[for attention of twitter devs]: I have noticed a bug in twitters app auth dialog box. Details included


#1

Hi There,

I don’t know if this is the best place for this but I’ve noticed a bug/misconfiguration that appears on the app auth dialog box. This email is intended to the development team at twitter.

The Bug: (The bug relates to a website that uses the ‘tweetbox’ to allow users to tweet via a 3rd party website.)

The bug in question appears when a user has logged out of twitter and then clicked on the button to ‘tweet’. The twitter oauth dialog box pops up asking the user to login. At this point if you click the ‘settings’ link provided you are redirected to following url:

https://oauth.twitter.com/login?redirect_after_login=%2Fsettings%2Fapplications

This URL does not exist and the user is presented with a ‘Sorry, that page doesn’t exist!’ error message.

From my testing it appears the correct URL should be something like:

https://twitter.com/login?redirect_after_login=https%3A%2F%2Foauth.twitter.com%2Fsettings%2Fapplications

(Note on the top-level domain twitter.com not oauth.twitter.com).

How to reproduce:

  1. Log out of twitter.
  2. Visit a website that has the ‘tweetbox’ functionality embedded within.
  3. Click the ‘tweet’ button
  4. On the oauth dialog window that opens, click the ‘settings’ link
  5. You are directed to an error page on twitter

I hope this information helps fix the bug.

Best Regards,

James Thatcher,
Developer, Bauer Media,
james.thatcher@bauermedia.co.uk