GET oauth/authenticate is broken

Connexinet · 2023-01-27T01:06:56.988Z

What endpoint are you using?

GET oauth/authenticate

What API version are you on?
1.1 and 2.0

Are you using a library or SDK? Which one?
No, rest API calls without library

What is the issue?
The oauth operations started to go in infinite loop. No idea what caused the issue, it started happening in the last 24 hours.
When the user is required to authenticate (using GET oauth/authenticate) the user gets the authorization page:

auth1909×1284 165 KB

(As you can see the authorize workflow is triggered instead of authenticate workflow)

The user can never login to any app that uses that endpoint
Steps to reproduce the issue
Step 1: Login to any app that uses /oath/authenticate

What is the error message?
No error message, the user goes into an infinite loop of authorization

When did it start?
Jan 25, 2023 9:30am ET

What have you tried to troubleshoot?
Logging off from twitter then login again solved the problem sometimes (seems like cookie related?)

Connexinet · 2023-01-27T05:28:16.758Z

Here are the exact steps to reproduce:
1 Call POST /oauth/request_token
2. Send the user to https://api.twitter.com/oauth/authenticate with the parameter force_login
3. Do not enter the Twitter password to login, close the browser instance or navigate to any other website.
4. Try to login to any application using oauth/authenticate workflow (not necessarily the same app)
5. Notice the authorize workflow dialog is shown (not automatic authentication and redirection)
6. If user clicks “sign in” button, they will be stuck in an infinite loop of “sign in” dialog and authorization screen.

Connexinet · 2023-01-27T05:34:09.060Z

One more troubleshooting step:
7. Go to twitter.com
8. Delete the cookie named “_twitter_sess”.
9. The problem stops happening and user can use twitter authentication again.

We can’t expect the users to delete the cookie each time they get stuck

Connexinet · 2023-01-27T13:46:26.649Z

Edit: Removed the part about losing my account as that has been recovered (and don’t want to distract from the main API bug)

Testsa16 · 2023-02-01T19:06:48.533Z

same issue

hermanschutte · 2023-02-02T11:35:44.760Z

Same issue for us as well.

semifor · 2023-02-14T18:05:21.029Z

Please go go like this tweet. Elon is taking requests for features & bug fixes and prioritizing them by number of likes. Maybe we can get some attention for this one.