parameters.token(token); secrets.tokenSecret(response.getFirst(OAuthParameters.TOKEN_SECRET)); state = State.REQUEST_TOKEN; } finally { if (state == State.UNMANAGED) { parameters.token(null); secrets.tokenSecret(null); throw new UnauthorizedRequestException(parameters, null); parameters.token(token); secrets.tokenSecret(secret); handler.authorized(parameters.getToken(), secrets.getTokenSecret()); parameters.remove(OAuthParameters.VERIFIER); if (state == State.UNMANAGED) { parameters.token(null); secrets.tokenSecret(null); state = State.MANAGED; && response.getStatusInfo().getStatusCode() == ClientResponse.Status.UNAUTHORIZED.getStatusCode()) { request.getHeaders().remove("Authorization"); parameters.token(null); secrets.tokenSecret(null); return handle(request);