Omniauth-twitter with Rails 5 stopped working! OAuth::Unauthorized 403 Forbidden
Question
Everything was working fine and Omniauth has stopped working suddenly. I didn't make any code changes.
I checked Twitter Apps Settings: I have callback url to my main production url, and Callback URL Locked to No. All keys are correct.
Any idea? 🤔
OAuth::Unauthorized
403 Forbidden
7 answers
solution1
11 ACCPTED 2018-06-14 06:47:32
I have been able to solve it (also for development) adding this urls:
For production:
-
https://mydomain/users/auth/twitter/callback -
http://mydomain/users/auth/twitter/callback
For development:
-
http://localhost:3000/users/auth/twitter/callback
solution2
5 2018-06-13 06:35:47
Now on twitter callback URL, you must have to add 2 callback URLs and the callback URL must be the path of your application.
I had faced the same problem, now on adding the 2nd callback URL, it's fixed.
For more information check: https://twittercommunity.com/t/action-required-sign-in-with-twitter-users-must-whitelist-callback-urls/105342
solution3
3 2018-06-12 23:46:19
Adding a second Callback URL to https://mysitecom/auth/twitter/callback fixed the issue (for now)
———-
Update: This actually solved the problem for about 10mins. Experiencing the same problem now
solution4
1 2018-06-14 19:05:45
I'm working in development not production and encountered this problem using the omniauth and omniauth-twitter gems. But with these two callback URL's:
http://127.0.0.1:3000
http://localhost:3000/auth/twitter/callback
the problem is avoided. Strange, since the RailsApps tutorial warns against using 'localhost' at Twitter.
solution5
0 2018-06-13 17:36:08
I just resolved the issue by putting https://domain/oauths/callback in the Callback URLs list. Make sure you enable the callback locking option.
solution6
0 2018-06-14 03:59:26
This is almost certainly related to this change: Action REQUIRED - Sign in with Twitter users must whitelist callback URLs .
From the link:
In 30 days, we will begin enforcing the whitelist such that any URL not added to the whitelist will fail. This means that URLs can no longer be programmatically overridden in calls to the oauth/request_token endpoint 112. The callback_url parameter provided must match one of the whitelisted callback URLs. While we generally provide longer than a 30-day notice for changes like this, this timeline allows us to continue to provide a safe and secure experience for developers and our users.
You can add callback URLs to your whitelist on the applications settings page on apps.twitter.com 488.
Enable the setting “Enable Callback Locking” to test that only URLs you have whitelisted are accepted. Callback URLs will automatically be locked and the whitelist will be enforced starting on June 12th. The “Enable Callback Locking” setting will be removed on this date.
I could not get this to work in development with 127.0.0.1 so I ended up creating a DNS A record that pointed to 127.0.0.1 (eg, dev.example.com ) and used that in the callback url settings on https://apps.twitter.com .
solution7
0 2018-06-14 07:17:30
Unicode domain name. Twitter give me error: unsupportable domain name format. I need exactly match callback url, sending by my server and callback url in my twitter app. Solution: config/initialization/twitter.rb
OmniAuth::Strategies::Twitter.class_eval do
def callback_url
return my_custom_twitter_app_callback_url_string_variable
end
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.