OAuthException: Invalid response from twitter #48

zgoda opened this Issue Apr 29, 2013 · 8 comments


None yet

7 participants

zgoda commented Apr 29, 2013

All of sudden few days ago i started getting this 401 error from Twitter

Invalid / expired Token /oauth/access_token? oauth_body_hash=2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D& oauth_nonce=83326691& oauth_timestamp=1367230563& oauth_verifier=vdgjgMIs5rMchCIfc1DoBW3pAzjZ1jNyE9S4E8dt8wM& oauth_consumer_key=mykey& oauth_signature_method=HMAC-SHA1& oauth_version=1.0& oauth_token=BAAGpaUmBnx8BALTfdsn4IfUhDZBC7WE1njAd7PlHYOx6opk1Bc0HFmsNelvjAg0uqTqF1CRimFehDUwRHh8bVgNidsWZBxMDqACDySq9qKzNL1Tu6YwFsXplednMog95bZAODVkKD0ZBjZAW7DDaiB8vRnepdm9zZAYNYFeAVd4R5FZCL4KSf7MJty52cyaUgZCDMsrnY29XQj7gdpYovHRYyiXpnnaxqrcZD& oauth_signature=zAx2PUP5xy0G5U5OxbAFx7Pvy1I%3D

This seems similar to https://dev.twitter.com/discussions/16443 but I'm calling authorize() with callback and oauth_verifier param is passed.


I was having similar issue, found explicitly clearing out the oauth tokens in the session between authentication requests solved my issue. Did not find similar issue in facebook, which is why it was slightly confusing.


Hey @lucasvickers, how exactly did you clear out the oauth tokens in between requests? I've been running into similar issues.


Sorry for missing this update,

I used the code

if session.has_key('twitter_oauth_tokens'):
    del session['twitter_oauth_tokens']

where my oauth getter/setter references that key

def get_twitter_oauth_token():
    return session.get('twitter_oauth_tokens')
yannk commented Sep 3, 2013

fwiw, I'm seeing the same issue (with some automatic pingdom authentication to our app), I have yet to see the content of the exception (but I trapped it as I relate in #12). I'm not sure what @lucasvickers refers to, it seems that these session keys are specific to his app (flask_auth session data seems to be of the shape: self.name + '_oauthtok')

rajbala commented Sep 4, 2013

I too am seeing this error if the user visits this route when they have already authenticated with twitter:

def login():
"""Calling into authorize will cause the OpenID auth machinery to kick
in. When all worked out as expected, the remote application will
redirect back to the callback URL provided.

return twitter.authorize(callback=url_for('oauth_authorized',
next=request.args.get('next') or request.referrer or None))

I think I've worked around it by just checking for the existence of a token in the session and redirecting to an authenticated view.

yannk commented Sep 4, 2013

I got one instance of this exception last night. The message (data) was: "Failed to exchange tokens"
Probably some lag on twitter side.

burnash commented Oct 6, 2013

Just got the same issue with the callback failing with Invalid / expired Token. Resolved it with @lucasvickers advice by clearing explicitly the token in the session. Flask-OAuth==0.12

rocapp commented Jul 23, 2015

^^Thanks buds!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment