about a week before Twitter cancelled username/password logins - was that in 2010? So I’ve done this a few times in the past. Keep in mind this code works for some accounts and it’s a very broadly used library - Tweepy. I formerly used the ‘twitter’ package from PyPI, which included some simple CLI tools that did what I needed, but this package wasn’t updated with the sunset of API 1.0, and I was forced to create a few new utilities.

It’s a real head scratcher. If it was every single account I would be digging through the source on the library itself, but since it works for a few accounts, this makes me think it’s Twitter using some measure such as account age or friend/follower counts in order to screen out junk apps, except that this just failed with a four year old account that has many followers.


Created tokens work in the oauth test tool on the dev site. I just hunted up the Tweepy mailing list - the main developer announced he was retiring the app after completing the API 1.1 upgrade. Yikes.


What, though, specifically isn’t working when you’re using a single consumer key and secret to:

  1. get a request token through oauth/request_token
  2. creating an authorization URL with that oauth_token value at the end of it
  3. visiting that authorization URL and signing in as the account you want an access token for
  4. getting redirected to a PIN code page
  5. entering the PIN code into your application
  6. exchanging the request token, along with the PIN as oauth_verifier to oauth/access_token for an access token & access token secret
  7. using the access token & access token secret for making API calls

Which step is failing for you? What’s the HTTP code you’re getting back at that stage?

Things can happen where some apps and some accounts work less well than others – these are rare conditions though. More often than not, the kinds of issues you’re experiencing can be tracked down to a quirk in a library, a skipped step, or the usage of the wrong keys at the wrong times, and so on.


OK, here is the problem:

API 1.0 to API 1.1 meant the twitter and python-twitter packages on PyPI were a little lagged. I needed something that worked /w API 1.1 and Tweepy did the job. But … the developer threw up his hands on June 11th. There is some subtle bug in oauth handling with version 2.1, mostly it fails, I got lucky and it worked on the first few accounts I used.

I nailed it down to the library itself by using the oauth request tool associated with one of the apps - works fine there, fails on Tweepy based code.

During this time the twitter package caught up, so I am basically right back where I started two months ago, using a bulk archiver when I need something that will permit me to be gentle with the API and which provides easy access to the rest of the API.