takke
#1
We are trying to add OAuth 2.0 Authorization Code Flow with PKCE to our Twitter client for Android.
I opened the URL for the actual authentication in my browser.
val url = "https://twitter.com/i/oauth2/authorize?response_type=code&client_id=M1M5R3BMVy13QmpScXkzTUt5OE46MTpjaQ&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%20follows.write&state=state&code_challenge=challenge&code_challenge_method=plain"
val intent = Intent(Intent.ACTION_VIEW, Uri.parse(url))
startActivity(intent)
However, it is stolen by the official application and cannot display the authentication screen in the browser.
What should we do?
(Displaying it in the in-app browser is an alternative, but not a good security practice)
2 Likes
takke
#2
I tried to view the OAuth 2.0 PKCE authentication URL in the in-app browser and got this “This browser is currently not supported.” is displayed.
Does this mean I need to uninstall the official Twitter app in order to authenticate with OAuth 2.0 PKCE on Android?
1 Like
Hi, thanks for reaching out. I will DM you to get some additional details on this issue.
1 Like
takke
#4
Thanks, @alanbenlee . I’m waiting for your DM.
takke
#5
I’m glad to see that the issue has been shared with Twitter’s OAuth team.
I’ve tried several workaround methods and implemented the following two methods.
- Open in Chrome browser if available.
- If no Chrome browser is available, find a browser other than the official Twitter app and open it.
This workaround requires a relatively deep understanding of how Android works.
Therefore, it would be appreciated if the official application itself provides OAuth 2.0 PKCE authentication or behaves correctly as a browser.
Thanks.
1 Like
system
closed
#7
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
