Reverse Auth: checking that your implementation works


#1

Recently, we’ve seen a few partner implementations of Reverse Auth that are incorrect. More specifically, we’ve seen signature mismatches in x_reverse_auth_parameters parameter. We wanted to give a heads up to developers to check their implementation, and cross-reference it to the design/process here:

https://dev.twitter.com/archive/docs/ios/using-reverse-auth

In the interest of the security for our mutual users, incorrect implementations may no longer work in the near future. We’re here to help you review your implementation and do our best to help fix it.

Feel free to reach out to me (@rchoi) if you’re using Reverse Auth and want to discuss further.

Thanks!


#2

#3

Hi @rchoi.

Thanks to announce.

But when I visit https://dev.twitter.com/docs/ios/using-reverse-auth, I get “Access Denied”.

How can I see this documents?

Similar topics is here.


#4

Hello! I did not found where I can post a message to some twitter-developer about bug in the OAuth.
Please, contact me by pr@insgames.com for more info

Description:
I have the application “AntiSquad Tactics” (6394624 id) with PIN-based authorization.
On the some devices (iPad 2 with Safari browser for example) after succesfull authorization I see the PIN-code, but after 0-1 seconds it is changed by error message (see screenshots)
Maybe this issue associated with the Callback URL - it is not requared for this type of autorisation, but on the https://apps.twitter.com/app/6394624/settings this has a value. But I can not remove it - after removing it reverts old value.

Please, contact me, or fix this bug or just manually remove this Callback URL.

Best regards, InsGames Developer Team


#5

#6

Hi tytl,

Did you previously have access to it? Only certain partners had it at some point, and the docs are available to those who did.

We erred on the side of safety and posted here so that all could see and those who are affected could update accordingly.

Thanks!


#7

Hi there,

I didn’t see any screenshots. Can you add here, or to me at @rchoi on Twitter?


#8

Thank you for your answer!. Maybe it is any mistake - all screenshots placed in the [BUG] Callback URL . If you do not see screenshots, I attach all three to this post and send in the twitter


#9

Hi @rchoi,

I want to use Reverse Auth, but I cannot read the docs. It shows the message, “Access denied. You are not authorized to access this page.”.
https://dev.twitter.com/archive/docs/ios/using-reverse-auth

Is it needs some permission to read and use Reverse Auth ? If so, how do I do ?


#10

How does closing off access to the docs help us implement reverse auth properly?