GET oauth/authenticate
This is the second step in the OAuth 1.0a 3-legged OAuth flow, which can be used to generate a set of user Access Tokens. It is also the second step for Sign in with Twitter.
A successful request to this endpoint allows an App to use an OAuth Request Token to request user authorization.
This method is a replacement of Section 6.2 of the OAuth 1.0 authentication flow for applications using the callback authentication flow. The method will use the currently logged in user as the account for access authorization unless the force_login
parameter is set to true
.
This method differs from GET oauth/authorize in that if the user has already granted the application permission, the redirect will occur without the user having to re-approve the application.
Endpoint URL¶
https://api.twitter.com/oauth/authenticate
Authentication¶
Authentication | Not required |
Query parameters¶
Name | Required | Description | Example |
oauth_token | Required | Pass the value of the oauth_token received via the POST oauth/request_token endpoint as the value of this parameter. | |
force_login | optional | Forces the user to enter their credentials to ensure the correct users account is authorized. | true |
screen_name | optional | Prefills the username input box of the OAuth login screen with the given value. |
Example request¶
Send the user to the following URL in a web browser, making sure to include the oauth_token parameter (see details in the Query parameters section):
https://api.twitter.com/oauth/authenticate?oauth_token=Z6eEdO8MOmk394WozF5oKyuAv855l4Mlqo7hxxxxxx
Example response
Once the user successfully logs in (authorizes your App), they will be redirected to either your callback URL or to a Twitter screen that has a pin on it.
If you entered a callback URL other than oob when generating your Request Token (POST oauth/request_token), then the URL that your users were directed to will include the following details appended to the callback URL:
?oauth_token=Dx84zgAAAAAA2_NZAAABfxxxxxx&oauth_verifier=balFEtxtH88OKpDJ7QOmAzgWkxxxxxxx
If you instead used oob as your callback URL value when generating your Request Token (pin-based authorization), then the pin that the user receives and passes along to your App will be used as the value to oauth_verifier.
You will pass the oauth_token and oauth_verifier as parameters with the POST oauth/access_token endpoint to receive the user's Access Token and Secret, which you will use when authorizing a request that requires OAuth 1.0a.