mholt6
#1
I’m trying to connect my development app using OAuth 2 and getting HTTP 400 errors at the authorize endpoint. I’ve been using an Oauth client library in Go that I use with success on other Oauth2 services, except for Twitter.
Following the docs here:
I took this sample URL straight from the docs:
https:// twitter .com/i/oauth2/authorize?response_type=code&client_id=M1M5R3BMVy13QmpScXkzTUt5OE46MTpjaQ&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%follows.write&state=state&code_challenge=challenge&code_challenge_method=plain
(spaces added because I can’t include links in my posts, apparently)
and carefully modified it to use my own client ID and redirect URI (properly encoded).
The redirect URI matches exactly what is configured in my Developers dashboard. (When it’s not, I get a different error that spells that out.)
No matter what I try, I get this error response:
HTTP 400
{
"errors": [
{
"error": "invalid_request",
"error_description": "Redirect is requested.",
"redirect_uri": "https://example.com/redirect?error=invalid_request&state=mnfiL5bLgeCpwy"
}
]
}
Any tips for what I’m doing wrong?
Thanks
@mholt6 Did you try not using the scope? This is just a shot in the dark, but that look like the non-standard query parameter.
mholt6
#3
Thanks; but removing the scope didn’t affect the output at all.
To repro this, it should be as easy as pasting the URL into your browser, with your own client ID and redirect_uri, right? Make sure it matches what is in your Twitter Developers dashboard and that OAuth2 is enabled.
yeah, I am not be familiar with that, just taking a stab in the dark.
mholt6
#6
Is anyone able to reproduce this or help explain what the “Redirect is requested” error means? It doesn’t seem to be documented anywhere.
mholt6
#7
(Edit: only worked once, see below…)
Holy moly, today it’s working. No changes to the URL or the code. I just clicked my link that I left open in my text editor from yesterday and now I’m brought to the “<App> wants to access your Twitter account” page.
Anyone know why?
mholt6
#8
Hmm, now the link doesn’t work anymore.
And now I can’t acess the OAuth2 settings in the Developer Portal. Getting JS errors like:
The resource from “https://ton.twimg.com/dataproducts/devportalvnext/dist/19.bundle-82c9aff934b2deaf33c4.js” was blocked due to MIME type (“”) mismatch (X-Content-Type-Options: nosniff).
auth-settings
Loading failed for the <script> with source “https://ton.twimg.com/dataproducts/devportalvnext/dist/19.bundle-82c9aff934b2deaf33c4.js”. auth-settings:1:1
ChunkLoadError: Loading chunk 19 failed.
(error: https://ton.twimg.com/dataproducts/devportalvnext/dist/19.bundle-82c9aff934b2deaf33c4.js)
e https://ton.twimg.com/dataproducts/devportalvnext/dist/bundle-82c9aff934b2deaf33c4.js:2
e https://ton.twimg.com/dataproducts/devportalvnext/dist/bundle-82c9aff934b2deaf33c4.js:2
hn https://ton.twimg.com/dataproducts/devportalvnext/dist/bundle-82c9aff934b2deaf33c4.js:2
pc https://ton.twimg.com/dataproducts/devportalvnext/dist/bundle-82c9aff934b2deaf33c4.js:2
On this page:
https://developer.twitter.com/en/portal/projects/<number>/apps/<number>/auth-settings
Is your backend OK, Twitter?
Thanks for reaching out here. I’m working with the team on trying to figure out what might be happening here and I’ll let you know once I have more of an update to share.
1 Like
mholt6
#10
Excellent, thank you! It’s rather bizarre.
Thanks, @mholt6, for all of the feedback here. A typo caused this issue in the encoding in the docs that we’ve since updated.
This authorize URL should work for you now:
https://twitter.com/i/oauth2/authorize?response_type=code&client_id=M1M5R3BMVy13QmpScXkzTUt5OE46MTpjaQ&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%20offline.access&state=state&code_challenge=challenge&code_challenge_method=plain
Regarding accessing the authentication settings in the developer portal, we did have some recent outages impacting the portal, so I think this may have been related. Please let me know if this is continuing.
Thanks again!
Jessica
1 Like
mholt6
#12
It’s working now. 
Your team is amazing. Thank you!
1 Like
mholt6
#13
@jessicagarson The link above (the one you just posted that was working yesterday) is no longer working again.
I get " Something went wrong. You weren’t able to give access to the App. Go back and try logging in again."
And I see a request with a 503 in the devtools, returning a nice HTML page that says “This page is down”
Thanks, I’m looking into this. I’ll let you know when I have more to share.
mholt6
#16
Thank you! It’s working again.
Hi, i’m experiencing right now the same issue.
With the url params:
response_type=code&client_id=alZqVFpKS3pqMjlCQWpDck5NZ2U6MTpjaQ&redirect_uri=http://localhost:1887/Auth/login.ashx&scope=tweet.read%20users.read%20follows.read%20offline.access&state=state&code_challenge=challenge&code_challenge_method=plain
The response is HTTP Error 400 with description “Redirect is requested.”
What may I have done wrong?
Thanks in advance.
Thanks for reaching out @DLocalizatodo, I think the issue you may be experiencing is because you are using localhost as your redirect URI. You may want to consider using a solution such as ngrok.
Many thanks, i will try it that way
I’ve done more testing and it seems to work, even with a callback to localhost, but only if the user was previously logged into Twitter. Should a different url be invoked for Twitter to request username and password if the user was not already logged in?
Ah yes, so we do have a known issue where the authorize URL will only work if the user is logged in. This is something we are aware of and are planning to fix shortly.
1 Like
