"The request token for this page is invalid." for only one of my apps


#1

This morning we noticed a strange problem with our Twitter oauth. For some reason, when users click login with twitter, they get redirected to a page that says:

“Whoa there!
The request token for this page is invalid. It may have already been used, or expired because it is too old. Please go back to the site or application that sent you here and try again; it was probably just a mistake.”

Also, in the background Twitter seems to be making the correct callback to our app and therefore logs people in. This is strange behavior because if the request token is in fact wrong, you would not expect Twitter to make the callback that we specify.

We have production, staging, and development apps and this problem only seems to be happening with our production app. All three use the same codebase and generate the oauth requests in the same manner, and also have very similar settings (exactly the same except for the domains).

For more context we are using Rails and the omniauth-twitter gem. https://github.com/arunagw/omniauth-twitter

Has anybody else experienced a problem like this?

Thank you.


#2

What are the specific paths being executed?

When the user arrives at the oauth/authorize or oauth/authenticate page (you didn’t mention which), what’s the value of the oauth_token parameter you sent them there with? Are you checking that a value exists before sending the user there?