Invalid / expired Token after entering Wrong PIN



I’m newbie on twitter API and OAuth and i hope this is not silly question.
Currently i’m working on twitter API with OOB OAuth which need user to open the twitter authorize URL to get the PIN number and entering the PIN shown on twitter site to our device, it got no problem at all when user entering the right PIN number.

The problem is when user entering the wrong PIN number and then they try again with correct PIN but the twitter API response was 401 Invalid / expired Token, is this right behavior of access_token API from twitter so i need to renew the authorize URL or i’m doing some mistake that causing this?

Thank You


After searching for several days, I found this mail archive on google:

It seems the user cannot enter the wrong PIN even once, if the user entered the wrong PIN the application should get new authorize URL again and users should go to the new authorize URL with new oauth_token.

Can this flow changed? i have to show users the QR Code on a device (not phone) to the auth URL and they will scan with their mobile phone to reach the PIN page. If they are entered the wrong PIN, they should rescan the “new” QR Code again and get the new PIN.

I think it will be better if they just can try again to enter the right PIN after entering the wrong PIN


my issue is i have this app that requires the pin, i used it normally a few times, some day when i turn on the PC it ask me again for the pin, i didnt saved it anywhere or write it down, so i dont know wich my ping was, and everytime i try to get it again with the same app that ask me to get the pin, it says its expired, is there a way to check my old pin code ?


I am having same exact issue as @NecronCorpus would love to know how to get this back so I can use the app.