Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
0 votes
in Plugins by
edited by

I started using the open-login plugin that provides oauth login functionality.  The first service I tried to use was twitter.  Twitter appear to only work when the users tries to login over http.  If the user tries to login over https they are redirect to


With a server error of

400 Bad Request

The plain HTTP request was sent to HTTPS port


If the user then goes to http://domain.com/login?login=twitter or https://domain.com:443/login?login=twitter the user is logged in.

The only thing I can think of that I might be doing wrong is using the wrong Callback URL(in the twitter api key setup). Currently the plugin seems to work over http using the




or either one of those with https instead of http as the callback URL.

If there is an issue with the plugin I would really appreciate some advice as well.

Thanks in advance....

Q2A version: 1.6.3
1) On Twitter you should set :
Website = https://www.domain.com
Callback URL = https://www.domain.com/?hauth.done=Twitter

2) On your q2a website, Admin/General you should have :
Preferred site URL = https://www.domain.com
(**identical** to the Twitter "Website" value)
I will try this and report back.
This changed things but did not resolve the issue.  I setup the website, call back and preferred site URL as specified above and tried to login with twitter.  

On the first attempt it redirected to twitter as it was doing and then returned same 400 error above. I then returned to https://domain.com and tried again.  This time I was not redirected to twitter however I was logged in. Very strange...
Strange. Can you share an url ?

1 Answer

0 votes

The plugin redirects based on the current URL the user is at when clicking the login button. It might be that, for some reason, the code could not correctly detect the protocol (https or http) of the current URL and generate an invalid link.

Can you try to add the following piece of code to the file Hybrid/Auth.php from q2a-open-login plugin folder, on line 376?

if( !empty($_SERVER['HTTPS']) ||

instead of


See here how that line looks now: https://github.com/alixandru/q2a-open-login/blob/development/Hybrid/Auth.php#L376

Basically you need to add a new condition to that "if" and test again.


If that doesn't work, I will really need the URL of your site to debug. I hope this helps.