Urgent: twitter auth for twibble.io is broken... help please?

oauth
auth
authentication

#1

Hi there, we’ve run twibble for nearly 4 years, but a day ago, our “log in with Twitter” authorization broke and we cannot find any internal issues that could be causing it. This is extremely urgent as it makes it impossible for new users to sign up, or for existing users to log back into their accounts. Here’s a copy/paste of the error we’re seeing below; thanks so much for any help.


HTTP Status 500 - 403 Forbidden
type Exception report

message 403 Forbidden

description The server encountered an internal error that prevented it from fulfilling this request.

exception

org.springframework.web.client.HttpClientErrorException: 403 Forbidden
org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
org.springframework.social.support.LoggingErrorHandler.handleError(LoggingErrorHandler.java:49)
org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700)
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653)
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:628)
org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:549)
org.springframework.social.oauth1.OAuth1Template.exchangeForToken(OAuth1Template.java:192)
org.springframework.social.oauth1.OAuth1Template.fetchRequestToken(OAuth1Template.java:117)
org.springframework.social.security.provider.OAuth1AuthenticationService.getAuthToken(OAuth1AuthenticationService.java:91)
org.springframework.social.security.SocialAuthenticationFilter.attemptAuthService(SocialAuthenticationFilter.java:266)
org.springframework.social.security.SocialAuthenticationFilter.attemptAuthentication(SocialAuthenticationFilter.java:173)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115)
org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59)
org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108)
note The full stack trace of the root cause is available in the Apache Tomcat/8.0.20 logs.

Apache Tomcat/8.0.20


#2

Check to make sure that the callback URL for your app is exactly correct (including trailing spaces). This has been tripping up a lot of folks today.


#3

yup that was it :slight_smile: Thanks!


#4