We've begun receiving 401s during the 1.0 OAuth flow


#1

Hello. As of today we began receiving 401s for both our product and development applications. The application code has remained relatively unchanged for some time now so we’re concerned that the issue is on the Twitter side of things.

Can you assist? Below I’ve included the relevant HTTP requests/responses.

Thanks!
Darren

GET /oauth/request_token?oauth_consumer_key=OCK&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1365098454&oauth_nonce=7170606765253016&oauth_version=1.0&oauth_signature=ZBEE0hDtllqHlWxpho7jBdJn0mY%3D HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: api.twitter.com
Cookie: $Version=0; k=10.40.17.124.1365097763166946; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJZwKtY9ASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTkz%250AN2Y3ZDNmNjZjYmRjZjI2YmUyNWFjOGYwYjRiMjc3–83976c473a885783ee2fa5ac7982ef5322c8c2bb; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; guest_id=v1%3A136509776305849994; $Path=/; $Domain=.twitter.com

HTTP/1.1 200 OK
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 147
content-type: text/html; charset=utf-8
date: Thu, 04 Apr 2013 18:00:54 GMT
etag: "1903d30c449aa942cc264a46ad099298"
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Thu, 04 Apr 2013 18:00:54 GMT
pragma: no-cache
server: tfe
set-cookie: _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJZwKtY9AToHaWQiJTkz%250AN2Y3ZDNmNjZjYmRjZjI2YmUyNWFjOGYwYjRiMjc3–09326408a927d60b057b01f3fed7d0e730c8d6a9; domain=.twitter.com; path=/; HttpOnly
status: 200 OK
strict-transport-security: max-age=631138519
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-mid: 426312eb36c2d7548cd32c949cd229754aded249
x-runtime: 0.02272
x-transaction: ede17dcb8ba42630
x-xss-protection: 1; mode=block

GET /oauth/access_token?oauth_token=3PeniFWMRpkeYiTL4538iDPZe0miSP9kNpgS1LToGI&oauth_consumer_key=OCK&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1365098455&oauth_nonce=7170607798106033&oauth_version=1.0&oauth_signature=hcVN1JmXRL%2BMMarFXFJmQAZoAy0%3D HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: api.twitter.com
Cookie: $Version=0; k=10.40.17.124.1365097763166946; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; guest_id=v1%3A136509776305849994; $Path=/; $Domain=.twitter.com
Cookie: $Version=0; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJZwKtY9AToHaWQiJTkz%250AN2Y3ZDNmNjZjYmRjZjI2YmUyNWFjOGYwYjRiMjc3–09326408a927d60b057b01f3fed7d0e730c8d6a9; $Path=/; $Domain=.twitter.com

HTTP/1.1 401 Unauthorized
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 434
content-type: text/html; charset=utf-8
date: Thu, 04 Apr 2013 18:00:55 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Thu, 04 Apr 2013 18:00:55 GMT
pragma: no-cache
server: tfe
set-cookie: k=10.41.3.127.1365098455245574; path=/; expires=Thu, 11-Apr-13 18:00:55 GMT; domain=.twitter.com
set-cookie: guest_id=v1%3A136509845510848576; Domain=.twitter.com; Path=/; Expires=Sat, 04-Apr-2015 18:00:55 UTC
status: 401 Unauthorized
strict-transport-security: max-age=631138519
vary: Accept-Encoding
www-authenticate: OAuth realm="https://api.twitter.com"
x-frame-options: SAMEORIGIN
x-mid: 49c7394d408ff0fda3b321023eaacbb51be09189
x-transaction: 7097129b9c90566e
x-xss-protection: 1; mode=block


#2

Hi @dbounds,

See [node:16443] for some discussion around this.


#3

Thank you.