OAuth related bug with signature "Woah there!"

6 views
Skip to first unread message

Scott Carter

unread,
Jul 15, 2009, 9:52:42 AM7/15/09
to Twitter Development Talk

I believe that I have discovered a reproducible OAuth related bug.

1. Sign out of your Twitter account (from Twitter.com).
2. Authenticate an app using OAuth (haven't tried authorize flow with
this issue).
3. Go to Twitter.com and login to a different account than used in
step 2.

I see the message:

"Woah there!

This page requires some information that was not provided. Please
return to the site that sent you to this page and try again … it was
probably an honest mistake."

with the page URL showing: https://twitter.com/oauth/authenticate

When I revisit twitter.com, I am logged into the account from step 3.

- Scott
@scott_carter

Bill Kocik

unread,
Jul 15, 2009, 11:48:45 AM7/15/09
to Twitter Development Talk

I've seen this same (I believe) bug manifested in different ways, and
it's come up on this list before. Twitter are apparently storing some
sort of "return_to" URL or similar in your session, and sending you to
it at inopportune times.

A great way to see it in action is to click on the "Block this user"
link when you get a new follower email; after confirming the block,
you wind up at some random page you visited in the past (well, not
completely random, it'll generally be the most recent page you visited
besides the block page).

test test

unread,
Jul 15, 2009, 9:51:29 PM7/15/09
to twitter-deve...@googlegroups.com
+1 Even I keep hitting this issue.Hope twitter guys make oauth
registration solid.

--

Spike Milligan - "All I ask is the chance to prove that money can't
make me happy." -
http://www.brainyquote.com/quotes/authors/s/spike_milligan.html

victor castleton

unread,
Jul 15, 2009, 10:43:56 PM7/15/09
to twitter-deve...@googlegroups.com
I don't know whether or no it will help, but I will try it any way. Thanks

victor castleton

unread,
Jul 15, 2009, 10:44:04 PM7/15/09
to twitter-deve...@googlegroups.com

-----Original Message-----
From: twitter-deve...@googlegroups.com
[mailto:twitter-deve...@googlegroups.com] On Behalf Of test test
Sent: Wednesday, July 15, 2009 9:51 PM
To: twitter-deve...@googlegroups.com
Subject: [twitter-dev] Re: OAuth related bug with signature "Woah there!"

victor castleton

unread,
Jul 15, 2009, 10:44:06 PM7/15/09
to twitter-deve...@googlegroups.com

-----Original Message-----
From: twitter-deve...@googlegroups.com
[mailto:twitter-deve...@googlegroups.com] On Behalf Of test test
Sent: Wednesday, July 15, 2009 9:51 PM
To: twitter-deve...@googlegroups.com
Subject: [twitter-dev] Re: OAuth related bug with signature "Woah there!"

victor castleton

unread,
Jul 15, 2009, 10:44:08 PM7/15/09
to twitter-deve...@googlegroups.com

-----Original Message-----
From: twitter-deve...@googlegroups.com
[mailto:twitter-deve...@googlegroups.com] On Behalf Of test test
Sent: Wednesday, July 15, 2009 9:51 PM
To: twitter-deve...@googlegroups.com
Subject: [twitter-dev] Re: OAuth related bug with signature "Woah there!"

victor castleton

unread,
Jul 15, 2009, 10:44:27 PM7/15/09
to twitter-deve...@googlegroups.com

-----Original Message-----
From: twitter-deve...@googlegroups.com
[mailto:twitter-deve...@googlegroups.com] On Behalf Of test test
Sent: Wednesday, July 15, 2009 9:51 PM
To: twitter-deve...@googlegroups.com
Subject: [twitter-dev] Re: OAuth related bug with signature "Woah there!"

Reply all
Reply to author
Forward
0 new messages