Following the docs, I have checked the option
"Allow this application to be used to Sign in with Twitter"
as well as using the /authenticate endpoint instead of /authorize
From what I read
"This method differs from GET oauth / authorize in that if the user has already granted the application permission, the redirect will occur without the user having to re-approve the application. To realize this behavior, you must enable the Use Sign in with Twitter setting on your application record."
this should be enough so that the users don’t have to authorize the app every time but that’s not the case.
I noticed this behaviour since 3 months or so, any idea what is wrong or what have changed ?