Oauth fails on email but not username


#1

We have use Oauth to allow users to use their twitter login to log into our app. The flow of redirecting to the twitter authorization page and back to our app works 99% of the time. But there is a reproducible case that we came across where a user was able to authorize access to our app using oauth if they used their twitter username but not their email address. Other users were able to use either.