OAuth error oauth_problem=timestamp_refused
Problem
When creating an application link, or using functionality that uses an application link, the applications aren't able to authenticate to each other.
The following appears in the application log:
oauth_problem=timestamp_refused
Diagnosis
Environment
- Two applications are connected together using Application Links
- The authentication method used is OAuth
Cause
When an oauth request is sent, an Authorization header is generated and sent along with the request. That header has a UTC timestamp attached to it. When the request arrives at the destination, the server will check to see if the current UTC time is within the acceptable timestamp window of 5 minutes since the request's timestamp.
This problem is caused when the current UTC time at the destination is at least 5 minutes later than the UTC timestamp attached to the request.
This can be caused by one or more of:
- An incorrectly set time zone on at least one server
- An out-of-date time zone definition, causing a server to think it has a different UTC offset to what it should be
- At least 5 minutes difference in the UTC time between the two servers
- Network latency can contribute to the cause of this problem; although it's rare that it's the complete cause
Resolution
- Ensure both servers have synchronised their time with a Network Time Server
- Ensure time zone definitions provided by the operating system are up-to-date. For Linux it's usually the "tzdata" package. For Windows it should be kept up-to-date by Windows Update.
In cases where latency is a factor, the cause of the latency should be isolated and corrected.