Twitter 身份验证显示授权屏幕并在重新加载时进行身份验证并继续回调
我正在遵循文档中的所有内容: http://dev.twitter.com/pages/sign_in_with_twitter
我正在开发一个 Rails 应用程序,这就是我的代码的样子(代码 下面使用 oauth ruby gem):
@consumer=OAuth::Consumer.new("key" , "secret", {:site=>"https://
api.twitter.com"})
@[email protected]_request_token(:oauth_callback =>
"#{SITE_BASE}/callback")
redirect_to
@request_token.authorize_url().gsub("authorize","authenticate")
生成的 URL 是: https://api.twitter.com/oauth/authenticate?oauth_token=_REQUEST_TOKEN_
我已经登录 twitter.com 并已授权该应用程序。但 它显示授权屏幕: 授权 Twoo Dev 使用您的帐户?
我所做的就是重新加载页面,它会将我带到我的应用程序的 打回来。
我也使用过omniauth gem并遇到了同样的问题,因此我转向了oauth。
请提出可能出现问题的建议。
问候, Aditya
以下是身份验证 url 的标头信息:
Response Headersview source
Date Mon, 20 Jun 2011 00:48:13 GMT
Server hi
Status 200 OK
X-Transaction
Etag ""-gzip
X-Frame-Options SAMEORIGIN
Last-Modified Mon, 20 Jun 2011 00:48:13 GMT
X-Runtime 0.06452
Content-Type text/html; charset=utf-8
Pragma no-cache
X-Revision DEV
Expires Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
X-MID
Set-Cookie lang=en; path=/ lang=en; path=/ _twitter_sess=;
domain=.twitter.com; path=/; HttpOnly
Vary Accept-Encoding
Content-Encoding gzip
Content-Length 2936
Keep-Alive timeout=15, max=100
Connection Keep-Alive
I am following everything from the documentation:
http://dev.twitter.com/pages/sign_in_with_twitter
I am working on a rails app and this is how my code looks like (code
below uses oauth ruby gem):
@consumer=OAuth::Consumer.new("key" , "secret", {:site=>"https://
api.twitter.com"})
@[email protected]_request_token(:oauth_callback =>
"#{SITE_BASE}/callback")
redirect_to
@request_token.authorize_url().gsub("authorize","authenticate")
URL generated is:
https://api.twitter.com/oauth/authenticate?oauth_token=_REQUEST_TOKEN_
I am already logged in to twitter.com and have authorized the app. But
it displays the authorize screen:
Authorize Twoo Dev to use your account?
All I do is reload the page and it takes me to my application's
callback.
I have also used omniauth gem and had the same issue, hence I moved to oauth.
Please suggest what might be going wrong.
Regards,
Aditya
Following is the header information for the authenticate url:
Response Headersview source
Date Mon, 20 Jun 2011 00:48:13 GMT
Server hi
Status 200 OK
X-Transaction
Etag ""-gzip
X-Frame-Options SAMEORIGIN
Last-Modified Mon, 20 Jun 2011 00:48:13 GMT
X-Runtime 0.06452
Content-Type text/html; charset=utf-8
Pragma no-cache
X-Revision DEV
Expires Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
X-MID
Set-Cookie lang=en; path=/ lang=en; path=/ _twitter_sess=;
domain=.twitter.com; path=/; HttpOnly
Vary Accept-Encoding
Content-Encoding gzip
Content-Length 2936
Keep-Alive timeout=15, max=100
Connection Keep-Alive
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是 Twitter 的一个错误。您应该在他们的问题跟踪器中提交错误报告。
This is a bug with Twitter. You should file a bug report in their issue tracker.
最后我找出了问题和解决方法。
问题在于启用了直接消息访问的 Twitter 应用程序 API 帐户。
当您为应用程序的默认访问类型选择“读取、写入和直接消息”时。使用 Twitter 登录失败,因为它在中间暂停以显示以下消息:
点击此处了解更多信息该消息
它没有在 Twitter 开发网站、API 文档、文章等任何地方表明他们将在“使用 Twitter 登录”流程中暂停。
解决方案:将应用程序的“默认访问类型”选项移至除“读取、写入和直接消息”之外的其他选项,这样应用程序用户就可以自动登录,而无需查看授权屏幕只是为了 Twitter 的通知。
好消息是,这个问题似乎应该在 6 月 30 日之后得到解决,一旦 Twitter 不需要向用户显示该消息,授权也需要直接消息访问的应用程序。
Finally I have figured out the problem and a workaround.
The problem is with Twitter Application API accounts with Direct Message access enabled.
When you select "Read, Write, & Direct Messages" for Default Access type of your application. Sign in with twitter fails as it halts in between to display the message below:
Click here to read more about the message
It does not says anywhere on twitter dev site, api docs, articles etc that they will be putting a pause in the Sign in with twitter flow.
Solution: Move your app's "Default Access type" option to anything else but "Read, Write, & Direct Messages" and that should allow your application users to go be automatically logged in without having to see the authorize screen just for the sake of twitter's notification.
The good thing is that it seems like that this issue should be resolved after 30th June once twitter wont need to display that message to its users authorizing apps which need direct messages access as well.