Cannot remove callback url


#1

Hi. I need urgent help. I have mistakenly added a callback URL in the developer settings for our production app. The form does not allow resetting the URL to be blank - it just reverts it to the previous value.

This is now breaking our app as it is redirecting users to the wrong place - showing the callback URL page instead of a verification code.

We need to remove the callback URL ASAP. Please help.

Paul


#2

Set it to oob for “out of band”


#3

Thanks abraham, but the form validation insists on a valid URL so that doesn’t work.

It looks like this has been a probelm with this form for years and it has never been fixed. I’ve been a bit hasty and changed this for a production app - which is now broken until someone from twitter responds.


#4

During POST oauth/request_token specific oauth_callback=oob.


#5

abraham, this can’t be fixed in our code - it’s a desktop app that’s distributed to hundreds of customers, hardcoded to point to this twitter app.

The twitter app configuration must have a blank callback url, but the form just won’t let me revert it to blank.

I updated my original post to point out that this related to our production app - a silly mistake I know, but it wouldn’t be a problem if there wasn’t a bug in that settings form.


#6

You better get started rolling a new version of the app. Best case scenario if Twitter sees this post and rushes out a update might get this fixed in a week or two. You shouldn’t rely Twitter getting this prioritized and fixed though as it could take a while.

That will also make you compliant with the docs which specify:

the only difference being that the value for oauth_callback must be set to oob during the POST oauth / request_token call.


#7

Yes, we will consider enforcing oob in the oauth request in future.

The workaround for now, which was obvious and I should have seen earlier, is to relay the verifier to the user in a custom redirect page. The verifier is in the query sting as oauth_verifier. It’s not the numeric PIN that the twitter page shows, but it still works.

However, if anyone from twitter is reading this, please fix that bug in the settings form - it’s been there for years. Or please provide an explicit out-of-band option.


#8

Just ran into this issue. I now have to create a new Twitter app because I cannot remove the callback URL from the Settings page. Very annoying bug that’s apparently been around for quite some time now.


#9

I just made this mistake as well. Amazing that after several years and immense developer frustration Twitter has not fixed this issue, seriously??

The solution is to enter “oob” in your callbacl URL field in the settings form. If you make it blank, then it does not update it, but if you enter “oob” then it reverts to the pin method on validation.


#10

OMG, more than 3 years later this is still happening. Totally annoying.


#11

Can you be clear please on the exact issue you are describing given that a) this thread is 3+ years old and much has changed and b) we’ve just announced the requirement for all registered callback URLs to be whitelisted?

What code are you using, what error are you seeing and what is the status of your app configuration please?


#12

Of course:

  • Go to Twitter Application Management.
  • Select your application.
  • Go to Settings tab and then ‘Callback URLs’.
  • Click “Add a Callback URL” to add one or N new URLs.
  • Input the new URL(s) and click “Update Settings” right at the bottom of the form.

After this, whether you add multiple callback URLs intentionally or accidentally, there is no turning back! You can’t remove them to just 1 callback URL afterwards. You can’t even clean the whole Callback URL section out regardless of having the callback locking disable or not needing this functionality at all. In any case you will get “Error - Please make sure you have at least 2 callback URLs.” everytime you try to reduce the ammount of URLs to 1 or zero.

So, I guess that just like those developers in this very same topic 3 and 2 years ago, there’s nothing you can do, other than create a new twitter App.


#13

Multiple callback URLs is brand new functionality this week so this is something I can check on.

If you do NOT use sign in with Twitter then the callback URL should be irrelevant.