Twitter OAuth2 flow always asks for user authorization confirmation

[fdocr]

I noticed the OAuth2 flow always asks users to confirm authorization when signing in, even after they've already given authorization to the app before.

From the Twitter docs all I can see that somewhat resembles what I want to do (once the user account gives authorization don't request confirmation next time until it was revoked by the user, like in OAuth 1.0) is offline.access.

I added this scope to the basic "tweet.read users.read", but from what I've tested I now believe that this only works on access tokens. Every time a user is signed out from the web app where I'm implementing this gem (migrate from 1.0 to OAuth 2) or wants to sign in on a different device/browser they will still go through the OAuth flow and Twitter will request authorization confirmation.

Is there a way to get around this? Perhaps I'm overlooking something.

[unasuke]

@fdocr Thank you for the report. I'll check this behavior.

[jkotchoff]

This will work with the new OAuth2 authentication requirements from Twitter (using the less full featured but much smaller twitter_oauth2 gem): https://gist.github.com/jkotchoff/e2f5e5fa431f090ab2fb62613287dfbb