I’ve created a web app with “Read, write, and direct messages” permissions and I have a problem with “Sign In with Twitter” (oauth/authenticate) flow: this method keep asking users for permissions (with popup window and button “Sign In”) everytime, when they try to login and below “Sign In” button I see this: “This application will not be able to: Access your direct messages.”! How this is possible?! https://dev.twitter.com/docs/auth/sign-in-with-twitter directly says, that if user already authorized application then twitter.com redirects him to application immediately!
BUT! More strange things:if user logged in with basic OAuth flow (oauth/authorize) first (no mistakes in permissions signs here) and then, in subsequent login requests I redirect him to “Sign In with Twitter” flow (oauth/authenticate) this method starts to work correctly and do not asking for permissions - it just redirects user to my web app without any popup windows.
Maybe there is some mistakes in logic of my app, or this is normal behavior of this methods?