Error list on OAuth authorization


Error list on OAuth authorization

OAuth Problems

In case request has a problem, Hatena's OAuth API responds a reason of the problem in the WWW-Authenticate: header field and body.

Possible oauth_problem Hatena's API respond are one of following. This list may added without announcement.


Specified oauth_version is not supported by Hatena's API. Specify a version with oauth_acceptable_versions paramete of the responser.


Required parameters are not sent. oauth_parameters_absent parameter indicates lack of parameters separated by &.


Unnecessary parameters are sent. oauth_parameters_rejected parameter indicates unnecessary parameters separated by &. This oauth_problem is also returned if you set a scope which was not specified when you get a request token for your application. Make sure that desired scope is available on Setting Page for OAuth Developer.


oauth_timestamp parameter is invalid. Make sure your application's clock and timezone are both OK.

oauth_acceptable_timestamps parameter lets you know an acceptable timestamp value.


oauth_nonce parameter's value is already in use. Normally oauth_nonce is set randomly by your OAuth library. Make sure that your application is not sending the exactly same request twice.


oauth_signature_method parameter is invalid. Make sure that the value of signature_method is "HMAC-SHA1", which is the only value allowed by Hatena's OAuth API.


oauth_signature parameter is invalid. If you are using an OAuth library, either a consumer key, a consumer secret, an access token or an request token is not correctly set.


oauth_consumer_key parameter is invalid. Make sure that that the specified cosumer key is correctly set.


The specified cosumer key is not available for some reason.


Consumer Key is temporary unavailable. Make sure that your application is not inactivated on Settings Page for OAuth Developer.


The token specified as oauth_token parameter is already in use. You can exchange an access token with an request token only once.


The token specified as oauth_token parameter is expired. An access token has no expiration. Request token is expired in about 5 minutes.


The access token specified as oauth_token parameter is invalidated by the user.


The access token specified as oauth_token parameter is unavailable. This may be returned when the token is invalidated by the user too.


oauth_verifier is invalid.


A permission by the user is required. It means that the access token used in the request does not fulfilled the API scope which is obtained with the request token. Make sure the required scope in the API specification.


  • May 13, 2015 This document is published.