Two-factor auth breaks third-party app authorization


#1

It seems users who have enabled two-factor verification are having problems logging into not only our apps but other apps, as well.


#2

Got the same problem. Any pointers to what changes needed in the client auth process?


#3

There’s a special condition you can choose to handle for xAuth in this case – we recently updated the xAuth documentation to reflect this: [node:136]. (note the new “login verification” section).

If you’re using the web-based OAuth flow, login verification is handled as part of that – though there is currently a bug with the usage of the force_login=true parameter that is working toward resolution.


#4

@episod - getting “Sorry, that page doesn’t exist” with web-based OAuth flow after logging in but before redirect with login verification enabled. No force_login=true is used.


#5

@episod Have the same problem as @jcarty, “Sorry, that page doesn’t exist” and dead end. Our users in production start to report login problem, please help!


#6

This seems related: https://dev.twitter.com/issues/1050


#7

Not working here also


#8

The fix for this is taking a little longer than we expected but we’re on top of it.


#9

도와주세요.!!


#10

I too am experiencing issues with the two-factor web-based OAuth login flow on our apps, the redirect to ‘GET /account/login_verification/sms?’ returns HTTP 302 error with /?login_verification_error=BadSessionLoginVerification - any ideas?