Oauth is not working correctly

[Rudloff]

Hello,

I tried to use Oauth in Twidere but could not get it to work. So now I'm using twurl in order to check if our implementation behaves like the Twitter API.

The authorize request does not work:

opening connection to social.rudloff.pro:443...
opened
starting SSL for social.rudloff.pro:443...
SSL established
<- "POST /api/oauth/access_token HTTP/1.1\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: OAuth gem v0.5.3\r\nContent-Length: 64\r\nContent-Type: application/x-www-form-urlencoded\r\nAuthorization: OAuth oauth_consumer_key=\"foo\", oauth_nonce=\"aKbkrE98wKUWQEgibJhWy0GlQ0s0rKuSYdR0KEKwvI\", oauth_signature=\"isKYG5x7ylqI8tuAqAZ6QULNgdk%3D\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1514250271\", oauth_version=\"1.0\"\r\nConnection: close\r\nHost: social.rudloff.pro\r\n\r\n"
<- "x_auth_mode=client_auth&x_auth_password=&x_auth_username=Rudloff"
-> "HTTP/1.1 200 OK\r\n"
-> "Date: Tue, 26 Dec 2017 01:04:31 GMT\r\n"
-> "Server: Apache/2.4.10 (Debian)\r\n"
-> "Strict-Transport-Security: max-age=31536000\r\n"
-> "X-Account-Management-Status: none\r\n"
-> "Content-Length: 37\r\n"
-> "Connection: close\r\n"
-> "Content-Type: text/html; charset=UTF-8\r\n"
-> "\r\n"
reading 37 bytes...
-> ""
-> "error=Invalid%20request%20token%3A%20"
read 37 bytes
Conn close
Authorization successful

The main issue seems to be that api/oauth/access_token returns a 200 HTTP code even if it returns an error (which seems to trick twurl into thinking that the request worked). The Twitter API returns a 403 here so twurl then knows it has to call oauth/request_token in order to get a request token. I think we should do the same.

(This was tested on 3.5.4.)

[MrPetovan]

If OAuth doesn’t currently work, then it should be fixed once #4092 is merged since it’s affecting it as well.

[AlfredSK]

I tried OAuth and OAuth2 with Twidere. Doesn't work. No login. But it is possible that I don't understand how this is supposed to work. ;-)

[MrPetovan]

Did you test with the current develop or master?

[AlfredSK]

Current develop.

[MrPetovan]

Ok, so we have to go over the OAuth implementation anyway, and I believe we should do it after #4092 is merged.

[MrPetovan]

Blocked by #4092

[annando]

Does anyone knows the state of this issue?

[annando]

Since there hadn't been no answers to my question, I would like to close this issue now. Does anyone disagree?

[MrPetovan]

Closed as stale.