Reverse Auth: checking that your implementation works


Recently, we’ve seen a few partner implementations of Reverse Auth that are incorrect. More specifically, we’ve seen signature mismatches in x_reverse_auth_parameters parameter. We wanted to give a heads up to developers to check their implementation, and cross-reference it to the design/process here:

In the interest of the security for our mutual users, incorrect implementations may no longer work in the near future. We’re here to help you review your implementation and do our best to help fix it.

Feel free to reach out to me (@rchoi) if you’re using Reverse Auth and want to discuss further.




Hi @rchoi.

Thanks to announce.

But when I visit, I get “Access Denied”.

How can I see this documents?

Similar topics is here.


Hello! I did not found where I can post a message to some twitter-developer about bug in the OAuth.
Please, contact me by for more info

I have the application “AntiSquad Tactics” (6394624 id) with PIN-based authorization.
On the some devices (iPad 2 with Safari browser for example) after succesfull authorization I see the PIN-code, but after 0-1 seconds it is changed by error message (see screenshots)
Maybe this issue associated with the Callback URL - it is not requared for this type of autorisation, but on the this has a value. But I can not remove it - after removing it reverts old value.

Please, contact me, or fix this bug or just manually remove this Callback URL.

Best regards, InsGames Developer Team



Hi tytl,

Did you previously have access to it? Only certain partners had it at some point, and the docs are available to those who did.

We erred on the side of safety and posted here so that all could see and those who are affected could update accordingly.



Hi there,

I didn’t see any screenshots. Can you add here, or to me at @rchoi on Twitter?


Thank you for your answer!. Maybe it is any mistake - all screenshots placed in the [BUG] Callback URL . If you do not see screenshots, I attach all three to this post and send in the twitter


Hi @rchoi,

I want to use Reverse Auth, but I cannot read the docs. It shows the message, “Access denied. You are not authorized to access this page.”.

Is it needs some permission to read and use Reverse Auth ? If so, how do I do ?


How does closing off access to the docs help us implement reverse auth properly?