Search code examples
androidwebviewtwitter-oauthtwitter4j

Twitter no longer authorizes old Android devices / webview?

I noticed this when I re-ran my app on 2.2 and 2.3.4 devices. Basically I have a WebView which is loaded with twitter4j's client getAuthenticationURL. Twitter Login

If everything is correct and "Sign In" is clicked, webview will load another page asking for user's authorization. From there, "Authorize app" will return the app's custom callback and user tokens.

Twitter Authorization

Clicking that "Sign In" button will no longer send the webview to the authorization page. It will just stay there. When I debugged my WebViewClient and probed onPageStarted, I noticed that a request was sent. But there's just no response from Twitter. Also, in my 4.4 Nexus tablet, there's no authorization page. "Sign in" will both authorize and immediately return the callback.

So far I found three workarounds for it (all these tests were done from clean install):

  • Click cancel, restart the app, and reload the same url + request token. This time there's no login. It will get webview to directly load the Authorization page.
  • This is the complete hack of all. Basically I need to enter a wrong password and I will get sent to a Password reconfirm page. If I enter the right password this time, I will see that authorization page. In fact the second snapshot above was obtained this way.

  • If I paste that url + request token on a browser, it will also skip the authorization page and immediately return my callback. I haven't made a thorough research if this works on startActivity-for-browser scheme, not embedded webview. EDIT : it works, upon Sign In, browser will fire a warning and then return the callback which my app intercepts in onNewIntent. There is no authorization page. Also callback url needs to have callback host like bla://callback

    enter image description here

I am pretty sure I was able to navigate the login pages including authorization with my older devices not long ago. Is this authorization thing broken or obsolete ?

Solution

  • In the absence of better answer then the current solution will have to do: separate login methods. I use Intent to browser for pre-ICS and WebView for the rest.