When trying to get the ID of the user who just authorized my app by using
https://api.twitter.com/2/users/me
I receive the following error
{
"errors":[
{
"title":"Forbidden",
"type":"about:blank",
"status":403,
"detail":"You are not permitted to use OAuth2 on this endpoint"}
]
}
Despite the endpoint for the documentation saying OAuth 2.0 is supported. As a note I do have both scopes enabled required for the endpoint according to the docs.
1 Like
Hi @tribe_zero ,
Is the token you used from AppOnly? Or is it a token issued by OAuth 2.0 PKCE?
This endpoint cannot be accessed with an AppOnly token. Also, you must also ensure that the following scopes are specified when issuing access tokens with OAuth 2.0 PKCE.
1 Like
Yes the token is issued with Auth 2.0 with PKCE. Also yes I did flag both of those scopes as well as offline access to receive a refresh token.
1 Like
@tribe_zero ,
It’s strange. Can you share your code?
Wow that was fast reply. Am at the gym currently so no access to my code but I can in a bit. Just in case you didn’t see my edit. I did request the proper scopes you listed as well as offline mode.
I am currently getting back a bearer token, expires, refresh token and a token type. When I authenticate with my personal account via OAuth2.
However since it’s a work project I don’t have access to the twitter dev admin. Could there be any flags I need enabled on the admin panel? I know discord api needs some intents flagged in their admin first usually.
Turns out it was a typo trying to post instead of get, the error was just very confusing.
2 Likes
@tribe_zero ,
I see 
In fact this error message is very misleading. If the communication method is wrong to begin with, it should be 405, not 403.
2 Likes
