Ngrok is recognized as malware

avihay · 2018-07-30T11:15:22.968Z

Hi,

I’m trying to migrate to the new account activity API. I’m following the account-activity-dashboard sample code (GitHub - twitterdev/account-activity-dashboard: Sample web app and helper scripts to get started with the premium Account Activity API).

As the documentation suggest, I’m using ngrok. The thing is, when I’m setting the ngrok url in the “Website” field of the application management page, I get this error:
“Error
The client application failed validation: url contains malware URL.”

I tried to overcome it, by setting the “Website” as some dummy value (“https://www.localhost.com”), and only to set the callback URLs - for some reason, it works as far as the application management concerns, but when I’m trying to actually add subscriptions via the “Manage Subscriptions” tab of the sample node example, I receive this error:
“Error: Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings”

I suspect that it boils down to the fact that for some reason twitter recognize the ngrok URLs as a malware.

Did anyone encounters such a problem? Any ideas?

Thanks!

andypiper · 2018-07-30T20:24:30.934Z

That’s correct. However, that validation is only applied in the case of the Website URL field. You should be OK to add the ngrok URLs in the callback URL fields. These are only internal to the application, whereas the Website URL field will appear in user-facing auth screens, so has different validations.

avihay · 2018-07-30T20:52:53.000Z

Hi Andy,

Thanks for the answer. I did configured the callback(using the ngrok url) in Twitter application setting page, but even then when I’m trying to actually add subscriptions via the “Manage Subscriptions” tab of the sample application, I receive this error:
“Error: Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings”

My guess was that the callbacks weren’t approved due to the fact that it’s ngrok URLs… if that’s not the case, can you think what else can it be?

Thanks

andypiper · 2018-08-01T22:45:40.213Z

The other thing I’m wondering is whether your code is attempting to override the callback URL. Are you sure that’s matching?

system · 2018-08-15T22:45:48.284Z

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.