403 Forbidden: The server understood the request, but is refusing to fulfill it. Logged in vs. Not logged in


#1

EDIT: Solved by doing complete URL redirection to the authorize URL instead of doing it through cURL.

How long is this going to occur?
Here is the detail of the case which was also an issue almost a year back reported by Joe Mayo (https://twitter.com/intent/user?screen_name=JoeMayo)
at https://dev.twitter.com/discussions/16958

I am going to describe the situation here:

I have my app working perfectly fine for the following cases as described in https://dev.twitter.com/docs/auth/implementing-sign-twitter under Step 2: Redirecting the user (which lists 3 case scenarios but I am extending those to 4 cases):

  1. Not signed in but approved
  2. Not signed in and not approved
    (i.e. regardless of my approval to the application, the flow works when I am not signed in at twitter)

The only problem occurs when I am logged in at twitter (https://www.twitter.com) (i.e. signed in). It doesn’t matter if my application has permission to read/write or not, it always get stuck at https://api.twitter.com/oauth/authenticate or https://api.twitter.com/oauth/authorize which gives the following error: 403 Forbidden: The server understood the request, but is refusing to fulfill it. I passed the oauth_token as parameter to the get request(s) but same. I also tried using force_login=true without any success.

The cases the process flow fails are:

  1. Signed in and approved
  2. Signed in but not approved

I observed my request and response headers where it got stuck and found that there is a cookie with twitter session which is set when I am logged in at twitter (without the API). Is it the reason?

Please suggest, as it is really annoying and many like me are getting frustrated using this kind of malfunctions.
Hope to have a solution/response soon.

Thanks