During the authentication flow process, Twitter appends the consumer credentials before the routing url hashkey.
Here is the oauth_callback authorization header for the request_token endpoint :
But after the user enters his credentials on Twitter. Instead of being redirected to :
The user is redirected to:
As you can see the
oauth_verifier are located before the hash.
I personally think it is an expected behaviour but I have a user who raised this as a bug. Would you please let me know if this has been done on purpose, whether this is a bug, and if it is, is it going to change?
Thank you for your help.