[BUG] Twitter kit iOS 3.0.4 authenticating with Twitter app installed

auth
ios

#1

When authenticating with iOS Twitter kit 3.0.4, when Twitter version 7.3.2 is installed, I’ve noticed issues with the Twitter app holding onto the last OAuth application that has authenticated. Steps

  1. Authenticate with application 1
  2. Control is handed off to Twitter, OAuth screen showing Application 1 wanting a connection
  3. User accepts, control is handed back to application 1, which is now authenticated
  4. Launch application 2, and attempt to authenticate
  5. Control is handed off to Twitter, OAuth screen incorrectly shows Application 1 wanting a connection
  6. If user accepts, session that is established is invalid, and will not work because the headers are for Application 1!
  7. Kill twitter app
  8. Back in application 2, attempt to authenticate again
  9. Control is handed off to Twitter, OAuth screen now correctly shows Application 2 wanting a connection
  10. User accepts, control is handed back to application 2, which is now correctly authenticated

Seems like the Twitter app is holding onto the last application information that has authenticated, and is not using the information for the current authenticating app.

This is a major bug.


TwitterKit 3.0.3 - share same twitter app (consumer key and secret) between multiple apps
#2

Thank you for reporting this. We are working with the main Twitter app engineers.


#3

We are having the same issue. Any news on a fix for this yet?


#4

Engineers in the main app are working on it. We hope to fix it soon and ship it with bi-weekly Twitter app release this month.
This won’t require Twitter Kit update though.


#5

Problem still exists with Twitter Kit 3.0.4 and Twitter app 7.3.2


#6

@katejaiheelee the problem still exists with TwitterKit 3.0.4 and Twitter app 7.4

To fix it properly each app needs to specify a unique app URL scheme so that the Twitter app will be able to forward login data back to the correct one. A simple (and backward compatible solution) is to support URL scheme suffix. This way application 1 and 2 have different URL schemes and this problem will never happen again.
Facebook SDK does the same, so it’s a solid solution.

Related bug and solution discussed here

Please take this in consideration “quickly”. With iOS11 there is no other way of authenticate user that using TwitterKit and now it’s clearly broken.


#7

I can’t reproduce this bug anymore with 7.4
Could you confirm?

Other two bugs are still in progress.


#8

This is fixed for us, Thank you!!


#9

Looking good now with Twitter 7.4. Thanks for the fix!


#10