Menu
My application built upon spring-social-twitter that enables users to sign in with Twitter has stopped working recently.
I've got an error message as below:
Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings
Note: I'm using Spring Social Twitter version 1.1.2.RELEASE. And if you use Spring Social Twitter version 1.1.0.RELEASE, you might get a slightly different error message as below:
POST request for "https://api.twitter.com/oauth/request_token" resulted in 403 (Forbidden); invoking error handler
690
Enable 3rd Party Application in TwitterClick "App Settings". Scroll down to your app and click the settings (cog) icon. Scroll down to "Authentication settings" and click "Edit". Toggle "Enable 3-legged OAuth" to be on, and we'll need to fill in two properties, Callback URLs and Website URL .
As users work through these flows, they need a web page or location to be sent to after they have successfully logged in and provided authorization to the developer's App. This follow-up webpage or location is called a callback URL.
Callback URLs are the URLs that Auth0 invokes after the authentication process. Auth0 redirects back to this URL and appends additional parameters to it, including an access code which will be exchanged for an id_token , access_token and refresh_token .
Twitter recently (in May 2018) enforced that sign-in-with-Twitter users must whitelist callback URLs for security reasons (see the announcement).
This means callback URLs have to be explicitly and identically set up for all supported third-party applications. You can setup the callback URLs in your Twitter's application setup page: https://apps.twitter.com
For example, if your callback URL is http://localhost:8080/myApp/signin/twitter, you must add it to the list of Callback URLs in your Twitter's application setup page exactly as it is: http://localhost:8080/myApp/signin/twitter
See also the documentation on Twitter callback URLs.
178
I struggled with this since Twitter made the changes to increase security. My android app would use a callback URL and the same URL in the Intent Filter. But since the change, the URL I was using had to be registered in the Twitter developer portal. I was using ouath://myapp, but Twitter does not accept that as a valid URL (website).
After a bit of digging, I found that for apps you can specify any scheme but only as a scheme. For example I used myapp:// as the callback URL.
In my app, my callback URL was myapp://whatever, and in the Intent filter, I used :
<data android:scheme="myapp" android:host="whatever">
Twitter accepted the callback URL and it correctly redirected back to my app after the user authenticated with their Twitter credentials.
I has originally used just a normal website, and that worked too, but after validation by Twitter, it asked if I wanted to redirect to My App, or to a Chrome browser. Using the above approach it will simply return to your app.
After I did all this, I realized that I could have just added Oauth:// as a call back URL and my app would have worked without change.
41
I fixed it by adding those callback URLs to Twitter's whitelist.
twitterkit-{Twitter API Key}:// for iOS.
twittersdk:// for Android.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
