Twitter OAuth redirects to login page

[0cwa]

Describe the bug Twitter OAuth redirecting back to login page

To Reproduce Steps to reproduce the behavior:

1. Register Twitter app according to docs
2. Login to Twitter
3. Press Twitter Icon
4. Authorize App
5. End up redirected to login page

Expected behavior Twitter authentication to begin enrollment flow.

Screenshots N/A

Logs

│ {"client_id": "code1", "code_challenge": "code2", "code_challenge_method": "plain", "event": "redirect args", "host": "domain.tld", "level": "info", "logger": "authentik.sources │
│ .oauth.clients.base", "pid": 29878, "redirect_uri": "https://domain.tld/source/oauth/callback/twitter/", "request_id": "code3", "response_type": "code", "scope": "tweet.read users.read", "state": "code13 │
│ code13", "timestamp": "2022-06-04T07:04:51.352753"}                                                                                                                                                                                               │
│ {"event": "/source/oauth/login/twitter/", "host": "domain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 29878, "remote": "<an ip address>", "request_id": "code3", "runtime": 50, "scheme" │
│ : "https", "status": 302, "timestamp": "2022-06-04T07:04:51.357931", "user": "", "user_agent": "<my user agent>"}                                       │
│ {"event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 29878, "remote": "127.0.0.1", "request_id": "code4", "runtime": 28, "scheme": "http", "status": 204 │
│ , "timestamp": "2022-06-04T07:04:52.121688", "user": "", "user_agent": "goauthentik.io/proxy/healthcheck"}                                                                                                                                                 │
│ {"event": "Unable to fetch access token", "exc": "HTTPError('401 Client Error: Unauthorized for url: https://api.twitter.com/2/oauth2/token')", "host": "domain.tld", "level": "warning", "logger": "authentik.sources.oauth.clients.oauth2", "pi │
│ d": 29356, "request_id": "code5", "timestamp": "2022-06-04T07:04:54.317422"}                                                                                                                                                    │
│ {"event": "Authentication Failure", "host": "domain.tld", "level": "warning", "logger": "authentik.sources.oauth.views.callback", "pid": 29356, "reason": "Could not retrieve token.", "request_id": "code5", "timesta │
│ mp": "2022-06-04T07:04:54.317836"}                                                                                                                                                                                                                         │
│ {"event": "/source/oauth/callback/twitter/?state=code6&code=code7", "host": "domain.tld", "level": "info", "logger": "authentik. │
│ asgi", "method": "GET", "pid": 29356, "remote": "<an ip address>", "request_id": "code5", "runtime": 316, "scheme": "https", "status": 302, "timestamp": "2022-06-04T07:04:54.546159", "user": "", "user_agent": <my user agent>"}                                                                                                                                                     │
│ {"event": "/flows/-/default/authentication/", "host": "domain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 29356, "remote": "<an ip address>", "request_id": "code8", "runtime": 40, "sch │
│ eme": "https", "status": 302, "timestamp": "2022-06-04T07:04:54.610408", "user": "", "user_agent": "<my user agent>"}                                   │
│ {"event": "/if/flow/login/", "host": "domain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 29356, "remote": "<an ip address>", "request_id": "code12", "runtime": 42, "scheme": "https", "s │
│ tatus": 200, "timestamp": "2022-06-04T07:04:54.676369", "user": "", "user_agent": "<my user agent>"}                                                    │
│ {"event": "/api/v3/core/tenants/current/", "host": "domain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 29356, "remote": "<an ip address>", "request_id": "code9", "runtime": 47, "scheme │
│ ": "https", "status": 200, "timestamp": "2022-06-04T07:04:54.978353", "user": "", "user_agent": "<my user agent>"}                                      │
│ {"event": "/api/v3/flows/executor/login/?query=", "host": "domain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 29878, "remote": "<an ip address>", "request_id": "code10", "runtime": 55,  │
│ "scheme": "https", "status": 200, "timestamp": "2022-06-04T07:04:55.063816", "user": "", "user_agent": "<my user agent>"}                               │
│ {"event": "/api/v3/root/config/", "host": "domain.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 29356, "remote": "<an ip address>", "request_id": "code11", "runtime": 48, "scheme": "https │
│ ", "status": 200, "timestamp": "2022-06-04T07:04:55.069105", "user": "", "user_agent": "<my user agent>"} 

Version and Deployment (please complete the following information):

• authentik version: 2022.5.3
• Deployment: helm

Additional context Also added oauth1a, want to autofill emails from twitter account.

[BeryJu]

This should be fixed in 2022.6.1, as Twitter has been migrated to use OAuth2 in that, allthough from your logs it looks like it's already using the new OAuth2 toke URL?

[0cwa]

I thought twitter was migrated in 2022.5. I upgraded to 2022.6.1, but it's still throwing the same error.

[BeryJu]

D'oh indeed it has, I misremembered that. That would explain the URL in your logs. I assume you followed the docs to update the twitter config? I'll do some more testing tomorrow.

[0cwa]

I assume you followed the docs to update the twitter config? I'll do some more testing tomorrow.

I did, thanks!