Missing oauth_token param, only in the Twitter App


#1

Our application lets users “Sign In With Twitter” to verify a their identity. We generate an authorization URL on our side, which is of the form https://api.twitter.com/oauth/authorize?oauth_token=xxxxxyyyyzzzz. We are using Ruby, and the process by which we create a link for the user to click to sign in is as follows:

consumer  = OAuth::Consumer.new(
  consumer_key,
  consumer_secret,
  site: 'https://api.twitter.com')
request_token = consumer.get_request_token(oauth_callback: callback_url)
authorize_url = request_token.authorize_url

This works in all cases except in the internal browser that opens when you click a link from the Twitter App. Every time a user clicks to sign in, they get an error that says:

Whoa there!

There is no request token for this page. That’s the special key we need from applications asking to use your Twitter account. Please go back to the site or application that sent you here and try again; it was probably just a mistake.

I have tried in mobile Chrome and Safari, and in my desktop Chrome and Safari, and I do not encounter this issue. Only in the internal browser in the mobile Twitter app. Also, I have verified that the server clock is properly synchronized (I read that this is a possible issue). It seems as if the param is being stripped.

Thanks for any help you can provide.


Request token error but only in official Twitter iOS client's web browser window
Request token error but only in official Twitter iOS client's web browser window
#2

Our customers are getting the same exact error as @chazelton331 under the same circumstances.

We have a rails app that allows people to login via Twitter and the login only fails from within the Twitter app’s UIWebview. Mobile Safari and Chrome both work fine. Our server times are synchronized and the OAuth works in every other circumstance we tested.

We are doing about 3K Twitter signups per day and this is really hurting our customers.

Any insight would be greatly appreciated!


#3

Hi I’m getting the same error from an in-app web browser on Windows Phone 8.

On monday everything worked fine so I did a beta test release. On thursday the app got tested by the testing team and it had already stopped working.

It also changed the UI.

The strange thing is that if I fetch the URL that takes me to the PIN page and paste it on a desktop browser I get to see the PIN, not the same on the mobile app.

Any official word?


#4

No official word yet, but I did just tweet at @TwitterDev, so we’ll see


#5

Great, did that too

Let’s hope they solve this.


#6

Same here, tweeted @TwitterDev and they are going to investigate.

Also, confirmed this morning that @AppMeerkat is broken in the same way as described in this bug report.