Desktop applications only support the oauth_callback value 'oob'/oauth/request_token

I'm trying to authenticate with OAuth on NodeJS and I'm getting this error:

> Error getting OAuth request token : { statusCode: 401, data: '\n\n Desktop applications only support the oauth_callback value 'oob'\n /oauth/request_token\n\n' }

Here is my code (server.js)

var express = require('express');
var util = require('util');
var oauth = require('oauth');

var app = express.createServer();

// Get your credentials here: https://dev.twitter.com/apps
var _twitterConsumerKey = "1";
var _twitterConsumerSecret = "2";

var consumer = new oauth.OAuth(
    "https://twitter.com/oauth/request_token", "https://twitter.com/oauth/access_token", 
    _twitterConsumerKey, _twitterConsumerSecret, "1.0A", "http://127.0.0.1:8080/sessions/callback", "HMAC-SHA1");

app.configure('development', function(){
    app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
    app.use(express.logger());
    app.use(express.cookieParser());
    app.use(express.session({ secret: "very secret" }));
    
    app.use(function(req, res, next) {
        res.locals.user = req.session.user;
        next();
    });
});

app.get('/sessions/connect', function(req, res){
    consumer.getOAuthRequestToken(function(error, oauthToken, oauthTokenSecret, results){
        if (error) {
            res.send("Error getting OAuth request token : " + util.inspect(error), 500);
        } else {  
            req.session.oauthRequestToken = oauthToken;
            req.session.oauthRequestTokenSecret = oauthTokenSecret;
            res.redirect("https://twitter.com/oauth/authorize?oauth_token="+req.session.oauthRequestToken);      
        }
    });
});

app.get('/sessions/callback', function(req, res){
    util.puts(">>"+req.session.oauthRequestToken);
    util.puts(">>"+req.session.oauthRequestTokenSecret);
    util.puts(">>"+req.query.oauth_verifier);
    consumer.getOAuthAccessToken(req.session.oauthRequestToken, req.session.oauthRequestTokenSecret, req.query.oauth_verifier, function(error, oauthAccessToken, oauthAccessTokenSecret, results) {
        if (error) {
            res.send("Error getting OAuth access token : " + util.inspect(error) + "["+oauthAccessToken+"]"+ "["+oauthAccessTokenSecret+"]"+ "["+util.inspect(results)+"]", 500);
        } else {
            req.session.oauthAccessToken = oauthAccessToken;
            req.session.oauthAccessTokenSecret = oauthAccessTokenSecret;
            
            res.redirect('/home');
        }
    });
});

app.get('/home', function(req, res){
    consumer.get("http://twitter.com/account/verify_credentials.json", req.session.oauthAccessToken, req.session.oauthAccessTokenSecret, function (error, data, response) {
        if (error) {
            res.redirect('/sessions/connect');
            // res.send("Error getting twitter screen name : " + util.inspect(error), 500);
        } else {
            var parsedData = JSON.parse(data);
            
            // req.session.twitterScreenName = response.screen_name;    
            res.send('You are signed in: ' + parsedData.screen_name);
        } 
    });
});

app.get('*', function(req, res){
    res.redirect('/home');
});

app.listen(8080);

Thanks in advance.

Fill up the "Callback URL" field in your Twitter settings dev account.

In addition to what the other answer says...

I kept getting an error when trying to fill up the Callback URL in the Twitter dev console. I was trying to enter http://localhost:4000, but it was giving me errors. If you need to need to use localhost, you can use http://127.0.0.1:4000 instead, and Twitter accepts that.

(Maybe obvious to some, but took me a little while to figure it out.)

This is an old question, but I ran into this error today, and the thing I noticed is that NEW Twitter applications can be saved WITHOUT a callback URL, but as soon as you save your app with a callback URL, Twitter won't let you save it -- it will revert to the last URL you had. In our case, it didn't matter since our OAuth flow supplies the callback URL, but something on Twitter's side of things REQUIRES that there be a callback URL (ANY callback URL). So in our case, this error cropped up only in dev environments that had a new (and unused) Twitter application associated with them.

Just came across this today, hope it helps others.

If you are trying to authenticate Twitter API Authentication through Firebase.

> It is mandatory that you should add the Callback URLs (required field) > in the Authentication Section of your Twitter API Developer > Portal.

You can find the Callback Url from your Firebase Console in the Authentication Section (Sign-in methods) Authentication provider for Twitter.

> Make sure that the Callback Urls to be exactly the same.

If not, it will give you a error similar to this:

com.firebase.ui.auth.FirebaseUiException: There was an internal error in the web widget. [ {"code":"auth/invalid-credential","message":"Error getting request token: 403 <?xml version='1.0' encoding='UTF-8'?><errors><error code=\"415\">Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings</error></errors>.