Our application lets users “Sign In With Twitter” to verify a their identity. We generate an authorization URL on our side, which is of the form https://api.twitter.com/oauth/authorize?oauth_token=xxxxxyyyyzzzz. We are using Ruby, and the process by which we create a link for the user to click to sign in is as follows:
consumer = OAuth::Consumer.new(
consumer_key,
consumer_secret,
site: 'https://api.twitter.com')
request_token = consumer.get_request_token(oauth_callback: callback_url)
authorize_url = request_token.authorize_url
This works in all cases except in the internal browser that opens when you click a link from the Twitter App. Every time a user clicks to sign in, they get an error that says:
Whoa there!
There is no request token for this page. That’s the special key we need from applications asking to use your Twitter account. Please go back to the site or application that sent you here and try again; it was probably just a mistake.
I have tried in mobile Chrome and Safari, and in my desktop Chrome and Safari, and I do not encounter this issue. Only in the internal browser in the mobile Twitter app. Also, I have verified that the server clock is properly synchronized (I read that this is a possible issue). It seems as if the param is being stripped.
Thanks for any help you can provide.
