We recently reset our app’s consumer key / secret and changed the permissions from read/write to just read. The flow works fine for new users but users who were on the old key / secret get stuck in a redirect loop back to Twitter when trying to authenticate.
They’re stuck on the page that says “You can use your Twitter account to sign in to other sites and services” … “Sign In” … back to the same page. No callback requests are received by our server.
