Back to OAuth General Discussion YDN SDKs Forum
0

Random 401 errors while getting access token

Since yesterday my users have started complaining about getting errors during the authorization process. (I'm not sure when it started though)
After they try a few times, the problem (sometimes) goes away.

I'm using simpleYQL and here is what I found out:

The error happens when the library tries to get the Access Token
The response statusCode is 401 and the oauth message is either permission_denied of token_rejected

Has anybody experienced something similar ?

by
Report Abuse
16 Replies
  • here are 3 requests generated for the same user within a 2 minute period

    The first 2 fail with 401: token_rejected

    CODE
    https://api.login.yahoo.com/oauth/v2/get_token?oauth_verifier=mycyza&oauth_token=kztbfyh&oauth_consumer_key=dj0yJmk9WjdNaWFKYU5RZTY4JmQ9WVdrOU9HODVNekJSTnpnbWNHbzlNV
    FF5TWpJM016WTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD0xYw--&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1277914483&oauth_nonce=1507247953922097&oauth_version=1.0&oauth_signature=yFgRUGYu%2Btsb1ymUTlwWfVb3hAo%3D


    CODE
    https://api.login.yahoo.com/oauth/v2/get_token?oauth_verifier=mc2cdf&oauth_token=k36rqaf&oauth_consumer_key=dj0yJmk9WjdNaWFKYU5RZTY4JmQ9WVdrOU9HODVNekJSTnpnbWNHbzlNV
    FF5TWpJM016WTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD0xYw--&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1277914502&oauth_nonce=1507266456813617&oauth_version=1.0&oauth_signature=KVvzJ%2BvIRpvlHY5tu%2BKvsSMNTA0%3D



    but the third one succeeded
    CODE
    https://api.login.yahoo.com/oauth/v2/get_token?oauth_verifier=uv4ymz&oauth_token=k3jjbrd&oauth_consumer_key=dj0yJmk9WjdNaWFKYU5RZTY4JmQ9WVdrOU9HODVNekJSTnpnbWNHbzlNV
    FF5TWpJM016WTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD0xYw--&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1277914528&oauth_nonce=1507293404199457&oauth_version=1.0&oauth_signature=ObHFthjdt3nvDwFpM3k0NUy%2Bss8%3D



    Do you have any clue why ?

    Thanks in advance,
    Alain
    Report Abuse
    0
  • Hi, Alain!

    A 401 is really weird. We get the occasional timeout from Y!, but it typically happens during a query's execution (long after the token has been exchanged).

    What sort of environment are you running on? We are running on Google App Engine, if it is of any help.

    Maybe it would also help if you posted a snippet of the client, if possible.

    Best Regards,
    Chester.
    Report Abuse
    0
  • Thx Chester.
    I'm on GAE as well.

    The error is thrown by simpleyql's CallbackServlet right after requesting the exchange

    what kind of client code could help ?
    Report Abuse
    0
  • Here is how I initiate the authorization process
    CODE
    	    	Api api = ApiFactory.getApiInstance(API_KEY, SHARED_SECRET,
    	                "http://app.pickemfirst.com/simpleyqlcallback/",
    	                false, null);	    	
    		try {
    			api.askAuthorization(req, resp, "http://app.pickemfirst.com/"/verifyYahoo");
    		} catch (OAuthException e) {
    				log.severe("OAuth: " + e.getMessage());
    		}


    users are then redirected to Yahoo, then Yahoo redirect to /simpleyqlcallback/
    and randomly the token exchange fails with the 401/token_rejected

    if users retries, then it works (most of the time)

    can I put more logs in the simpleyql source code to debug this issue ?
    I've already been able to print the urls, but it did not give me any clue...
    Report Abuse
    0
  • Hi Alain,

    Going through the logs of our application we've found a few permission_denied and token_rejected errors as well.

    Unfortunatly, I'm not able to reproduce the error and I have no clue about the cause, sorry.

    If you find out anything else let us know!
    Report Abuse
    0
  • QUOTE (Pickemfirst Dev @ Jun 30 2010, 07:18 PM) <{POST_SNAPBACK}>
    can I put more logs in the simpleyql source code to debug this issue ?
    I've already been able to print the urls, but it did not give me any clue...


    Sure, you can do pretty much anything you want, the license is very permissive.
    Report Abuse
    0
  • QUOTE (Bani @ Jun 30 2010, 07:36 PM) <{POST_SNAPBACK}>
    Going through the logs of our application we've found a few permission_denied and token_rejected errors as well.


    Thanks Bani,
    according to your logs, are these errors more frequent this week than before ?

    On my site, it seems that they happen 50% of time since yesterday, and nobody complained before.
    is this a coincidence ?
    Report Abuse
    0
  • Not really. We only had it twice, from the same user, this month.

    But in our logs I don't see any successful request from the same id after the permission_denied errors, so I think the user may have really revoked our access or something like that.
    Report Abuse
    0
  • QUOTE (Bani @ Jun 30 2010, 07:54 PM) <{POST_SNAPBACK}>
    so I think the user may have really revoked our access or something like that.


    This cannot be the case for my app.
    All my users are first time users who have just granted us authorization.

    let's see if other developers report similar errors with different oauth libraries...

    or maybe someone from Yahoo will have a suggestion...
    Report Abuse
    0
  • I decided to implement a fail over mechanism:
    if I receive a token_rejected message while requesting the access token, then I wait 200ms and request the access toke one more time

    here is the first request that fails:
    CODE
    https://api.login.yahoo.com/oauth/v2/get_token?oauth_verifier=uudcnt&oauth_token=k873zh8&oauth_consumer_key=dj0yJmk9WjdNaWFKYU5RZTY4JmQ9WVdrOU9HODVNekJSTnpnbWNHbzlNV
    FF5TWpJM016WTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD0xYw--&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1278092984&oauth_nonce=1685748700777562&oauth_version=1.0&oauth_signature=41NkfUPIbDXiZr35HtpS4UGJfhw%3D


    and the second one (200ms later) that succeeds:
    CODE
    https://api.login.yahoo.com/oauth/v2/get_token?oauth_verifier=uudcnt&oauth_token=k873zh8&oauth_consumer_key=dj0yJmk9WjdNaWFKYU5RZTY4JmQ9WVdrOU9HODVNekJSTnpnbWNHbzlNV
    FF5TWpJM016WTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD0xYw--&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1278092984&oauth_nonce=1685749053033057&oauth_version=1.0&oauth_signature=PLYd%2BkntLtJvo%2BI%2Bmhd2si4rQiU%3D


    Is this enough to conclude that there's a bug on the Yahoo side ?
    Report Abuse
    0
  • Hi all,

    There is some user data duplication delay when your site, our
    OAuth server and end users are geographically dispersed and that
    delay causes the token not recognized and hence the "token_rejected"
    error. We are working on some fix to mitigate the problem.

    As a workaround for the time being, we suggest you insert a few
    seconds' delay after you get the authorized request token but before
    you use it to get the access token or just repeat the call after
    the first call gets "token_rejected" error and wait a few seconds.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    Report Abuse
    0
  • Thanks Yu for confirming that I was not imagining things!

    The strategy to repeat the call 200ms later has been working great for me in the past 24 hours.
    Report Abuse
    0
  • Hello, everyone.

    Alain has kindly submitted a patch to simpleyql to circumvent this issue on the post-authorization phase (by adding a small delay after a failure and retrying a few times before giving up), and it was included in simpleyql's newest version (0.9.3).

    Thank you, Alain!

    Best regards,
    Chester.
    Report Abuse
    0
  • (you can download and get info about simpleyql at http://simpleyql.sourceforge.net/ )
    Report Abuse
    0
    • Aug 31, 2011
    Hello, there!

    My name is Paulo and I'm worried about using Y! OAuth in my website. I'm still in development, and I'm having the same problems described by this post's creator.
    The thing is: you reply is from July 2010, and it still seems to persist. Sometimes I manage to get logged, sometimes, don't.
    Do you think I'm missing something?
    I'm from Brazil.

    Thanks!

    QUOTE(omiga @ 2 Jul 2010 3:25 PM)
    Hi all,

    There is some user data duplication delay when your site, our
    OAuth server and end users are geographically dispersed and that
    delay causes the token not recognized and hence the "token_rejected"
    error. We are working on some fix to mitigate the problem.

    As a workaround for the time being, we suggest you insert a few
    seconds' delay after you get the authorized request token but before
    you use it to get the access token or just repeat the call after
    the first call gets "token_rejected" error and wait a few seconds.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    Report Abuse
    0

  • Event and repeat with me this error Please help and thank you Egyptian

    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs