Seldom "Invalid / expired Token" errors


#1

Sometimes, making requests to get access token, we receive error like that:

<?xml version="1.0" encoding="UTF-8"?>\n\n Invalid / expired Token\n /oauth/access_token?oauth_nonce=108869164997501611811419506926&oauth_timestamp=1419506926&oauth_version=1.0&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=###&oauth_token=###l&oauth_verifier=###&oauth_signature=WFagplTEbq%2BLC6ElAG43uYiCjN4%3D\n\n

Some facts:

  • We are not doing second request to the same method etc, all the data passed is correct. I doublechecked it. Other facts (bellow) show, that our codebase works fine, should not be the reason.
  • Only about 1.5% of requests has this error, other requests are doing well.
  • The problem appears only for one our twitter application, and almost never for another application with much higher request rate.
  • Whole process, from getting request token to the /oauth/access_token request usually takes 5-20 seconds. So, tokens should not be expired.
  • Our servers synchronize time via NTP, so invalid timestamp should not be the reason.
  • I failed to reproduce the problem with my test account.

Looks like the same problem described here: Getting 401 errors rarely (Failed to exchange tokens) on POST oauth/access_token but with another error code.
In other words, I don’t know what else to do.


#2

I couldn’t get an answer to my question(Getting 401 errors rarely (Failed to exchange tokens) on POST oauth/access_token)

I suspect this error can be because of user’s cookie removal. Sometimes users doesn’t provide cookies. So if you store session data in cookies you can’t get auth tokens which are saved before auth redirect.