Callback URL not approved by Twitter

I fixed it by adding those callback URLs to Twitter's whitelist.

twitterkit-{Twitter API Key}:// for iOS.

twittersdk:// for Android.

Twitter recently (in May 2018) enforced that sign-in-with-Twitter users must whitelist callback URLs for security reasons (see the announcement).

This means callback URLs have to be explicitly and identically set up for all supported third-party applications. You can setup the callback URLs in your Twitter's application setup page: https://apps.twitter.com

For example, if your callback URL is http://localhost:8080/myApp/signin/twitter, you must add it to the list of Callback URLs in your Twitter's application setup page exactly as it is: http://localhost:8080/myApp/signin/twitter

See also the documentation on Twitter callback URLs.

I struggled with this since Twitter made the changes to increase security. My android app would use a callback URL and the same URL in the Intent Filter. But since the change, the URL I was using had to be registered in the Twitter developer portal. I was using ouath://myapp, but Twitter does not accept that as a valid URL (website).

After a bit of digging, I found that for apps you can specify any scheme but only as a scheme. For example I used myapp:// as the callback URL.

In my app, my callback URL was myapp://whatever, and in the Intent filter, I used :

<data android:scheme="myapp" android:host="whatever">

Twitter accepted the callback URL and it correctly redirected back to my app after the user authenticated with their Twitter credentials.

I has originally used just a normal website, and that worked too, but after validation by Twitter, it asked if I wanted to redirect to My App, or to a Chrome browser. Using the above approach it will simply return to your app.

After I did all this, I realized that I could have just added Oauth:// as a call back URL and my app would have worked without change.