Twitter Login changes to signin handshake. Some customers affected. Here is the fix.

Note: If you are using a URL other than (for example <yourtenant>, please replace in step #2 accordingly.

What is New?

Twitter has made some updates to their sign in handshake (

It requires a setting change in a small number of AAD B2C tenants only where Twitter was configured manually as an identity provider (IDP)


Who is affected?

  1. Ten (10) AAD B2C tenants who had manually configured Twitter with AAD B2C.   We are contacting these administrators directly.
  2. All developers intending to use Twitter as an identity provider should read below to be aware of the change and the fix.


What is the experience?

Any attempt to sign in with Twitter would  result in a 403 forbidden exception from Twitter.


What is the fix?

The call back URL, which is configured in, must include the oauth1 designation and the  policyId

Correct Format :{tenant}/{policyId}/oauth1/authresp



Make sure to replace {tenant} with your tenant's name (for example, and {policyId} with your policy id (for example, b2c_1_policy). This callback URL needs to be all lowercase.

Add additional call back URLs for each of the b2c policies that use Twitter login.



Note: If you are using a URL other than (for example <yourtenant>, please replace accordingly.

Note: We recommend adding a second call back URL to the application registered in{tenant}/oauth1/authresp.  By omitting the policyId, you will "future proof" your manual setup as we may remove the requirement to provide the policyId in the future.


Skip to main content