We just made some changes to our OAuth 1.0A flow, enabling applications to better control automatic redirection behavior in the “Sign in with Twitter” flow. With these changes, we recommend you log in to dev.twitter.com and review the applications you’ve created and the specific OAuth options available to them.
We’ve brought back the Allow this application to use ‘Sign in with Twitter’ option. You may remember this option from a couple years ago — at the time, it did not have a material effect on the OAuth flow, so we removed it. We’ve brought it back so applications can explicitly define their intended authorization behavior.
This change allows automatic redirection only for applications that request it. Applications that use /oauth/authenticate and rely on the automatic redirection behavior for logged-in users must enable this “Sign in with Twitter” option. If the option is not enabled, users will instead be directed to /oauth/authorize and will then be prompted to complete the application approval flow.
When reviewing your applications, we also recommend verifying that any associated account or application contact information is complete and current. (Note: It may take a few moments for updates to be reflected.)
We appreciate your willingness to work with us to provide a more secure experience, no matter where or how people use Twitter.
Did someone say … cookies?