Stuck on oauth/authenticate after Access Level modification


#1

For our application we recently realized we’re going to need to raise our Access Level from read-only to read-write. The problem is that after the access level was increased to read-write, users became unable to complete the authentication process if they have already gone through it before.

Twitter will require users who agreed to read-only to accept the new terms of the application at api.twitter.com/oauth/authenticate. Those users who have never added the application before can continue just fine. However, those who had previously agreed to read-only instead get stuck on that Authorize page forever. It simply posts to itself and never redirects successfully.

Is this a Twitter bug, or something else anyone is aware of? The only solution I have found so far is to simply reduce the Access Level back to read-only. I can also authorize with a given account in this bugged state if I first revoke permissions to the application.

Many thanks


#2

24 weeks on this is unanswered and I also run into the same issue.


#3

We’ve got the same issue.


#4

Same here. When will this bug get solved?


#5

I have this issue as well. Is there a way I can at least revoke or delete user’s previous acceptance


#6

Same here


#7

same issue


#8

I have same problem exactly as Ian Shorrock described.
I am also using ‘Sign in with Twitter’ and have tried resetting all API keys and Access Tokens.

Steps to reproduce:

  1. Create a new app with Read-Only permissions
  2. Log in via that app using a user account via OAuth
  3. Change app permissions to Read and Write
  4. Log in via that app using the same user account via OAuth
  5. That user is now stuck in an endless redirect loop at https://api.twitter.com/oauth/authenticate

#9

All these related issues on permission changes and NO ONE SEEMS TO BE ADDRESSING IT.


#10

Does anyone have a workaround for this? this is really troublesome


#11

Still an issue, really wish this worked.


#12

+1/bump Having same issue here as well. Regenerated keys yesterday as well, no dice. NOTE: This is a very good related post. "Sign In" button on api.twitter.com no longer works after enabling "Sign in with Twitter"

Apparently, there is a work around, but it’s less than ideal for mobile clients.


#13

We’re looking into this issue currently. Stay tuned.