Here are some common issues with user tokens their resolutions:
On the eBay sign in page, I get the error, username or password is incorrect
This happens if you use the credentials for the wrong environment.
To understand this better, you need to understand that there are 3 sets of crendentials (Usernames and passwords):
eBay Developers program username and password: This gives you access to the developers program website http://developer.ebay.com , the tools that reside on it (including the User Token Tool), your keyset etc. This cannot be used on the eBay Sign page to generate user tokens.
Sandbox username and password: If you want to test your application in the eBay Sandbox environment, you need to generate a sandbox user with the Sandbox User Registration Tool . This user cannot be used in Production. It can only be used in Sandbox.
Production username and password: This user is generated on the corresponding eBay website where the user needs to be registered. For example, to create a user on eBay US, you will need to go to www.ebay.com and click on register. This user cannot be used in Sandbox. It can only be used in Production.
To generate a token correctly, you need to ensure that the keyset, runame, username and password used are all for the same environment. Do not use the eBay Developers Program Username and password on the eBay Sign in page.
I get "Third Party Authorization error" when I send the user to the eBay site to get their token?
When you redirect a user to the eBay sign in page for getting their token, you must ensure that you send in the correct RuName with a valid SessionID. Check and make sure that you are using the RuName associated with your keyset. Another thing to check would be ensure that you are using the correct SignIn url.
Some of my users are being asked to confirm their identify when I send them through the auth & auth flow to get their token. Why does this happen to only a few users and not everybody?
As per our Trusted Selling with identity confirmation announcement, if users attempt to login to eBay from a different machine other the ones that they use usually, eBay will ask the user to confirm the identity. Have them complete the identity confirmation process. For details refer this KB.
Errorcode 932: Auth Token is hard expired
User Tokens have a limited life span of 18 months. If a token expires, then you have to take the user through the user token generation process and use the new token.
Error: 16110 Token has been invalidated
Error 16110 specifically indicates that the end user has revoked this token via the MyeBay Preferences page. A user can revoke a token at any time. Upon token revocation, no notice is sent to the 3rd party application. Therefore, this error message 16110 should be used as a flag to indicate that a token revocation has occured.
Error: 16118 Token retrieval window has expired
This error is received when the retrieval window for the sid/token combination that you are requesting has passed. When a token is generated using a sid, the creation time is stored. The token must be retrieved within 48 hours. After 48 hours, the sid expires, and the token can no longer be retrieved. After 48 hours, the user will need to repeat the signin process in order to generate and retrieve a new token. At this time, a new sid will be required.
Errorcode 16119: Token does not exist. Long Error: The token does not exist, the user must complete the Auth & Auth sign in process to generate token
You may receive this error if you call FetchToken for a user who has not yet completed the Auth and Auth Sign-In flow. If the user does not complete the Auth and Auth signin flow, a token will not be generated for that user. To recover from this error, generate a new SessionID and direct the User through the Auth and Auth signin flow again. Make a call to FetchToken after the user has successfully completed the Auth & Auth flow. If this is your application's first time using this process to obtain a token for a user, your application should wait 5-10 seconds before calling FetchToken. The attempt to retrieve the token must be made within 48 hours of the time the user signed in on the sign-in and consent page