Search code examples
ruby-on-railsoauthtwitterauthenticationoauth-ruby

Twitter Authenticate displays Authorize screen and on reload it Authenticates and continues to callback

I am following everything from the documentation: http://dev.twitter.com/pages/sign_in_with_twitter

I am working on a rails app and this is how my code looks like (code below uses oauth ruby gem):

@consumer=OAuth::Consumer.new("key" , "secret", {:site=>"https://
api.twitter.com"})
@request_tok...@consumer.get_request_token(:oauth_callback =>
"#{SITE_BASE}/callback")
redirect_to
@request_token.authorize_url().gsub("authorize","authenticate")

URL generated is: https://api.twitter.com/oauth/authenticate?oauth_token=_REQUEST_TOKEN_

I am already logged in to twitter.com and have authorized the app. But it displays the authorize screen: Authorize Twoo Dev to use your account?

All I do is reload the page and it takes me to my application's callback.

I have also used omniauth gem and had the same issue, hence I moved to oauth.

Please suggest what might be going wrong.

Regards, Aditya

Following is the header information for the authenticate url:

Response Headersview source
Date    Mon, 20 Jun 2011 00:48:13 GMT
Server  hi
Status  200 OK
X-Transaction
Etag    ""-gzip
X-Frame-Options SAMEORIGIN
Last-Modified   Mon, 20 Jun 2011 00:48:13 GMT
X-Runtime       0.06452
Content-Type    text/html; charset=utf-8
Pragma  no-cache
X-Revision      DEV
Expires Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control   no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
X-MID
Set-Cookie      lang=en; path=/ lang=en; path=/ _twitter_sess=;
domain=.twitter.com; path=/; HttpOnly
Vary    Accept-Encoding
Content-Encoding        gzip
Content-Length  2936
Keep-Alive      timeout=15, max=100
Connection      Keep-Alive
Solution

  • Finally I have figured out the problem and a workaround.

    The problem is with Twitter Application API accounts with Direct Message access enabled.

    When you select "Read, Write, & Direct Messages" for Default Access type of your application. Sign in with twitter fails as it halts in between to display the message below:

    Access your direct messages until June 30th, 2011.

    Click here to read more about the message

    It does not says anywhere on twitter dev site, api docs, articles etc that they will be putting a pause in the Sign in with twitter flow.

    Solution: Move your app's "Default Access type" option to anything else but "Read, Write, & Direct Messages" and that should allow your application users to go be automatically logged in without having to see the authorize screen just for the sake of twitter's notification.

    The good thing is that it seems like that this issue should be resolved after 30th June once twitter wont need to display that message to its users authorizing apps which need direct messages access as well.