In getting request token flow of OAuth, I’ve received “The given URL is considered malware”

In getting request token flow of OAuth, I’ve received "The given URL is considered malware"


I’m creating web application with node.js(10.x) and express(3.x).
And I chose the node-oauth as the twitter oauth module.

But in requesting Token, following error is returned.

{ statusCode: 401, data: ‘<?xml version=”1.0″ encoding=”UTF-8″?>\n\n <request>/oauth/request_token</request>\n <error>The given URL is considered malware</error>\n</hash>\n’ }

Authentications have succeeded in several times, but suddenly this error was sent and after that I’ve never succeeded.

What’s wrong? Many times requests is the cause?

The code is like the following

var oauth = require('oauth');

var consumer = new oauth.OAuth(
  , ''
  , 'My consumer key'
  , 'My consumer secret'
  , '1.0A'
  , 'http://localhost:3000/sessions/access' //I'm testing in local
  , 'HMAC-SHA1'

/** In the actual code, Some express settings exist like followings
 *  var express = require('express');
 *  var app = express();
 *  app.set(foo, bar);
 *  app.use(baz);
 *   and so on.

app.get('/sessions/connect', function(req, res, next) {
    consumer().getOAuthRequestToken(function(err, oauthToken, oauthTokenSecret, results) {
      if (err) {     //This err says the above error.
      } else {
        req.session.oauthRequestToken = oauthToken;
        req.session.oauthRequestTokenSecret = oauthTokenSecret;
        res.redirect('' + oauthToken);

app.get('/sessions/access', function(req, res, next) {
    consumer().getOAuthAccessToken(req.session.oauthRequestToken, req.session.oauthRequestTokenSecret, req.query.oauth_verifier, function(err, oauthAccessToken, oauthAccessTokenSecret, results) {
      if (err) {
      } else {
        req.session.oauthAccessToken = oauthAccessToken;
        req.session.oauthAccessTokenSecret = oauthAccessTokenSecret;
        req.session.user_id = results.user_id;
        req.session.isAuthorized = true;


Problem courtesy of: Ken


Ken, your error message explains the problem. This node app/site from which you try to connect to twitter has been flagged as malware or spam. Maybe because it is because of too many requests. Or maybe you unknowingly misused the twitter account.

You can file a ticket to investigate what went wrong. See this page.

Solution courtesy of: user568109


Leave a Reply

Your email address will not be published. Required fields are marked *