2

I am setting up Twitter as a social login option following this doc reference on auto-account-link policies. It's been quite some time since I've finished the policy side but keep consistently getting the authorization error below:

correlationId: 1bb357d5-ecdc-437f-97cb-9958ac5940f3

{
    "Key": "OAuth1RequestInfo",
    "Value": {
        "TechnicalProfileId": "Twitter-OAuth1-SignIn",
        "AccessTokenEndpoint": "https://api.twitter.com/oauth/access_token",
        "AuthorizationEndpoint": "https://api.twitter.com/oauth/authenticate",
        "CallbackUri": "https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/b2c_1a_accountlink_susi/oauth1/authresp",
        "ClientId": "aDNZQ1dZTlJEZjFGUXBzb0ZfY1U6MTpjaQ"
    }
},
{
    "Key": "AuthorizationError",
    "Value": "The call to https://api.twitter.com/oauth/request_token for a request token of aDNZQ1dZTlJEZjFGUXBzb0ZfY1U6MTpjaQ returned an error Unauthorized"
}

Things I've tried:

  • Reset client secret and app Id;
  • Make sure there is no typo while pasting secret on policy keys;
  • Enabled Oauth1 and Oauth2 on the Twitter side
    • The docs say Oauth2 should be enabled but on policy call back there is a reference to oauth1.
  • Make sure the callback URL is set correctly.
  • Set Single Page App as the app type (assuming this is correct for my use case)

image

Appreciate your input!

basquiatraphaeu
  • 525
  • 7
  • 19

3 Answers3

0

After an issue opened with MS docs they've got it updated, as follows:

If you're facing unauthorized error while testing this identity provider, make sure you use the correct Twitter API Key and API Key Secret, or try to apply for elevated access. Also, we recommend you've a look at Twitter's projects structure, if you registered your app before the feature was available.

basquiatraphaeu
  • 525
  • 7
  • 19
0

On the Twitter Developer Portal under the User Authentication settings page for the relevant app, you also need to make sure that you have the Redirect URLs set up for every policy you expect to require Twitter authentication flow in.

The instructions here use the signup and signin policy as an example, however other policies can be responsible for re-authenticating a user (ie. change password). The Redirect URL for each of those policies will be different so it needs to be listed in the User Authentication settings page otherwise you'll get the following error:

AADB2C: The request to obtain a token from 'https://api.twitter.com/oauth/request_token' returned an error 'Forbidden'

ajbeaven
  • 9,265
  • 13
  • 76
  • 121
0

Since this is currently the top Google result when searching for this error, I will update with the answer.

In the Twitter Developer Portal, when you specify your redirect URIs you must enter them all in lower case.

My user flow was called something like: B2C1_SUSI and thus the redirect URI was:

  • https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/B2C_SUSI/oauth1/authresp

...which had uppercase text, which was causing the error. Changing it this fixed it:

  • https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/b2c_susi/oauth1/authresp

To me this is really an error on Twitter's part - if they are required to be lowercase, they should lowercase it. Hopefully this works for others.

MSOACC
  • 3,074
  • 2
  • 29
  • 50