Twitter OAuth Redirect Loop


We recently reset our app’s consumer key / secret and changed the permissions from read/write to just read. The flow works fine for new users but users who were on the old key / secret get stuck in a redirect loop back to Twitter when trying to authenticate.

They’re stuck on the page that says “You can use your Twitter account to sign in to other sites and services” … “Sign In” … back to the same page. No callback requests are received by our server.

How to change permissions and still use oauth/authenticate endpoint?

Re-enabling write permissions seems to fix the issue.


There’s an issue with some apps changing permission levels and using oauth/authenticate rather than oauth/authorize. If you use oauth/authorize you won’t run into this issue.


Thanks for the insight, we’ve switched to using /authorize