Is anyone else seeing increased 401 errors over the past 48 hours?

FashionThree · 2012-06-10T13:28:51.000Z

Testing with another user account gave same problem. So, it must be something to do with IP address, not user account?? (There are no other twitter apps running on this IP address.)

FashionThree · 2012-06-11T00:26:16.000Z

Sorry, this worked again when I fixed my clock (which was 9hrs in future, i.e. the above-mentioned 13:47:04 UTC, was actually at 04:47:04 UTC). So it was a machine config issue, not an account issue or an IP address being blacklisted.
Maybe it still belongs in this thread though, as getting a “401 unauthorized” is strange? Can we have a “5xx Your clock is wildly wrong… idiot” message please
Only streaming was affected, I could use the REST api okay.

jnoleau · 2012-06-11T08:13:53.000Z

I don’t agree. Nonce/Timestamp is the way to avoid replay attacks. It is not strange to have a 401 in this case.

Bad timestamp --> may be a replay attack --> can’t authentify --> 401

AldoForce · 2012-06-12T16:53:21.000Z

Yesterday 6/11 3pm PST everything was working fine, we were allowed to post tweets without 401 response. Now, 6/12 9.45am PST we receive same issue. There’s an erratic behavior on this. We tried to revoke/grant authorization, and sometimes that worked but not always.

optikfluffel · 2012-06-12T18:12:53.000Z

I have them all over here too.

byutvapps · 2012-06-14T15:47:16.000Z

We’ve also been seeing this on our Streaming API client as of the evening of 6/11.

ajconsultingme · 2012-06-14T16:47:02.000Z

Same here: Twitter error code: 401. Twitter Error Message: <?xml version="1.0" encoding="UTF-8"?> Could not authenticate with OAuth. /1/statuses/update.xml .

Total disaster if this is not resolved soon guys! Thanks for your support.

episod · 2012-06-14T16:58:38.000Z

Most of the spurious cases have been resolved – you may find some users consistently return 401s for you while other users do not – in that case there may be a material issue with the user’s actual account and that user should follow up with Twitter @support for further investigation. Those users may find resolution by simply hitting save on their profile on twitter.com as well.

If you have a deterministic case of OAuth failing – it’s likely your OAuth. On a number of API methods, including much of the Streaming API, we continue hardening our OAuth implementation – meaning some quirks that may have been tolerated in the past may no longer be. Verify that your OAuth is textbook – common issues including mis-encoding the “,” (comma) character in URLs or POST bodies, resulting in mis-encoded commas within your signature base string. You may also find that some methods are more sensitive about the amount of clock drift they’ll allow in your oauth_timestamps.

kingducusin · 2012-06-19T06:02:43.000Z

We’ve been experiencing this 401 issue also for the past few days. A couple of weeks ago, it was ok. This only happens to one of our test accounts @ksl246.

I’ve tried re-saving the user account’s settings and re-register the app. But it still receives the 401.

The weird thing is this account returns timelines ok in our iPhone/Android clients. But in WindowsPhone its consistent 401. It can post tweets alright on WP7, but would eventually receive 401 as response. We’re using TweetSharp and Hammock in Windows Phone. Please advice.

Thank you.

episod · 2012-06-19T15:19:57.000Z

Verify that your OAuth is pitch-perfect on Windows Phone. If it’s only happening on that device, then there’s likely something subtly wrong with the OAuth implementation there. See [node:204] for more tips.

kingducusin · 2012-06-20T05:47:48.000Z

Thanks we’ll have a look at our code. But just a quick question though, is it possible that there’s something wrong with our OAuth when it’s working for any other accounts we’ve tried ? and that particular account that’s producing the 401, can tweet just fine (just receiving 401 after posting tweet but the tweet is visible on web) ?

episod · 2012-06-20T14:46:45.000Z

It’s definitely possible – user corruption happens. If you believe that to be the case, have the owner of the account reach out to @support who may be able to fix their account.

scopeapp · 2012-06-27T00:18:38.000Z

Is there a recommended way to handle these intermittent errors?

The calls are returning code 401, “Could not authenticate with OAuth.”. We interpret that as a problem with the user’s token, and ask them to sign in again. But if we can’t trust that error, how do you recommend we handle this?

Our solution is now to have test accounts that we know should work, and if they don’t, assume the issue is on your end instead of with any one user’s token. Is there a better way?

Do you not have some similar state test before returning a response to prove your internal authentication is functioning? As others have described, this happens a lot to us. Today, it was for everyone, for the last couple of hours.

jnoleau · 2012-06-27T05:58:00.000Z

I think the best way is to never trust 401 from REST or STREAM API and handle this error as a 500 “Oops there was something wrong with twitter”

Only trust 401 from verify_credentials https://dev.twitter.com/docs/api/1/get/account/verify_credentials

richardhyland · 2012-06-27T09:09:17.000Z

A number of my users are seeing a lot of oAuth errors retrieving timelines, it’s definitely a minority of users but still quite a few nonetheless.

The usual trying to revoke permission and reauthenticate hasn’t worked either.

I’ve asked them to contact @support but many seem reluctant to do so because ‘Twitter for iPhone still works’… so it must be my fault… sigh

TheUberGuy · 2012-06-27T10:08:52.000Z

Our users are seeing a significant number of these errors also. Interestingly I can repeat it but I only get the error when requesting /statuses/replies.json surrounding calls using the same oauth tokens to the home timeline and DMs work fine. Can someone at least send out a tweet with the @twitterapi, @support, and/or @twitter account acknowledging these ongoing issues with third-party clients?

aGuyonClematis · 2012-06-27T13:55:32.000Z

I’m seeing the same issue as @TheUberGuy using a 3rd party app (twidge). All calls work, except calls going to replies.xml those are sending back a 401 error.

episod · 2012-06-27T13:58:29.000Z

We’re investigating this recent spat of 401s. This is a different issue (though it looks similar) than most of the thread discusses above. Will provide details when I have more to share.

episod · 2012-06-27T13:59:27.000Z

replies.xml is not a valid API endpoint, by the way. You should likely be finding a modern alternative.

TheUberGuy · 2012-06-27T14:14:08.000Z

Damn, you guys are up early out there! Thanks for taking a look, if there is any testing, repeating of this issue that you need from my end I’m happy to help. It definitely appears to happen on every attempt at the /statuses/replies.json on both our blackberry key and iphone key, not sure on android yet.