OAuth 2.0 app authorization doesn't work

peter.o · 2022-08-09T19:52:11.869Z

Hi,
I’d like to get the authorization code so I can exchange it for an access token and play with the Twitter API. But first, I have to authorize my app. I have followed this tutorial: OAuth 2.0 Making requests on behalf of users | Docs | Twitter Developer Platform

I’ve entered this to Chrome (and later to Firefox)
https://twitter.com/i/oauth2/authorize?response_type=code&client_id=MYCLIENDIT&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%20offline.access&state=foo&code_challenge=bar&code_challenge_method=plain
I’ve got this

image902×766 44.6 KB

I’ve tried so far:

Chrome, Firefox, No Adblock, etc.
logout from my TW account and log in during the authorization flow
add client_secret
remove offline.access
click the link provided in the tutorial

peter.o · 2022-08-11T20:18:46.216Z

On mobile I got:

image830×994 62.5 KB

eduard_o93 · 2022-08-18T10:13:22.400Z

peter.o:

I’ve entered this to Chrome (and later to Firefox)
https://twitter.com/i/oauth2/authorize?response_type=code&client_id=MYCLIENDIT&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%20offline.access&state=foo&code_challenge=bar&code_challenge_method=plain

Make sure Developer Portal → User authentication settings → Edit → Callback URI / Redirect URL has the redirect_uri you are sending in your URL.

DevAirking · 2022-08-18T13:40:53.001Z

Hi eduard,
I have a similar problem.
I’m trying to get authorization code via the authorization code flow.
In my App configuration I have an redirect Uri that works.
But after the user clicking on authorize button,and when the callback Url is called by the authorization server, there is no query string added there.(I mean no code neither state).
Here is parts of my query:
response_type=code&client_id=CLIENTAPPID&redirect_uri=CALLBACKURI&scope=tweet.read%20users.read%20follows.read%20follows.write&state=1660792028&code_challenge=xcoiv98y2kd22vusuye3kch1660792028&code_challenge_method=plain

Could you help me pls!
Thx

eduard_o93 · 2022-08-18T17:25:46.550Z

Make sure your uri doesn’t do a redirect to other uri. Try changing the uri to another one (e.g. https://example.com) both in “General authentication settings” and in your code.

DevAirking · 2022-08-18T19:02:09.680Z

Thx a lot, It works with the URI you suggested.
But I would like to be able to retrieve the authorization code with my URI and store it.
I would like to know why it doesn’t work with my prod URI.

peter.o · 2022-08-18T20:11:28.395Z

Hi Eduard,
Thank you for your reply. Yes, URL is set correctly.

eduard_o93 · 2022-08-18T20:48:44.496Z

I don’t how your web works, but my bet is that it is removing with javascript the parameters from the URI or redirecting to a URI without them.

You could check this in F12 → Network → check “Preserve log” and paste the URI in the address bar. If you see a 302 or something like that, your web is redirecting to a URI without the parameters. If you don’t see them, try pasting yourself your CALLBACKURI in the address bar and adding the code parameter with a random value. If it dissapears, it means that your web is removing it by javascript.

eduard_o93 · 2022-08-18T20:54:54.189Z

I’d suggest to double check that your client_id, client_secret and everything is correct…

peter.o · 2022-08-19T01:08:28.122Z

I’m using the DEVELOPMENT APP. I also checked the URL encoding.

Where does the client secret come into play? To authorize I should use just the client ID, OAuth 2.0 Authorization Code Flow with PKCE | Docs | Twitter Developer Platform

EDIT

Found it, all values were correct, but not the parameter names. client_id vs clientId