Unable to retrieve access token



Hey guys,

I’m unable to retrieve an access token after the flow returns to my callback URL.

Also, the redirect appears to be broken in Chrome since you guys are using semicolon instead of commas.

It doesn’t matter which application (new or old) or how I create the credentials (Fabric or apps.twitter.com), it does not work.

Here is the response I receive:

"response": {
"statusCode": 401,
"body": "This feature is temporarily unavailable",
"headers": {
"cache-control": "no-cache, no-store, must-revalidate, pre-check=0, post-check=0",
"connection": "close",
"content-length": "39",
"content-security-policy": "default-src 'none'; connect-src 'self'; font-src https://abs.twimg.com https://abs-0.twimg.com data:; frame-src 'self' twitter:; img-src https://abs.twimg.com https://*.twimg.com https://pbs.twimg.com data:; media-src 'none'; object-src 'none'; script-src https://abs.twimg.com https://abs-0.twimg.com https://twitter.com https://mobile.twitter.com; style-src https://abs.twimg.com https://abs-0.twimg.com; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVWG6Z3JNY%3D%3D%3D%3D%3D%3D&ro=false;",
"content-type": "text/html;charset=utf-8",
"date": "Tue, 07 Feb 2017 13:05:13 GMT",
"expires": "Tue, 31 Mar 1981 05:00:00 GMT",
"last-modified": "Tue, 07 Feb 2017 13:05:13 GMT",
"ml": "A",
"pragma": "no-cache",
"server": "tsa_b",
"set-cookie": [
"Domain=.twitter.com; Path=/; Expires=Thu, 07-Feb-2019 13:05:13 UTC"
"status": "401 Unauthorized",
"strict-transport-security": "max-age=631138519",
"www-authenticate": "OAuth realm=\"https://api.twitter.com\"",
"x-connection-hash": "6f4c47bb53540488bc37dbef143eb0c3",
"x-content-type-options": "nosniff",
"x-frame-options": "SAMEORIGIN",
"x-response-time": "34",
"x-transaction": "00accc0700f036af",
"x-twitter-response-tags": "BouncerCompliant",
"x-ua-compatible": "IE=edge,chrome=1",
"x-xss-protection": "1; mode=block"
"request": {
"uri": {
"protocol": "https:",
"slashes": true,
"auth": null,
"host": "api.twitter.com",
"port": 443,
"hostname": "api.twitter.com",
"hash": null,
"search": null,
"query": null,
"pathname": "/oauth/access_token",
"path": "/oauth/access_token",
"href": "https://api.twitter.com/oauth/access_token"
"method": "POST"


Can you share a code snippet to demonstrate the issue? Are you using one of the known third party Twitter libraries?


I’ve tried a few different libraries (noauth, node-oauth, passport/passport-twitter) but went as far as using the node request library and passing oauth params to it to avoid any bugs.

Mind you, I’ve implemented a few integrations and this is the first time I’ve experienced this error.

It successfully retrieves the request token, I’m able to authenticate and it then redirects to my callback (sometimes requires a refresh due to that semicolon vs comma issue) then I’m presented with that error.

Here’s my snippet using passport-twitter:

var passport = require('passport')
TwitterStrategy = require('passport-twitter').Strategy;

passport.use(new TwitterStrategy({
    consumerKey: process.env.TWITTER_KEY,
    consumerSecret: process.env.TWITTER_SECRET,
    callbackURL: ""
  function(token, tokenSecret, profile, cb) {
      return cb(null, { token: token, tokenSecret: tokenSecret, profile: profile });

passport.serializeUser(function(user, cb) {
  cb(null, user);

passport.deserializeUser(function(obj, cb) {
    cb(null, obj);

router.get('/tw_auth', passport.authenticate('twitter'));

router.get('/tw_auth_callback', passport.authenticate('twitter', { failureRedirect: null }),
  function(req, res) {
   // Returns "This feature is temporarily unavailable"


@andypiper Any luck here?

I’ve had no success.


To update:

The exact same code works on mobile Chrome on Android but does not work on Chrome desktop (Windows).

I’m not sure what the difference is between the two pages but I hope the info helps!


Did you even find out what was going on by any chance?


Is there any solution or update on this? I’ve started to take the exact same error in last few weeks. I had this integration working for 2-3 years.


Can you be more specific about what you’re trying to do, the code you’re using, and what is failing?