Scripts return 401 error randomly

What's the access-level of the token you are using? If it is lower than "read anything" a possible reason for this might be that you try to access private data, for example trying to get information of a private bugreport (this is why I get such 401 sometimes while accessing random bugreports)

The access-level is on the token is read/write anything.

It would be good if you could run this code:

import httplib2
httplib2.debuglevel = 1

That will print out the HTTP requests and responses as they're made. When you get a 401, paste the request and response that caused the 401 into this bug.

Here we go. Full output is attached as well.

send: 'GET /beta/bugs/204137 HTTP/1.1\r\nHost: api.edge.launchpad.net:443\r\nAccept-Encoding: identity\r\nAuthorization: OAuth realm="https://api.launchpad.net", oauth_nonce="22198296", oauth_timestamp="1232653826", oauth_consumer_key="arsenal", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_token="49Zgw3dDWfGK2lp6fBjX", oauth_signature="&NV8cRVkJpK6LLRVzJBRwJskqqlqW85T9lmjpBPK6pnxwL6jmcd8Dxsnd5sHC1tXfw9FFHQCSb9WScNJm"\r\nif-none-match: "fccbde03cd81dc6492f3906181061f8ab642edc1"\r\nte: deflate, gzip\r\naccept: application/json\r\nuser-agent: Python-httplib2/$Rev: 259 $\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'

OK, for future reference here's the request that failed.

---
GET /beta/bugs/204137 HTTP/1.1
Host: api.edge.launchpad.net:443
Accept-Encoding: identity
Authorization: OAuth realm="https://api.launchpad.net", oauth_nonce="22198296",oauth_timestamp="1232653826", oauth_consumer_key="arsenal", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_token="xxx", oauth_signature="&NV8cRVkJpK6LLRVzJBRwJskqqlqW85T9lmjpBPK6pnxwL6jmcd8Dxsnd5sHC1tXfw9FFHQCSb9WScNJm"
if-none-match: "fccbde03cd81dc6492f3906181061f8ab642edc1"
te: deflate, gzip
accept: application/json
user-agent: Python-httplib2/$Rev: 259 $

reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Date: Thu, 22 Jan 2009 19:50:27 GMT
header: Server: zope.server.http (HTTP)
header: X-Powered-By: Zope (www.zope.org), Python (www.python.org)
header: X-Lazr-Oopsid: OOPS-1118ED241
header: Content-Type: text/plain
header: Content-Length: 58
---

The missing piece of the puzzle is the error message, those 58 bytes in the body of the 401 response. Can I ask you to run your code in a try/catch clause like this:

try:
   ... do whatever
except HTTPError, e:
   print e.content

Let's see what the server says about the request. Then I think salgado might have a clue what's going on, or it might be obvious.

I don't know the access level of that OAUTh token, but I strongly suggest that you revoke it.

Since this is a public bug and we use PLAINTEXT signature (since calls are over HTTPS), it's possible for other to reuse that token as is.

Okay, token is revoked.

(Fwiw, it's a bit challenging to find the +oauth-tokens page, but I see there's already a bug report on that.)

The fix for this has been rolled-out to staging and edge. Can you confirm that it is not happening anymore?

I think I've just seen this bug again,

********** HTTPError **********
{'status': '401', 'x-lazr-oopsid': 'OOPS-1157EB108', 'via': '1.1 wildcard.edge.launchpad.net', 'x-powered-by': 'Zope (www.zope.org), Python (www.python.org)', 'content-length': '58', 'server': 'zope.server.http (HTTP)', 'date': 'Mon, 02 Mar 2009 18:03:21 GMT', 'content-type': 'text/plain'}
Invalid nonce/timestamp: This nonce has been used already.
******************************
Exception in thread Thread-3:
Traceback (most recent call last):
  File "/usr/lib/python2.5/threading.py", line 486, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.5/threading.py", line 446, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/media/disk-1/leonov_reloaded/trunk/lib/python2.5/site-packages/leonov_reloaded-0.0.0-py2.5.egg/leonovlib/progressqueue.py", line 51, in _loop
    self._task_worker(genexp, r_callback, e_callback)
  File "/media/disk-1/leonov_reloaded/trunk/leonovui/gtk/progress.py", line 18, in _task_worker
    super(gtkQueue, self)._task_worker(task, r_callback, e_callback)
  File "/media/disk-1/leonov_reloaded/trunk/lib/python2.5/site-packages/leonov_reloaded-0.0.0-py2.5.egg/leonovlib/progressqueue.py", line 63, in _task_worker
    result = task.next()
  File "/media/disk-1/leonov_reloaded/trunk/lib/python2.5/site-packages/leonov_reloaded-0.0.0-py2.5.egg/leonovui/abstract/userview.py", line 43, in find_packages
    sources = archive.getPublishedSources()
  File "/media/disk-1/lp_api/launnchpadlib/trunk/launchpadlib/resource.py", line 349, in __call__
    url, in_representation, http_method, extra_headers=extra_headers)
  File "/media/disk-1/lp_api/launnchpadlib/trunk/launchpadlib/_browser.py", line 212, in _request
    raise HTTPError(response, content)
HTTPError: HTTP Error 401: Unauthorized

On Mon, Mar 02, 2009 at 04:59:51PM -0000, Francis J. Lacoste wrote:
> The fix for this has been rolled-out to staging and edge. Can you
> confirm that it is not happening anymore?

Seems to work fine for me. I used to get this error in about every
second script run, but now the script has run about 100 times without
getting an Unauthorized error.

Markus,

So this is something happening in the new code. But the source of the error is now different. It seems that you are making two requests with the same Nonce/Timestamp, this is an actual violation of the spec. (The previous error was that a nonce was reused with a different timestamp - which is now allowed)

So either you are very (un)lucky or there is something fishy going on. I see from your stack trace that you are running in a multi-thread environment. Could you try setting httplib2.debuglevel to 1 and see what and how requests are made when this is happening.

Is it happening as often as previously?

Thanks for your information.

As you can see in the attached log, it took me 108 request to reproduce this error. The relevant error is the HTTPError with the 401 status and 'x-lazr-oopsid': 'OOPS-1157EB154', I will report another bug for the 404 I get when I try to get the mugshot of a user who uses the default one.

(Side Note: yes I'm running this code in a multithreaded environment, but all launchpadlib related things *should* be excecuted in one thread, because I'm not sure how threadsafe launchpadlib/httplib2/... is)

I Think this is the relevant part:

send: 'GET /beta/~dholbach HTTP/1.1\r\nHost: api.edge.launchpad.net:443\r\nAccept-Encoding: identity\r\nAuthorization: OAuth realm="https://api.launchpad.net", oauth_nonce="42765000", oauth_timestamp="1236029288", oauth_consumer_key="just testing", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_token="XXXXXXXXXXXXXXXXXXXX", oauth_signature="&YYYYY"\r\nif-none-match: "18ccbcd26d4e61b6042fc8feb00354707f6d25d3"\r\nte: deflate, gzip\r\naccept: application/json\r\nuser-agent: Python-httplib2/$Rev: 259 $\r\n\r\n'
reply: 'HTTP/1.1 200 Ok\r\n'
header: Date: Mon, 02 Mar 2009 21:28:09 GMT

header: Server: zope.server.http (HTTP)

header: X-Powered-By: Zope (www.zope.org), Python (www.python.org)

header: Content-Type: application/json

header: Content-Length: 2683

header: Etag: "deeb9afb4132b34a911c54a536a326a31773cb9e"

header: Vary: Cookie,Authorization,Accept

header: Via: 1.1 wildcard.edge.launchpad.net

send: 'GET /beta/people/+me HTTP/1.1\r\nHost: api.edge.launchpad.net:443\r\nAccept-Encoding: identity\r\nte: deflate, gzip\r\nAuthorization: OAuth realm="https://api.launchpad.net", oauth_nonce="77356919", oauth_timestamp="1236029288", oauth_consumer_key="just testing", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_token="XXXXXXXXXXXXXXXXXXXX", oauth_signature="&YYYYY"\r\naccept: application/json\r\nuser-agent: Python-httplib2/$Rev: 259 $\r\n\r\n'
reply: 'HTTP/1.1 303 See Other\r\n'
header: Date: Mon, 02 Mar 2009 21:28:09 GMT

header: Server: zope.server.http (HTTP)

header: X-Powered-By: Zope (www.zope.org), Python (www.python.org)

header: X-Content-Type-Warning: guessed from content

header: Content-Length: 0

header: Location: https://api.edge.launchpad.net/beta/~thekorn

header: Vary: Cookie,Authorization,Accept

header: Content-Type: text/plain;charset=utf-8

header: Via: 1.1 wildcard.edge.launchpad.net

send: 'GET /beta/~thekorn HTTP/1.1\r\nHost: api.edge.launchpad.net:443\r\nAccept-Encoding: identity\r\naccept: application/json\r\nuser-agent: Python-httplib2/$Rev: 259 $\r\nif-none-match: "2d6b4bf1278e7cb5c11187e097d83fad62957e12"\r\nte: deflate, gzip\r\nAuthorization: OAuth realm="https://api.launchpad.net", oauth_nonce="63277318", oauth_timestamp="1236029289", oauth_consumer_key="just testing", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_token="XXXXXXXXXXXXXXXXXXXX", oauth_signature="&YYYYY"\r\n\r\n'
reply: 'HTTP/1.1 304 Not Modified\r\n'
header: Date: Mon, 02 Mar 2009 21:28:09 GMT

header: Server: zope.server.http (HTTP)

header: Etag: "2d6b4bf1278e7cb5c11187e097d83fad62957e12"

header: Vary: Cookie,Authorization,Accept

send: 'GET /beta/~dholbach/mugshot HTTP/...