403 After submitting credentials on OAuth sign-in page


As of this afternoon I’m getting a 403 HTTP error after submitting credentials on the OAuth sign-in page. I haven’t changed anything in my code which has been working fine until now.

The 403 happens during the procedure described here: https://dev.twitter.com/docs/auth/implementing-sign-twitter. As part of step 2 I show a webview which loads https://api.twitter.com/oauth/authenticate?oauth_token=<request token obtained in step 1> (the sign-in page). Then after submitting my account credentials on that page, I get this error: “403 Forbidden: The server understood the request, but is refusing to fulfill it.” This happens both when I enter wrong credentials and when I enter the correct credentials.

I really have no idea what’s going on here since I didn’t change anything. The error doesn’t show up in other apps. I also tried using different IP addresses, but no luck there either.


Can you share the app ID or consumer key you’re using web this problem occurs? Thanks!


Thanks for your reply. Consumer key: YpNzrB79n5TnNbgIeqIfcw.


Hi Taylor,

I am getting the same error over here for “Gravity!”. Consumer key: YHvh158suQ0SV3NiYkU9Q.

Thanks for any help.


Just a quick follow-up: is it possible that the Twitter OAuth login now requires cookies to work correctly? The browser I am using doesn’t support cookies …


Yep, looks like it does. I previously had cookies disabled and it’s working now again after enabling cookies.


Thanks for the details everyone, I’m working with our team on diagnosing and resolving this.


For me it’s a bit more difficult as I cannot enable cookies :frowning:


Sorry for the difficulty with these endpoints – the problem should now be resolved.



Yay, it’s working again for me.

Thanks a million for the quick fix, Taylor!! :slight_smile:


i am getting a 403 status while working with update with media.consumerKey: ‘QyTkRg1Lp8QMVxwvtnAg’.
please give any suggestions


Hi guys,
now i am also getting the 403 Forbidden:The server understood the request, but is refusing to fulfill it.the previous week it’s working great in login credential page but today i got the above error. so i share my consumerKey:67KGBUuiTiGeIFQMSRGc6w.
please fix it this issue for me taylor…


Same over here. We’ve had this before (I think a couple of months ago.)

If I remember correctly, it was related to the OAuth pages suddenly requiring cookies.

@episod fixed it quickly last time. Hope he can do it again :wink:


thanks for your reply janole. how episod fixed the above issue? any code including twitter+oauth sdk?if u know?


I assume @episod sent an eMail to the “appropriate” people working on the OAuth website :-}

Hopefully it will be fixed soon. The browser I am using for authenticating via OAuth doesn’t support cookies :-/


so episod sent code to your email. i totally confused pls explain this issue why it occurs? and where? how u resolved this issue using episod code.please reply me.


mr.episod pls help me for the above issue how to solve that one?where was problem started and reason for that problem? it;s very urgent…


Sorry for the issues, folks. We had an issue over the weekend that required a hotfix to oauth/authenticate. This hotfix ended up requiring cookies where they were previously non-required. We are working on a follow-on fix today that will resolve the underlying issue without requiring cookies for environments such as yours that do not support them. Thanks for your patience while we complete the fix.


Do you have an updated time estimate for this fix? No one has been able to sign in with our iOS apps for about 18 hours now.


We also need urgent fix for this problem, can you please provide time estimate for when this will be fixed, thanks