OAuth failing in webviews for Android devices below 4.3


#1

For the past week and a half we’ve seen twitter fail in our devices below Android 4.3 with a “There is no request token for this page” message.

According to our analysis tool, after the user enters its username/password he’s 307 redirected to the /oauth/ endpoint, where we receive a 403 with the No Request Token message.

On a second attempt, instead of the login, as our broswer already has session details, we’re 302 redirected to the connect with app page where the whole flow works again.

Are there any backend changes that may cause this problem? The twitterapi account talks about some SSLv3 changes and old browsers not working anymore, but you can’t update webviews for mobile devices.


#2

Thanks for the report; we’re looking into it.


#3

We’ve made some changes to address this issue; please could you let me know if you still see the problematic behavior?