I use Fabric to do Twitter single sign on for my app as well as use TweetUI to display a Twitter Timeline elsewhere in my android app.
Last night while I was messing around with some stuff, somehow both stopped working. I am getting the following errors:
1) For my single sign on flow: E/Twitter﹕ Authorization completed with an error
com.twitter.sdk.android.core.TwitterAuthException: Authorize failed.
2) For my Tweet timeline activity: E/Twitter﹕ Failed to get app auth token
com.packagewriters.mypackage E/TweetUi﹕ 403 Forbidden
com.twitter.sdk.android.core.TwitterApiException: 403 Forbidden
--- This one is weird because Timelines use guest authentication only...so even if I messed up my API keys and what not, this should still work?
I triple checked EVERYTHING and reverted all my changes. I pretty much do everything the Fabric docs tell me to do, not to mention it worked for months before tonight. I'm not sure if I somehow accidentally touched something that messed everything up or if Twitter updated/the authentication servers are down/etc...help please?
Thanks!
Ok so for Single Sign On, i finally fixed it. You have to go to your fabric.io dashboard and get your key/secret and HARD CODE it into your activity/fragment where you integrate Twitter Log in.
This is weird bc Fabric is supposed to do it for you and I've never had to hard code it in before to get it to work. Something fishy is going on here... hopefully it will get fixed soon.
Tweet Timeline works now. Had to open up the Fabric plugin, navigate to the Embed Tweets subsection and let a gradle sync run its course...
Related
Since 2AM (ish) this morning, the SSO does no longer work with LinkedIn.
We 100% get the error "the authorization server encountered an unexpected condition".
We did not change our code whatsoever. We tried to switch the LinkedIn developer app to test mode and then back to live mode, but still no luck.
There can be no logs on our end (for the issue is on LinkedIn end), and AFAIK there is no developer log on LinkedIn either (although it could be a pretty useful addition).
Anyone experiencing the same issue? Or anyone have any idea why this could happen all of a sudden?
Thanks!
EDIT: after several attempts (by modifying our OAUTH code in some ways), it always failed. And we decided to create another brand new LinkedIn developer app, and it did work! This is really weird...
I am trying to use the Instagram OAuth using the developer documentation at
https://www.instagram.com/developer/authentication/.
Step 1 and 2 are working without any problems, so I have my Client-ID, the Client-Secret, the Redirect-URI and the code.
But every-time I am trying to get the Acces Token I get the following error:
{
"code": 400,
"error_type": "OAuthException",
"error_message": "Matching code was not found or was already used."
}
Any tips how to solve this?
We are experiencing the same issue. It appears that logging out of Instagram, then attempting to use Instagram OAuth through our site after we are logged out of Instagram is a workaround.
We're experiencing the same issue since yesterday (after months of working fine) - have reported it as an issue yesterday via the 'Report Issue' function on https://www.instagram.com/developer/clients/manage/ and I'd encourage you to do the same.
Yet to hear back, but seems likely it's their end having issues rather than something we're doing.
EDIT: It's also working fine for us on our development servers (which use different IPs for interacting with IG's API) but not working on our production server from any of the IPs we have available on the production server.
EDIT2: (July 2016) Just tested and it's mysteriously started working again on our production servers. No reply to the support ticket from Instagram as yet.
EDIT3: (December 2016) And now it's failing again with the same message... Seems like it's Instagram's end again. Nothing much we can do. Frustrating.
Logging in to Instagram, then complete Step 1 from the API Docs (https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code), then follow the redirect and copying the code from the URL, then logging out of my account, then completing Step 3:
curl -F 'client_id=CLIENT_ID' \
-F 'client_secret=CLIENT_SECRET' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=AUTHORIZATION_REDIRECT_URI' \
-F 'code=CODE' \
https://api.instagram.com/oauth/access_token
That worked for me.
We are also experiencing the same issue from yesterday, looks like clearing browser (or new incognito window) do the trick. Although, the mobile app where we are authenticating through mobile browser, working fine.
Update: Deleted all my browsing history, cleared cache, etc. Like it was a brand new browser and now it works with no issue.
I've been hammering on the auth URL for weeks now. Testing and using the same stored token to re-authorize. Maybe stored tokens have a limit to the number of times they can be re-used?
======
Having the same issue as of today. Authorization was working fine earlier - now I'm getting the same 'Matching code...' response.
Signed in and out of my Instagram account repeatedly, created a new app id and disabled/enabled Implicit Oauth - all with no success.
The 'Authorized Applications' view in my Instagram account reports that my application has indeed been authorized, but I can't make calls to the API. Authenticating through an Incognito window returned a successful response but it's not a solution.
Tried reporting to Instagram through their 'Report Issue' form, but it won't allow me to submit the form.
I got the same error message. After 2 hours trying every workaround, I realized that I was using FB secret code instead of IG. Double check it first before trying any other solutions.
SOLVED! Just log out of Instagram and try again. That worked for me.
I solved this by creating a service on the backend/server side that authorised the user.
My backend API is a ruby on rails app. Here is a code snippet to understand.
def token
#response = Instagram.get_access_token(params[:code], redirect_uri: mobile_token_url)
instagram_user = InstagramUserCreator.new(user_params)
if instagram_user.find_or_create
redirect_to "taddarmobileapp://?token=#{instagram_user.user.token}"
else
redirect_to 'taddarmobileapp://'
end
end
I just store the token on the phone and use it to authorise the user to my backend API.
I am working on a Rails application that uses omniauth facebook and linkedin login. It's been working for months, and today we are suddenly having crazy problems logging in / signing up on production (Heroku). I assumed that the problem was on our end, but we have not pushed new code to production in 4 days.
After hours of trial and error, we realized that about half of the time, we are able to login, maybe another 40% of the time we are redirected to the sign in page from linkedin / facebook, and the rest of the time we get an application error with elastic search that I assume results from the insanely long load time. Additionally, when the app renders the login page, in the logs there are "expired token" type errors, which is weird because sometimes it actually works.
I'm assuming that Facebook and Linkedin are not both broken. Does anyone have any feedback on other points of failure that I might look into.
Well, restarting the dyno seems to have fixed the problem.
I have been using reverse auth in my Twitter app for a year now. This morning my app reverse auth stopped working. After doing some inspecting, I found out that I am receiving an error message that states "Reverse auth credentials are invalid." This is extremely confusing to me, as I have changed nothing. I have emailed Twitter but haven't heard back yet.
Any help would be greatly appreciated!
We just noticed a similar issue in our app. Unfortunately the documentation is no longer accessible.
Changing the HTTP method of the initial https://api.twitter.com/oauth/request_token request from GET to POST fixed it for us.
I am using the ruby twitter gem and oauth to gain access to users twitter accounts. In my code, I have:
unless #user.twitter_authd?
oauth = Twitter::OAuth.new('token', 'secret')
session[:twitter_request_token] = oauth.request_token.token
session[:twitter_request_secret] = oauth.request_token.secret
#twitter_auth_url = oauth.request_token.authorize_url
end
where token and secret have my actual token and secret inserted. When I click on the link to the #twitter_auth_url, I am taken to twitter and asked to grant access. I click allow and then twitter redirects me to my callback URL http://www.mydomain.com/twitter_callback/?oauth_token=fmy2aMvnjVgaFrz37bJ4JuB8r5xN79gsgDQRG4BNY which then hits this code:
oauth = Twitter::OAuth.new('token', 'secret')
logger.info("session[:twitter_request_token] = #{session[:twitter_request_token]}")
logger.info("session[:twitter_request_secret] = #{session[:twitter_request_secret]}")
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
session[:twitter_request_token] = nil
session[:twitter_request_secret] = nil
#user.update_attributes({
:twitter_token => oauth.access_token.token,
:twitter_secret => oauth.access_token.secret,
})
redirect_to root_path
The twitter request token and secret are being set just fine. However I end up with an authorization error:
OAuth::Unauthorized in MainController#twitter_callback
401 Unauthorized
RAILS_ROOT: /Users/TAmoyal/Desktop/RoR_Projects/mls
Application Trace | Framework Trace | Full Trace
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/consumer.rb:167:in `token_request'
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/tokens/request_token.rb:14:in `get_access_token'
/Library/Ruby/Gems/1.8/gems/erwaller-twitter-0.6.13.1/lib/twitter/oauth.rb:29:in `authorize_from_request'
/Users/TAmoyal/Desktop/RoR_Projects/mls/app/controllers/main_controller.rb:70:in `twitter_callback'
The code is failing at this line:
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
when it tries to get an access token. You can see the source code of authorize_from_request here. I am not sure why this is happening. Anyone have ideas?
A bit late to the party but just ran into the same issue myself. I tracked the issue down to the setup of my OAuth app in Twitter. I had initially not specified a callback URL as I was unsure of it.
Once I had setup my rails app I went back to find Twitter had assumed I was a desktop application as I hadn't specified a callback URL. Once I changed this to website and entered a callback URL I stopped getting 400s.
If you're getting error 401 - OAuth::Unauthorized, make sure you edit the settings of your Twitter application as follows:
Application Type: Browser
Callback URL: http://127.0.0.1:3000/auth/twitter/callback
this is an issue about time synchronization of your system with twitter server.
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
Hope this helps
This was one of the most annoying things to debug that I have come across. I was outputting in a couple places by accident because the URL's are dynamic and they happened to not be defined in my test case (i use this to display chart data and there is not enough right now so the google chart api URL's are blank). This caused my browser to make multiple requests to my localhost when some pages were loaded. Somehow that made the oauth process crap out. Obviously there is no way for people on S.O. to know about my application specific issue so I had to answer my own question.
I had this same problem and none of the suggestions in this thread worked for me.
I found the problem for me was the TIMESTAMP on my request. The mobile device I was running my scripts on had a jacked up clock. When I updated the system time on my device to the correct time (i.e. now), all of my requests came back "200 OK" instead of "401 Unauthorized".
This problem seems to be caused by twitter not being able to handle connection keep-alive correctly. Make sure you set connection=close http header in the request to twitter. Wasted a weekend debugging this.
not enough info for me, but when was twitter gem last updated? twitter changed their oauth 'stuff' in mid may approx. perhaps you have an old one. I'd update your question to show the callback_url, and make sure you have the right token and secret, which it looks like you don't have.
also, did you put the right callback url in your twitter app page? alot of times that screws you up too.
if that fails use mbleighs twitter_auth instead. it worked for me and is pretty slick.