Twitter Login changes to signin handshake. Some customers affected. Here is the fix.


Note: If you are using a URL other than login.microsoftonline.com (for example <yourtenant>.b2clogin.com), please replace login.microsoftonline.com in step #2 accordingly.

What is New?

Twitter has made some updates to their sign in handshake (https://twittercommunity.com/t/action-required-sign-in-with-twitter-users-must-whitelist-callback-urls/105342).

It requires a setting change in a small number of AAD B2C tenants only where Twitter was configured manually as an identity provider (IDP)

 

Who is affected?

  1. Ten (10) AAD B2C tenants who had manually configured Twitter with AAD B2C.   We are contacting these administrators directly.
  2. All developers intending to use Twitter as an identity provider should read below to be aware of the change and the fix.

 

What is the experience?

Any attempt to sign in with Twitter would  result in a 403 forbidden exception from Twitter.

 

What is the fix?

The call back URL, which is configured in https://apps.twitter.com, must include the oauth1 designation and the  policyId

Correct Format : 	https://login.microsoftonline.com/te/{tenant}/{policyId}/oauth1/authresp

Example:  https://login.microsoftonline.com/te/myb2ctenant.onmicrosoft.com/b2c_1_policy/oauth1/authresp

 

Make sure to replace {tenant} with your tenant's name (for example, contosob2c.onmicrosoft.com) and {policyId} with your policy id (for example, b2c_1_policy). This callback URL needs to be all lowercase.


Add additional call back URLs for each of the b2c policies that use Twitter login.

 

 

Note: If you are using a URL other than login.microsoftonline.com (for example <yourtenant>.b2clogin.com), please replace login.microsoftonline.com accordingly.

Note: We recommend adding a second call back URL to the application registered in apps.twitter.com.: https://login.microsoftonline.com/te/{tenant}/oauth1/authresp.  By omitting the policyId, you will "future proof" your manual setup as we may remove the requirement to provide the policyId in the future.

 


Skip to main content