OAUTH seems to have broken?

mrcfield · 2011-12-21T08:53:35.000Z

Since last night (its 9am here in the UK) something seems to have changed with Twitter’s OAUTH?

My code was working fine last night, now requesting tokens gives complete nonsense. This is even on an app that was published for several weeks, so there’s no way I could have changed anything.

This is what I’m seeing returned : http://twitpic.com/7w6x99

deepra_uk · 2011-12-21T13:07:34.000Z

Same thing happening to me too… Any solutions?

episod · 2011-12-21T15:05:14.000Z

This would be quite unusual. Can you detail the HTTP headers you’re sending with the request and the HTTP headers you’re getting in response?

mrcfield · 2011-12-21T16:17:41.000Z

Thanks for the reply.

I can’t easily unfortunately as I can’t get Fiddler working with the Windows Phone SDK. Currently “at work”, but will try and get some header info later on.

I noticed in the screenshot it was set to a GET ,and probably should be a POST… I had tried that too and that gave the same results.

episod · 2011-12-21T16:30:18.000Z

Were you operating through any kind of proxy?

mrcfield · 2011-12-21T16:32:10.000Z

None other than any my ISP may be running (which is virgin media).

mrcfield · 2011-12-21T17:27:06.000Z

The users of my application have started reporting the same issue, so I doubt its a proxy issue.

mrcfield · 2011-12-21T17:36:00.000Z

Just running further tests, and it works sometimes, and not others. I don’t know if there is some kind of load balancing issue where by one of the machines in the cluster is “dodgy”?

I’m passing in the same data each time…

episod · 2011-12-21T17:39:13.000Z

Not usually – but that’s why I want to see your HTTP headers you get in a response and that you send – they’ll tell us where to look for issues.

Testing1500 · 2011-12-21T18:57:45.000Z

I’m getting the same, here’s the response headers from https://api.twitter.com/oauth/access_token

HTTP/1.1 401 Unauthorized
WWW-Authenticate: OAuth realm="https://api.twitter.com"
X-Transaction: 7b0da5a2a458dadc
Content-Length: 131
X-MID: b20cf2f03f9c851a982571c5402af8ccfe1bffda
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Wed, 21 Dec 2011 17:52:42 GMT
X-Revision: DEV
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCC71wGE0AToHaWQiJWI2MTkyZjc2ZTFjY2Iw%250AZWZhN2ZlZjU2YzAwODg5OGZjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–325f603876b34bffe49654fc8b6be3da780cc86d; domain=.twitter.com; path=/; HttpOnly
Set-Cookie: guest_id=v1%3A132448996279749387; domain=.twitter.com; path=/; expires=Sat, 21-Dec-2013 05:52:42 GMT
Set-Cookie: k=10.34.122.103.1324489962743367; path=/; expires=Wed, 28-Dec-11 17:52:42 GMT; domain=.twitter.com
Server: tfe
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Pragma: no-cache
Status: 401 Unauthorized
X-Frame-Options: SAMEORIGIN
Date: Wed, 21 Dec 2011 17:52:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Invalid / expired Token /oauth/access_token

As per the other poster this functionality was working in several environments up until today where these exceptions are occurring.

rschu · 2011-12-21T19:25:35.000Z

Same here.

It’s broken. There’s no access token returned.

episod · 2011-12-21T19:34:20.000Z

Some folks here are reporting a separate issue to the originating post.

If you’re having trouble negotiating OAuth, please share the exact URLs you’re executing and include the POST body and all HTTP headers sent and received.

If you’re having issues with oauth/access_token in particular, detail the amount of time that passed between the oauth/request_token step and your utilization of oauth/access_token.

rschu · 2011-12-21T20:18:50.000Z

Here’s a dump of the response I get:
http://pastebin.com/6kFL85ch

You can find the URIs, request, response time, headers and more info. Hope this helps.

mrcfield · 2011-12-21T20:19:58.000Z

Mine is the same as René’s

mrcfield · 2011-12-21T20:22:35.000Z

Here are the headers I get back:

Date: Wed, 21 Dec 2011 19:40:08 GMT
Status: 200 OK
X-Transaction: d849eb9ba2b89634
ETag: "7346f04d31ae37daf42612d4d4dec3b5"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 21 Dec 2011 19:40:08 GMT
X-Runtime: 0.12137
Content-Type: text/html; charset=utf-8
Content-Length: 163
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 677e8f1f834f063956142da9c08d959300172d84
Set-Cookie: k=10.35.19.120.1324496408317801; path=/; expires=Wed, 28-Dec-11 19:40:08 GMT; domain=.twitter.com, guest_id=v1%3A132449640832492020; domain=.twitter.com; path=/; expires=Sat, 21-Dec-2013 07:40:08 GMT, original_referer=fBxhJyK4Ko2le28vCjFdUuU0TPqFAtRd5Sf5c5QBb4gTOUJXdRr%2B8fMpzo5i43qdtpdBso14k8sdRdYbr1UTTi5N7Q9mLoRp%2BlZcLoynFik%3D; path=/, external_referer=fBxhJyK4Ko2le28vCjFdUuU0TPqFAtRd5Sf5c5QBb4gTOUJXdRr%2B8fMpzo5i43qdtpdBso14k8sdRdYbr1UTTi5N7Q9mLoRp%2BlZcLoynFik%3D%7C0; path=/; expires=Thu, 22-Dec-2011 19:40:08 GMT
Vary: Accept-Encoding
Server: tfe

mrcfield · 2011-12-21T20:28:55.000Z

And these are the headers I send… I have removed a few bits though (I think theyre the bits you’re supposed to keep “secret”?)

Authorization: OAuth oauth_consumer_key="",oauth_nonce="",oauth_signature=“SAFtiFZyFIGRYUqb6ddWFxFMiUs%3D”,oauth_signature_method=“HMAC-SHA1”,oauth_timestamp=“1324499188”,oauth_token="",oauth_verifier=“27coffEwnLpf4INxCYa3lzriGhyavNh4SpIuu38g3H8”,oauth_version="1.0"
Content-Type: application/x-www-form-urlencoded

mrcfield · 2011-12-22T07:04:35.000Z

Any further update on this? Still seems broken!

paulousky · 2011-12-22T09:15:37.000Z

It seems all Windows Phone applications (except native Twitter app) that use Hammock library experience that issue (my PhotoTweet also).
If I debug authorization process, it works well but if I run the code without debugging - it does not work

Dear twitter devs, could you look into that issue ASAP? A lot of our users can’t authenticate and use our applications because of that issue

UPD1:
I don’t think it’s an issue of Hammock library. Seesmic, TweetCaster, WindowsPhone news etc experience the same issue

Upd2: 90% of WinPhone twitter clients use Hammock. Something wrong with that lib
Will ask Hammock Devs

mrcfield · 2011-12-22T07:14:27.000Z

That’s also my experience as well, stepping through the code more often than not seems to work, but running it doesn’t. HAS to be some kind of timing issue.

(and yeah, my app uses Hammock too)

khamitimur · 2011-12-22T07:25:29.000Z

same issue. but it’s seems to work after several times auth page been refreshed.

also using hammock.