New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
403 Forbidden when attempting to fetch user profile #1
Comments
Hey @nbrady-techempower, Have you checked your Twitter Developer Portal (the thing you log into and create your Twitter app). Have you checked that you've activated the OAuth 2.0 API and that your app has the required permissions to perform logins via OAuth 2.0? |
Thanks for the quick response @florianmartens. Oauth 2.0 is active. I'm not sure how I'd check for the latter part of your question. The only other thing I can see that I'm a little iffy on is the Oauth 2.0 settings which I currently have set to |
I'm having some trouble getting into my Twitter Developer Account myself, as it was recently suspended (I went a bit to aggressive with my automations). I would like to help you debug this. As far as I'm understanding it, you're able to retrieve an access token for a user. The If that is the case, the scope of the error lies somewhat outside of this library as this package should only help you retrieve a valid token. The fact that you're seeing a |
@florianmartens You're absolutely right. It's probably outside the scope of this library, but it is happening during the validation process from within the library when hitting the |
Oh, ok - hm. Interesting. If you're able to recreate this error sending the requests via a REST client or in your terminal, it's likely that the cause lies within your app settings. The default scopes should be fine, however. I'm running this package with NestJS with the following config (not sure if it's helpful since it's close to the defaults in the redme):
I might be able to be of better help tomrrow if/when I restore access to my own Developer Portal. |
@florianmartens Oh, very cool. I'm also using NestJS.
I've actually moved past this to Do you mind if I ask what your session middleware settings look like? I have a feeling that's what's going on here. |
Ah, this is quite educational for me too. I think, I should probably add some documentation on this although it's more of a Passport feature when using PKCE. PKCE relies on sessions. So make sure to include/accept credentials (both on the client & server):
|
@florianmartens Thanks so much for your help here. I was actually overwriting some config with the spread operator from my config above as well as some header whitelisting and the incorrect credentials value. This was an existing app and the existing config for session, cors, etc, was a bit complex and I overlooked some things. Thanks again! |
@nbrady-techempower happy to help! |
@nbrady-techempower I encountered similar issue but not using any code in this repo. It seems to be an issue in Twitter's implementation on API scopes. Basically, in order to access |
omg bruv. I spent 2 days with no idea why it didn't work. I only had |
alphatownsman Thank you very much. I spent 2 days for this shit. You are my god |
Thanks for the great work here. I was trying to implement the strategy myself and got a little stuck. This library got me to the point of getting the access token to make requests, but now I can't get past:
I've tried a variety of options for the strategy up to and including the defaults you've provided.
The text was updated successfully, but these errors were encountered: