Bug: Unable to login to Twitter account with 2FA enabled, when using official API keys

TwidereProject / Twidere-Android

http://twidere.com

2.76k stars 377 forks source link

Bug: Unable to login to Twitter account with 2FA enabled, when using official API keys #1213

Open buggleston opened 4 years ago

buggleston commented 4 years ago

Expected behavior

Able to log into 2FA-enabled Twitter account when using official API keys

Actual behavior

Login fails with 401 or 403 errors, depending on what Auth type is selected. One method (xAuth, if I recall correctly) prompts a one-time-password SMS from Twitter, but that OTP doesn't work either. Generating a OTP through twitter.com doesn't work either. The only way to successfully log in with official API keys is to temporarily disable 2FA on the account.

Steps to reproduce

Attempt to log into a 2FA-enabled Twitter account using official API keys

Extra info

Android version: 9

Network type:

[X] Cellular
[X] Wi-Fi

App version: 3.7.8

Build variant:

[X] Google
[ ] F-Droid

Micro-blogging service:

[X] Twitter
[ ] Fanfou
[ ] GNU Social / StatusNet
[ ] Mastodon

App settings:

[X] Custom API
[ ] Custom consumer key/secrets
[X] Official keys
[ ] Using Thumbor
[ ] Connected through proxy
[X] Media preview enabled

Tedko commented 4 years ago

@buggleston Can you have a try of 4.0.8? seems like this might be fixed already.

buggleston commented 4 years ago

@Tedko Can confirm issue still persists in 4.1.0. Built-in API keys work fine, but I've tried several of the official keypairs from this page and can't get them to work with 2FA enabled.

Tedko commented 4 years ago

Thx for reporting

On Thu, Apr 23, 2020 at 08:56 buggleston notifications@github.com wrote:

Can confirm issue still persists in 4.1.0. Built-in API keys work fine, but I've tried several of the keypairs from this page https://gist.github.com/shobotch/5160017 and can't get them to work with 2FA enabled.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/TwidereProject/Twidere-Android/issues/1213#issuecomment-618114935, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABTAVTMBGPJ2T5HTUTBUIEDRN6G25ANCNFSM4IOK23PA .

Tedko commented 4 years ago

@buggleston wondering are these keys from the gist still working on other client? There're multiple twitter API related issue we encountered.

edent commented 4 years ago

I just tried using the Twitter for Mac keys. That worked with 2FA.

ghost commented 4 years ago

I'm running into the same problem.

xatier commented 3 years ago

Same issue with 4.1.4. Another account w/o 2FA worked fine.

Repro: 2FA enabled account, official api key (twitter for iPhone), xAuth.

If the 2FA is disabled, I was able to login with the official api key w/ xAuth.

I would suggest to disable 2FA for about 3 or 5 days, login with xAuth and then enable 2FA.