Twitter OAuth Redirect Loop


#1

We recently reset our app’s consumer key / secret and changed the permissions from read/write to just read. The flow works fine for new users but users who were on the old key / secret get stuck in a redirect loop back to Twitter when trying to authenticate.

They’re stuck on the page that says “You can use your Twitter account to sign in to other sites and services” … “Sign In” … back to the same page. No callback requests are received by our server.


How to change permissions and still use oauth/authenticate endpoint?
#2

Re-enabling write permissions seems to fix the issue.


#3

There’s an issue with some apps changing permission levels and using oauth/authenticate rather than oauth/authorize. If you use oauth/authorize you won’t run into this issue.


#4

Thanks for the insight, we’ve switched to using /authorize