Home/ Questions/Q 8049565
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T06:49:04+00:00

I am writing a web application and have just implemented that a user can

  • 0

I am writing a web application and have just implemented that a user can sign in via Twitter, using spring-social-(core/twitter).

However, Twitter behaves strangely. After the initial authentication/authorization, every time I’m sending a user to Twitter for authentication, Twitter prompts to authorize my application again. I’ve looked into the connected Twitter profile. My app is there and authorized correctly (in my case for read access).

I don’t have a case of requesting additional permissions. All my application needs is read access (the authorization dialog confirms this).

I am using the OAuth1Operations (returned by the TwitterConnectionFactory) to do the OAuth dance and save the resulting connection in a database. My front-end is written with Wicket 1.5.

I can work around this behavior by just re-authorizing my app again and again when I want to sign in via Twitter, but this is a big nuisance. Anyone knows what I’m missing here?

Here is my code:

TwitterConnectionFactory connectionFactory = (TwitterConnectionFactory) connectionFactoryLocator.getConnectionFactory(Twitter.class);
String callbackUrl = [...];

if (pageParameters.get("oauth_token").isNull() || pageParameters.get("oauth_verifier").isNull()) {
    MultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>();
    params.add("x_auth_access_type", "read");
    OAuthToken token = connectionFactory.getOAuthOperations().fetchRequestToken(callbackUrl, params);

    String url = connectionFactory.getOAuthOperations().buildAuthorizeUrl(token.getValue(), OAuth1Parameters.NONE);

    getSession().setAttribute("twitter_token", token);
    setResponsePage(new RedirectPage(url));
} else {
    String token = pageParameters.get("oauth_token").toString();
    String verifier = pageParameters.get("oauth_verifier").toString();

    OAuthToken previousToken = (OAuthToken) getSession().getAttribute("twitter_token");

    if (previousToken.getValue().equals(token)) {
        AuthorizedRequestToken authorizedRequestToken = new AuthorizedRequestToken(previousToken, verifier);

        OAuthToken accessToken = connectionFactory.getOAuthOperations().exchangeForAccessToken(authorizedRequestToken, null);
        Connection<Twitter> connection = connectionFactory.createConnection(accessToken);
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve found the solution! It is also detailed here: Simple Twitter Oauth authorization asking for credentials every time

    The problem was that I specifically requested Twitter to authorize my app every time. Replacing:

    String url = connectionFactory.getOAuthOperations().buildAuthorizeUrl(token.getValue(), OAuth1Parameters.NONE);

    with

    String url = connectionFactory.getOAuthOperations().buildAuthenticateUrl(token.getValue(), OAuth1Parameters.NONE);

    solves the issue!
    Calling the URL for authentication does only ask for authorization if the app hasn’t been authorized yet.

    • 0