Twitter OAuth : Invalid or expired token [its NOT duplicate]

Asked 14/6, 2015 at 7:11 Answered 7/7, 2017 at 13:6

Before anyone goes in a hurry and mark this question as Duplicate, let me tell you that ITS NOT DUPLICATE

I have already checked similar question like this, this, this and this, but those are all 2 years old and the library has been changed too much since then so those answers are not useful.

So here's the question. I'm using abraham's libraray which can be found here. Below is the code that I'm using:

if(!empty($_GET['oauth_verifier']) && !empty($_SESSION['oauth_token']) && !empty($_SESSION['oauth_token_secret']))
{
    $connection = new TwitterOAuth('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET', $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);

    $access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));
    $_SESSION['access_token'] = $access_token;

    $user_info = $connection->get("account/verify_credentials");
    print_r($user_info);
}

From the print_r which I did above, I get the result as follows:

stdClass Object ( [errors] => Array ( [0] => stdClass Object ( [code] => 89 [message] => Invalid or expired token. ) ) )

Due to this invalid/expired token I'm not able to get ahead in my work. So I went 1 step back and did:

var_dump($access_token);

The result obtained is:

array(5) { 
   ["oauth_token"]=> string(50) "*********" 
   ["oauth_token_secret"]=> string(45) "*********" 
   ["user_id"]=> string(10) "***My user id****" 
   ["screen_name"]=> string(9) "***My screen name****" 
   ["x_auth_expires"]=> string(1) "0" 
}

Here you see that the last element is ["x_auth_expires"] whose value is 0. I think this element did not appear in the older version of the library. And I suppose this is the thing which is causing the problem.

I tried re-generating my Customer_Key and Customer_Secret, but even that didn't seem to help.

Any kind of help will be appreciated. Thank you.

Bialystok answered 14/6, 2015 at 7:11 Comment(0)

Finally, I found a solution.

All you need to do is, once you get the callback, initialize the class again with new access token.

$connection = new TwitterOAuth('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET', $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);

$access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));

$connection = new TwitterOAuth('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET', $access_token['oauth_token'], $access_token['oauth_token_secret']);

I don't know why that works, but it does work like a charm. Found this solution from here.

Bialystok answered 14/6, 2015 at 7:47 Comment(2)

Makes sense. If you don't renew the class it's trying to perform the 2nd API call using the initial temporary credentials which are no longer valid. By recreating the instance with the new long lived credentials, you're good to go. – Pym 1/9, 2015 at 20:18

The solution works with requests-oauthlib and Python. I make some changes based on requests-oauthlib syntax. – Rewrite 24/7, 2019 at 12:27

I have use this in CI callback function

if($this->input->get('denied') != ''){
   /* Remove all token from session  */
   $this->connection = NULL;
   $this->connection = $this->twitteroauth->create($this->config->item('twitter_consumer_token'), $this->config->item('twitter_consumer_secret'));
   $this->session->set_flashdata('account_block_error_msg',"Access denied");
   redirect(base_url('/Sign-in'));
}

Epigrammatize answered 7/7, 2017 at 13:6 Comment(0)

Recommended topics

Hot tags