Yeah, there is a major issue with both oauth/authenticate and oauth/ authorize. Using oauth/authorize, a 403 forbidden is produced if 1) user logs in via my app and then tries to log into twitter.com or 2) user logs into twitter.com and then tries to log in via my app
I believe that twitter.com's _twitter_sess cookie is doing something to produce a 403 whenever we try to authorize or authenticate an already signed in user. On Aug 12, 3:03 pm, aschobel <ascho...@gmail.com> wrote: > I'm also getting this error when trying to block folks using > twitter.com, so it may not be specific to oauth. > > On Aug 12, 2:53 pm, aschobel <ascho...@gmail.com> wrote: > > > > > We are having the same issue, getting a 403 forbidden. > > > I tried another OAuth enabled site and they have the same issue, > > >http://www.twitlonger.com/ > > > Maybe there is some type of outage? > > > On Aug 12, 1:45 pm, Zach <zwe...@gmail.com> wrote: > > > > Use case: > > > User logs in via oauth/authenticate > > > User logs out via accounts/end_session. Cookies on my site containing > > > access tokens are cleared. > > > Same user logs back in later (in the same browser session) with > > > oauth_authenticate. > > > > However, this last step produces a 403 forbidden: server understood > > > request but refuses to fulfill it. > > > > Any ideas? This should be a fairly basic use case...
