Intermittent failures for request and access tokens


#1

Has anyone else encountered intermittent 401 responses when request an OAuth Request Token? We generally receive a 200 response with the request token but there are times when we will receive a 401 with the error message:
{"code":89,"message":"Invalid or expired token."}.

Per the OAuth 1 spec, I’d expect a 401 response for only a handful of conditions, but I’m having a difficult time identifying the root cause of the sporadic error responses.

We’re also seeing intermittent HTML error page responses when requesting an access token. The HTML page returned has the title Twitter / Error.

I should also note that our OAuth 1 code has not been modified recently. We’ve also inspected the OAuth request headers and they look okay upon our inspection.

Any insight on the topic would be greatly appreciated!


High 500 Internal Server Error from /oauth/access_token
#2

Twitter - Adding to soung3’s note (he’s my colleague here at Sprout Social), we have narrowed this down further. The issue he reported regarding the oauth/request_token endpoint was a red herring. The root issue we see now is that oauth/access_token is returning with a 500 status code about 50% of the time. This seems the same situation reported on this ticket High 500 Internal Server Error from /oauth/access_token.


#3

Thanks for the additional context - I’ll raise internally.


#4

Hi Andy, thanks for raising… Some extra info:

  • Looks like a fix may have been rolled out late Friday night (failures dropped down close to 0% for most of Saturday)
  • High failures started to reoccur again around 7am UTC Sunday
  • We originally noticed that most failures occurred with new users trying to authenticate for the first time (Not sure if still the case though)

Many thanks
Dave


#5

Any updates on this @andypiper? We saw a period of time from yesterday 17:00 UTC to today 17:00 UTC with a lower error rate, but errors are starting to pick up again. Curious if code changes are being made under the covers.


#6

@andypiper Hootsuite app is facing the similar problem. Requests are failing randomly with 401. Its happening for most of the get requests.


#7

Hi @andypiper, sorry to press you on this as I know you guys are running full speed over there…

Could you check with your colleagues if there are any workarounds we can use while they try to locate this issue…?

This is pretty catastrophic for all 3rd party apps currently. I can add to the feedback from the others if it’s helpful. We saw clean operation between these times:

(20th: 6am UTC) to (21st: 7am UTC)
(22nd: 7pm UTC) to (23rd: 9pm UTC)

Not sure if those were fixes being tested but it was working for us during those times…

Thanks again


#8

Thanks for all the additional context. I have an internal ticket but haven’t been able to progress it in the past day or two due to resource constraints. I will update as soon as I can.

I just want to confirm, across the 2-3 apps involved in this thread, that we have a consistent symptom (500 status on oauth/access_token, apparently random / c. 50% failure rate) - and that we are not otherwise conflating issues? Thanks!


#9

Thanks Andy, yes, we are receiving 500’s for oauth/access_token for roughly 50% of users. Hard to correlate, but we suspect it to be mostly with new users…


#10

Correct, we’re seeing 500’s for oauth/access_token requests. We haven’t dug into what type of accounts are encountering this error (e.g. new users, existing users, etc).


#11

I’ve had a number of reports of 500 errors for this too oauth/access_token

Many seem to be first time users, I’ve personally not experienced it through testing of removing and re-signing into my account


#12

Hi @andypiper for hootsuite app we are seeing 401 when trying to fetch user info. If needed i can provide with exact requests, timestamp and auth tokens that resulted in a 401 in a private thread.


#13

Hi @andypiper, I took some traces today in order to give you guys some more detailed info. Here goes:

  • First timers only: We’re only getting 500’s for new user authentications. Users that have authenticated the app before do not experience this failure when re-authenticating (we only saw 1 re-authentication failure in our sample).
  • 50% affected: Roughly 50% of first timers will receive 500’s. 50% authenticate first time successfully (our exact split was 53/47).
  • 1-3 mins of retries: Users usually have to retry for a few minutes before they can successfully authenticate for the first time. They may receive multiple 500’s before they can get in (eg. 2 to 10 retries).
  • All countries: Users from all countries are affected.
  • All account ages: All twitter account ages affected (1 day old accounts to multiple years).
  • All tweet/follower/friends sizes: Mature and new twitter accounts affected equally.

Hope this helps. Sample size was 100 new users, so statistically rough numbers only.

Thanks
Dave


#14

Hello,

I’m a developer from Twitter Counter and we’re having a related problem. 10 days ago we started receiving code: 401 in our requests, causing a huge (thousands of it) lost of user tokens.

Currently most of our requests right now are receiving: {"code":89,"message":"Invalid or expired token."}, so we’re not able to do anything in background (we are a analytics platform) and this is giving us big headaches right now.

Do you guys know how can we proceed with it? We need to find a solution for this as soon as possible.

CC: @andypiper

Thanks,
Guilherme


#15

As you can see from this thread, we are aware of (and looking into) an intermittent issue. Can you let us know whether your issue is identical (i.e. related to oauth/access_token requests), or something different? It’s important to avoid conflating two different problems. If you have a separate problem please give us as much information as possible about the circumstances and specific symptoms.


#16

Hello @andypiper,

Thank you for your quick answer.

Might not be related at all, but we’re still receiving the same response code as the thread is talking about.

Let me explain a little bit more, we have a process that’s running every minute and when we are trying to validate users (already registered) credentials by using GET account/verify_credentials we are receiving the Invalid or expired token error. All users we lost the tokens were receiving a 401 response at August 18.


#17

This does not sound directly linked If you cannot match the endpoint call and symptom. Please open a new thread. I cannot comment on individual apps or keys for privacy reasons, but the team will endeavour to investigate.


#18

@andypiper okay Andy, thank you! I’ll open it.


#19

Hello Andy,
Philippe from Socialfave (CEO) - @TheMisterFavor on Twitter, and @Socialfave for the companie.
We start launching Socialfave V2, a great Twitter tool to manage content, followers…, to shedule, to analyze, And we market on Facebook at this time to have many friends signing up.
So many people want to sign up and have this issue when trying to authorize their Twitter for Socialfave (authentification).
We had not this problem before, and it’s truly at the bad moment.
Have you an idea when it solved?
I will also invite you on FB, with Philippe TREBAUL Bis, because I won’t come all the time to check the answers (maybe yes…because so anxious with that…So huge challenga for us).
so, I thank you for your answer, and I truly hope it will be solved very very soon.
Have a very nice day, Andy.
God bless you!
Philippe


#20

We have exactly the same code, Dave.
And we have quite the same ratios.
Philippe