401 Unauthorized

[deepakmani]

Hi,

I have a twitter app using your gem.

I use heroku to host and was able to signin until last week. This week, I receive an error both locally and in production stating

401 Unauthorized

I did not change anything and have tried to play with the callback url by leaving it empty and with an address to no avail.

Can you please advise on what could be the issue.

Deepak

[guilhermesimoes]

Check your API key and API secret.

[deepakmani]

Thanks for the comment.

I thought about that and registered a newTwitter app, but that did not solve the issue.

[alexisbernard]

Hi,

I have the same issue. It works perfectly for the happy path. But when I click on "Cancel" from https://api.twitter.com/oauth/authenticate I got the following error:

Started GET "/auth/twitter/callback?denied=yXRy4fR33GnvyCK5nJZh6WOfsmCQFmLKEhNlQROKlQ" for 127.0.0.1 at 2014-04-28 14:07:10 +0200
I, [2014-04-28T14:07:10.760528 #23577]  INFO -- omniauth: (twitter) Callback phase initiated.
E, [2014-04-28T14:07:11.518661 #23577] ERROR -- omniauth: (twitter) Authentication failure! invalid_credentials: OAuth::Unauthorized, 401 Unauthorized

OAuth::Unauthorized (401 Unauthorized):
  oauth (0.4.7) lib/oauth/consumer.rb:216:in `token_request'
  oauth (0.4.7) lib/oauth/tokens/request_token.rb:18:in `get_access_token'
  omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:57:in `callback_phase'
  omniauth (1.2.1) lib/omniauth/strategy.rb:227:in `callback_call'
  omniauth (1.2.1) lib/omniauth/strategy.rb:184:in `call!'
  omniauth (1.2.1) lib/omniauth/strategy.rb:164:in `call'
  omniauth (1.2.1) lib/omniauth/builder.rb:59:in `call'
  rack (1.5.2) lib/rack/etag.rb:23:in `call'
  ...

I tried to define the route /auth/failure, but it seems to happen before the redirect. I have no idea if that comes from omniauth-twitter, omniauth or oauth gems.

I am using omniauth-twitter 1.0.1.

[guilhermesimoes]

Interesting. There was a bug in the omniauth-oauth2 gem where every single client error was being raised as invalid_credentials. It seems to like the omniauth-oauth gem suffers from the same bug.

I don't think you need to define the route /auth/failure but make sure you define the failure action in your callbacks controller. In that action, add the following:

puts env['omniauth.error'].inspect

What is the output? It should reveal the real error.

[alexisbernard]

I finally found the reason: https://github.com/intridea/omniauth/wiki/FAQ#omniauthfailureendpoint-does-not-redirect-in-development-mode

That is a strange default behavior.

[guilhermesimoes]

Ah yes, that's another issue altogether. Check out issue https://github.com/intridea/omniauth/issues/626#issuecomment-29770417

[raysrashmi]

Is this still an issue for you ? @deepakmani

[deepakmani]

Yes, I couldn't find a solution. I decided to go for another gem due to reqs.

On Sunday, October 5, 2014, Rashmi Yadav notifications@github.com wrote:

Is this still an issue for you ? @deepakmani https://github.com/deepakmani

— Reply to this email directly or view it on GitHub https://github.com/arunagw/omniauth-twitter/issues/74#issuecomment-57945140 .

[rodrigoargumedo]

I get the same issue when before signing into twitter but I'm not sure why it is getting this error.

[rodrigoargumedo]

Oh, never mind. Had to add my keys for my repo.

[rodrigoargumedo]

If anyone who encounter this problem before, my possible solution to this problem would be this:

a) Add your keys into secrets.yml file (make sure you're not sharing this file)

twitter_consumer_key: [insert consumer key here]
twitter_consumer_secret: [insert consumer secret here]

b) Add this onto your omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
 provider :twitter, Rails.application.secrets.twitter_consumer_key, Rails.application.secrets.twitter_consumer_secret
end

c) Profit.

That worked for me. Just for my two cents shot.

[Aleksandaar]

This error can also happen if you don't specify a callback URL in twitter settings. For example: http://localhost.net:3000/oauth2/callback/ where 'localhost.net' is my 0.0.0.0 address set up in the hosts

[jiggneshhgohel]

This can also happen if you use oauth dynamic setup and you pass a custom callback url but in twitter app settings you checked the option Enable Callback Locking. It happened with me and unchecking the option Enable Callback Locking and saving the updated settings the auth started working.