Unexpected 401 error code from verify_credentials

android
oauth

#1

Android Twitter SDK version: com.twitter.sdk.android:twitter:1.12.1@aar

I use the following request code to authorize the user’s Twitter account with my application:

new TwitterAuthClient().authorize(this, new Callback<TwitterSession>() {
                @Override
                public void success(final Result<TwitterSession> result) {
                    TwitterAuthToken authToken = result.data.getAuthToken();
                    logInWithTwitter(String.valueOf(result.data.getUserId()), authToken.token, authToken.secret);
                }

                @Override
                public void failure(TwitterException exception) {
                    // This exception has already been logged. Authorization most likely failed due to the user canceling the request.
                    mProgressDialog.hide();
                }
            });

This request is successful when the user selects the “Authorize” button in the Twitter Activity, upon which I send the result TwitterSession's credentials (userId, authToken, and authTokenSecret) to my server to attempt to log in the user to my app. The userId is what I expected and both the authToken and authTokenSecret are non-null/non-empty.

However, the credentials verification request https://api.twitter.com/1.1/account/verify_credentials unexpectedly fails when using the above credentials. I tested this via the OAuth Tool and, sure enough, I received the same error - 401 Unauthorized; invalid Twitter credentials.

  • My app’s consumerKey and consumerSecret match the values listed at https://apps.twitter.com/.
  • A callback URL is supplied at https://apps.twitter.com/.
  • I tested the authorization flow using the iOS TwitterKit SDK by calling the [[Twitter sharedInstance] logInWithCompletion:^(TWTRSession *session, NSError *error) method, and I was able to successfully verify the credentials returned in the TWTRSession object. Note that the authToken and authTokenSecret were different than what was returned in the Android SDK for the same userId.

Is anyone aware of what may be the issue here?


#2

This has been solved. The problem was that my app’s third-party config file was referencing the incorrect environment.


#3