New issue: "403 forbidden" while authorizing an application


#1

I’m still experimenting with this OAuth stuff.

I have now configured an “oob” workflow. The first step, getting a request token, works fine. I get what I expect. But the second step, the interactive, fails on the server. If I send my request_token to the authorize endpoint I get some HTML code back. I save this in a file and start a browser upon it, just to see what happens. I can see the page containing a user login and the two buttons. If I fill out the login correctly and press the submit button I get never something else but this:

“403 Forbidden: The server understood the request, but is refusing to fulfill it.”

What does this mean? And what is the reason for this? Why can this dialog fail?

I never saw a PIN until now :frowning:


#2

Step 2 should be to construct an URL you will give to your application’s user. So instead of requesting that URL directly, provide a link or text they can copy and paste into a browser.


#3

OK, after a night of restless thinking I got it now: I just have to display this URL in a browser, I have not to perform a HTTP GET request with it.

Guys, this must be better documented. How should anyone anticipate this? This authorize step and the API call is documented as all the others but this one is completely different.


#4

https://dev.twitter.com/docs/api/1/get/oauth/authorize says “Send the user to the oauth/authorize step in a web browser, including an oauth_token parameter: …” and also links to descriptions of the OAuth flow which describe this redirect. We also have this process documented here: https://dev.twitter.com/docs/auth/implementing-sign-twitter

And yes, I have “ever see[n] a C++ program from the inside”, thanks.