Twitter Provider fails when user not already logged into Twitter

sebastiandugudae commented 2 years ago

Provider type

Twitter

Environment

System: OS: macOS 12.3.1 CPU: (16) x64 Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz Memory: 43.64 MB / 32.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 16.14.2 - /usr/local/bin/node Yarn: 1.22.17 - /usr/local/bin/yarn npm: 8.5.0 - /usr/local/bin/npm Browsers: Chrome: 100.0.4896.75 Firefox: 93.0 Safari: 15.4 npmPackages: next: 12.1.0 => 12.1.0 next-auth: ^4.3.1 => 4.3.1 react: 17.0.2 => 17.0.2

Reproduction URL

https://github.com/nextauthjs/next-auth-example

Describe the issue

Hi Nextauth team,

It seems like Twitter authentication via the Nextauth TwitterProvider fails when the user is not already logged into Twitter in their current browser session.

I have replicated this on the next-auth-example repository as well. Just downloaded and ran it locally, without making any changes (other than just adding Twitter ID/Secret inside env.local).

Twitter App settings: Screenshot 2022-04-11 at 11 59 36

If I try this with the user already logged in, the login flow works as expected.

How to reproduce

Go to https://twitter.com/home. Make sure you are not logged in as any user.
On the next-auth-example app -> Sign in -> Choose "Sign in with Twitter (Legacy) -> Sign in with Twitter (Legacy)
Authorize "App" page
Enter emails & passport for your account in the initial Authorize screen. You'll get to the following screen on Twitter
Introduce email, username & password again.
Error page displayed

You can notice that the user is successfully logged into Twitter (upper right corner). However, there is not user & session created.

console.log() into the jwt callback is never ran. So it seems that the flow doesn't get there.

Expected behavior

Session should have been created and user should have been redirected to the "redirect_url". Instead, user gets the error page and a session is not persisted in Nextauth

camiaei commented 2 years ago

I had the same problem some weeks ago, I thought it was related to the new OAuth2, because last year I had no problem😔

[Edit] this was my issue: https://github.com/nextauthjs/next-auth/discussions/4034

stale[bot] commented 8 months ago

It looks like this issue did not receive any activity for 60 days. It will be closed in 7 days if no further activity occurs. If you think your issue is still relevant, commenting will keep it open. Thanks!

nextauthjs / next-auth