Can't add Twitter accounts

I am having this same problem. Pops up the authorization window but then doesn’t add the account in WordPress.

When I look in Twitter, it says the account is authorized, but definitely not added in WordPress.

I am also experiencing this problem! Before looking here, I tried it in 3 different browsers, as well rebooted my machine, cleared my cache, and deleted and re-installed the plug-ins. I noticed that in all browsers, it now opens a new TAB, rather than a pop-up window as before.

Any help would be greatly appreciated!

I am having the same issue as above, the authorization window appears but then doesn’t add the twitter account in WordPress.

Help!?

Hello all,

I also had the problem of adding both facebook and twitter accounts in WP 4.0 this morning. Now I have found a solution/tweak that temporarily enables you to add the accounts. All you have to do is just commenting 1 line of code.

Short Answer:
1. open file wp-content/plugins/social/lib/social/controller/auth.php, and inside function action_authorized(), look for this code block

if (wp_verify_nonce($nonce, $this->auth_nonce_key($salt)) === false) {
	Social::log('Failed to verify authentication nonce.');
	echo json_encode(array(
		'result' => 'error',
		'message' => 'Invalid nonce',
	));
	exit; //(comment this line to temporarily enable adding accounts, uncomment when finish.)
}

2. comment out the line that says exit;, it is line 88 for me (version 2.11), save and upload if necessary.
(now it becomes:) //exit;

3. Go to yout WP backend, and click the ‘Sign in with Facebook/Twiter’ button, and it should work.

4. For security reason, once you have added your accounts, remember to uncomment line 88.
(now it becomes:) exit;

If it works for you, please leave a comment to let others know.

Long Answer:
For plugin author Alex King and plugin developers:

The problem happens because WP 4.0 has changed the way it creates and verifies nonce. They call this Tie nonces and cookies to expirable sessions. Basically it means WP now use the current session value (along with other variables) to create and verify nonce. Bear this in mind, let take a look at how the plugin runs when the sign in button is clicked (according to my understanding of the plugin).

When the ‘Sign in with Facebook/Twitter’ button is clicked in WP backend, the following happends:
1. Browser sends request to WP, the plugin detects the requests and runs the action_authorize function, which creates a nonce and generates a redirect response and sends to the browser. Note that the nonce is created using the current session, probably as admin.

2. Browser receives the redirect response, and sends a new request to the proxy server.

3. Proxy server processes the request (e.g. contact Facebook/Twitter for confirmation) and sends a request to WP to run the action_authorized function. Note that this request is sent from the proxy server and the proxy server doesn’t have a session with WP. Now the action_authorized function first verifies the nonce before adding the accounts. Because the current session (which doesn’t exist) is different from the session used to create the nonce, WP will fail to verify the nonce and exit the funtion before adding the accounts.

Possible solutions:
A. encode the cookie into the redirect URL, so that the current session is passed to the proxy server. I think this will cause security concerns.
B. avoid using nonce, find other ways

I will leave it to your capable hands to find a proper solution to this problem. Let me know if I can assist further.

Kind Regards,
Cang

cangluo’s fix worked perfectly for me. Thank you!!

Yes, it did for me, too! Awesome, cangluo!

Silly question, but how do I open the file wp-content/plugins/social/lib/social/controller/auth.php,?

I tried going through Plug In –> Editor –>Social but had no joy?

You’ll need to connect to your site an FTP client. FileZilla or Cyberduck should work pretty well.

Still not working for me. Commented out the line, saved, go to backend. Not adding Twitter account. ??

when you click “sign in with Twitter” does it go to an authorize page for your twitter account? It should, and you tell it to authorize and it should come back to the page with the “sign in with Twitter” button you clicked, and the twitter account should be connected.

you need to do this AFTER doing the edit described , and saving it.

@sginsbe & @dlature1
Glad that it works for you ??

@stenar
Can you make sure that you upload the file to your server after commenting the line, and refresh the page after click the sign in with facebook/twitter button?

If it still doesn’t work, can you post your plugin log here?
The log file is wp-content/plugins/social/debug_log.txt
For best result, delete/rename the log file first, then click the sign in button and it will generate a new log file, copy and paste the content of the log file here.

I didn’t upload the file. I ssh’d into my server via Terminal on Mac and edited the file. I triple checked that the line was commented out.

Refreshed the page numerous times.

[SOCIAL – 2014-09-10 10:20:29 – 173.245.50.110] Checking system CRON
[SOCIAL – 2014-09-10 10:20:29 – 173.245.50.110] Running request: Settings/action_index
[SOCIAL – 2014-09-10 10:20:33 – 173.245.50.110] Checking system CRON
[SOCIAL – 2014-09-10 10:20:34 – 173.245.50.110] Running request: Settings/action_index
[SOCIAL – 2014-09-10 10:20:47 – 173.245.50.110] Running request: Auth/action_authorize
[SOCIAL – 2014-09-10 10:20:47 – 173.245.50.110] Authorizing with URL: https://sopresto.socialize-this.com/twitter/authorize/?v=2&id=258cac886d&response_url=h$
[SOCIAL – 2014-09-10 10:20:54 – 173.245.50.177] Running request: Auth/action_authorized
[SOCIAL – 2014-09-10 10:20:54 – 173.245.50.177] Failed to verify authentication nonce.
[SOCIAL – 2014-09-10 10:20:54 – 173.245.50.110] Checking system CRON
[SOCIAL – 2014-09-10 10:20:54 – 173.245.50.110] Running request: Settings/action_index

dlature1, thanks did that.