I’m trying to implement Twitter Sign In as a part of our user registration flow and I’m having some issues with using the “Request email addresses from users” permission. Our application is whitelisted and so we have the checkbox to enable that particular permission. However I’m running into some issues to actually get it to work properly.
First things first, when using the application account’s access tokens the email is in the response from verify_credentials, but when I try to do the same for another authorized user using the Sign In-flow it is as if the access tokens being returned to me don’t have that particular permission. One thing I noticed that is acting weird is that the user have to sign in and authorize the application permissions every time. Instead of it just being the first time and the consecutive sign in’s directly going to redirect. Also, every time the user authorizes the sign in another entry of that application is added to “settings->apps” of that particular account. And none of the items in that list have the “Has access to your email address” which I would expect it to have when you are actually granting that permission. So if you sign in 10 times there are 10 entires of with “Permissions: read, write, and direct messages”. This only happens when I wish to get the email permission. If I for example add “x_auth_access_type=read” it works as it should, with only one application entry for the user.
What should have been a couple of hours work has now turned into days and I’m running out of ideas on how to sort it out.
Our backend is running rails with omniauth and omniauth-twitter to handle the sign ins.
Any help at all on how to figure this out or to nudge me back on track would be greatly appreciated!