Twitter OAuth Verifier does not always work


#1

I’m using Abraham Williams’ Twitter OAuth class and it seems to work about 20% of the time and the rest of the time I get the following message:

“Invalid oauth_verifier parameter”

The snippet of code where this is happening is:

        $access_token = new TwitterOAuth( $client_id, $client_secret, $_SESSION['request_token'], $_SESSION['request_token_secret'] );

    $access_token = $access_token->getAccessToken( $_GET['oauth_verifier'] );

    if ( ! isset( $access_token['user_id'] ) ) {
        $connection = new TwitterOAuth( $client_id, $client_secret, $access_token['oauth_token'], $access_token['oauth_token_secret'] );
        $params = array(
            'include_entities' => 'false',
        );

        $user_data = $connection->get( 'account/verify_credentials' );
    } else {
        $user_data = new stdclass;
        $user_data->id = $access_token['user_id'];
        $user_data->screen_name = $access_token['screen_name'];
        $user_data->name = $access_token['screen_name'];
    }

Has anyone else run into this issue and is there a fix?


#2

Can you verify that oauth_verifier is a reasonable value when you get the errors and that the value has changed from previous times when I succeeded.


#3

$_REQUEST[‘oauth_verifier’] is coming back:

361A4IV2Il9X3WzFTnBvE3vYzU8gpXAI

What’s coming back after $access_token = $connection->getAccessToken( $_REQUEST[‘oauth_verifier’] ); is

array(1) {
  ["Invalid request token"]=>
  string(0) ""
}

The strange thing is that this works about sometimes (about 20% of the time). I refreshed and got the following message:

string(14) "oauth_verifier"
string(32) "IkSFDCnQKlKnXSfsIX8FV7qPc4SaX9bK"
string(14) "getAccessToken"
array(8) {
  ["
  string(157) ""1.0" encoding="UTF-8"?>

  Invalid oauth_verifier parameter
  /oauth/access_token?oauth_consumer_key=fzdqYTls482viRrv6IIJ536Nd"
  ["amp;oauth_nonce"]=>
  string(32) "b6bc801747aaa35d918135bea6347f53"
  ["amp;oauth_signature"]=>
  string(28) "oKiGhUgYnHW6soV92UqMQzvJxjk="
  ["amp;oauth_signature_method"]=>
  string(9) "HMAC-SHA1"
  ["amp;oauth_timestamp"]=>
  string(10) "1422992857"
  ["amp;oauth_token"]=>
  string(32) "v0xMuIpa93ZmKVCoS1kB6TO8VAcb45zh"
  ["amp;oauth_verifier"]=>
  string(32) "IkSFDCnQKlKnXSfsIX8FV7qPc4SaX9bK"
  ["amp;oauth_version"]=>
  string(22) "1.0

"
}
string(26) "account/verify_credentials"
object(stdClass)#251 (1) {
  ["errors"]=>
  array(1) {
    [0]=>
    object(stdClass)#247 (2) {
      ["message"]=>
      string(53) "Your credentials do not allow access to this resource"
      ["code"]=>
      int(220)
    }
  }
}

#4

I switched some of the code around to hit a loop if it doesn’t receive what it needs the first time, but it still seems to fail intermittently (though not as much as before).

private function fetch_twitter_user_data( $client_id, $client_secret ) {
	static $tried = 0;
	
	// We need to store this in a session for now
	if ( ! session_id() ) {
		session_start();
	}
	
	if ( ! isset( $_SESSION['request_token'] ) || ! isset( $_SESSION['request_token_secret'] ) ) {
		$this->fetch_request_tokens( $client_id, $client_secret );
	}
		
	$access_token = new TwitterOAuth( $client_id, $client_secret, $_SESSION['request_token'], $_SESSION['request_token_secret'] );

	$access_token = $access_token->getAccessToken( $_GET['oauth_verifier'] );
			
	if ( ! isset( $access_token['user_id'] ) ) {
		$connection = new TwitterOAuth( $client_id, $client_secret, $access_token['oauth_token'], $access_token['oauth_token_secret'] );
		
		$params = array(
			'include_entities' => 'false',
		);
	
		$user_data = $connection->get( 'account/verify_credentials' );
	} else {
		$user_data = new stdclass;
		$user_data->id = $access_token['user_id'];
		$user_data->screen_name = $access_token['screen_name'];
		$user_data->name = $access_token['screen_name'];
		$user_data->tried = $tried;
	}
	
	// Try again if we don't have good data
	if ( ! isset( $user_data->id ) && ( $tried < 25 ) ) {
		$user_data = $this->fetch_twitter_user_data( $client_id, $client_secret );
		++$tried;
	}
	
	// if we get here and still don't have an id - something went wrong
	if ( ! isset( $user_data->id ) ) {
		self::debug( $user_data );
		die;
	}
	
	return $user_data;
}

Is there any way around having to recall getAccessToken?


#5

You might try updating to the latest version of TwitterOAuth. I think I remember there being some oddness about parameters getting passed through to requests in the old version.


#6

Thank you for your help. I’ve upgraded the Twitter library and it seems to work a lot better. The only issue I’m running into is that sometimes when logging in I’ll get a blank page (500 internal server error).
Have you ever seen this issue before?

Searching through the logs shows this:

    [17-Feb-2015 21:37:42 UTC] PHP Fatal error:  Uncaught exception 'Abraham\TwitterOAuth\TwitterOAuthException' with message '<?xml version="1.0" encoding="UTF-8"?>
<hash>
  <error>Invalid / expired Token</error>
  <request>/oauth/access_token</request>
</hash>
' in D:\home\site\wwwroot\wp-content\plugins\wds-twitter-login\lib\twitteroauth-0.4.1\src\TwitterOAuth.php:221
Stack trace:
#0 D:\home\site\wwwroot\wp-content\plugins\wds-twitter-login\wds-twitter-login.php(203): Abraham\TwitterOAuth\TwitterOAuth->oauth('oauth/access_to...', Array)
#1 D:\home\site\wwwroot\wp-content\plugins\wds-twitter-login\wds-twitter-login.php(105): WDS_Twitter_Login->fetch_twitter_user_data('fzdqYTls482viRr...', 'Pltb03UavVtTlC2...')
#2 [internal function]: WDS_Twitter_Login->twitter_login('')
#3 D:\home\site\wwwroot\wp-includes\plugin.php(496): call_user_func_array(Array, Array)
#4 D:\home\site\wwwroot\wp-settings.php(353): do_action('init')
#5 D:\home\site\wwwroot\wp-config.php(96): require_once('D:\\home\\site\\ww...')
#6 D:\home\site\wwwroot\wp-load.php(29): require_once('D: in D:\home\site\wwwroot\wp-content\plugins\wds-twitter-login\lib\twitteroauth-0.4.1\src\TwitterOAuth.php on line 221

#7

Might be related to 500 Error: Request Token Failed