I was developing one mobile app which implements the OAuth mechanism by itself (i.e. no external libs).
As per twitter doc (https://dev.twitter.com/docs/auth/mobile-sign-flow) if the user is already logged-in and if he has not granted access to the app then it will show the request permission page. But in my case Im seeing a page with user name and password fields auto filled-up with the logged-in user’s info.
The documented screenshot says there will be no credential fields if the user has already logged in. So whats wrong with my situation?
What Im doing is the following,-
- load http://www.twiiter.com in my web
- User logs into this
- Then I follow 3 steps as mentioned in https://dev.twitter.com/docs/auth/implementing-sign-twitter
Note, my Oauth codes are working just fine and access token received from this are working perfectly. Its just that as per my app spec if the user is already logged-in there should not be any credential fields, just the permission page.
Also note, if I repeat step 1 it doesn’t ask for username/password, it directly logs me into the twitter page, so I think cookies/sessions stored in step (1) are correct.
Please help !!!