Twitter Policies Has Changed and Login Fails Due to Cloudflare

[amirhosein-kia-darbandsary]

:
Since the latest Twitter/X policy updates, our automated login flow has stopped working.
The requests are now being blocked by Cloudflare protection, returning a 403 Forbidden response with the message:

"Sorry, you have been blocked. You are unable to access x.com."

This seems to be caused by Cloudflare's new challenge mechanism (JavaScript or CAPTCHA) which the current implementation does not handle.

Steps to Reproduce:

Run the login process using the existing API/script.

Observe that the response returns a 403 error.

Expected Behavior:
Login should work as before and retrieve a valid session.

Actual Behavior:
The request is blocked by Cloudflare, causing the login process to fail.

Handling Cloudflare challenge/JavaScript challenge automatically.

Optionally allowing cookies/session reuse from a browser login to bypass the block

[mahrtayyab]

I am aware of the issue , finding solution , update is scheduled in 4 days

[amirhosein-kia-darbandsary]

I am aware of the issue , finding solution , update is scheduled in 4 days

Thanks for your response — really appreciate it! We’re interested in understanding the root cause of the issue and how it can be addressed. Looking forward to the new version release

[Mena489]

@mahrtayyab
any updates on that?

[mahrtayyab]

@mahrtayyab any updates on that?

working on it

[amirhosein-kia-darbandsary]

Thank you for your efforts. Based on our investigation, the issue appears to be linked to the castle token. However, we’re still unable to determine its exact dependencies or integration points, which prevents us from defining a clear solution at this stage

so if there is any guide we will happy to help you besides your efforts

[CrossDarkrix]

Sorry, With my skills, I was only able to complete the login step.
There are still some bugs, but it does works.
https://github.com/CrossDarkrix/tweety

[amirhosein-kia-darbandsary]

Sorry, With my skills, I was only able to complete the login step. There are still some bugs, but it does works. https://github.com/CrossDarkrix/tweety

Thank you for your help. We'll use your latest version until your pull request is accepted, and then proceed with the main package.

[CrossDarkrix]

I'm closing this pull request for now.
This is because I noticed a few things while investigating.

1. Bypassing the login error is almost meaningless (it may appear that you're logged in, but you're not).

2. X's API may have changed significantly.

3. It appears that a new "Castle iO" token is required. Generating or bypassing this token seems quite difficult.

4. As mentioned in point 1, using a cloudscraper to create new credentials is pointless.

5. The API parameters have likely changed as well.

[AdaaamB]

Facing the same error. All was fine until I made an update today and left a hardcoded auth token in. When I reverted to app.start or app.sign_in, I got hit with the cloudflare error. You can get around it by using auth tokens, but I'm not sure how long those are valid for? A quick google says either forever or 2 hours.. but I generated this one over 2 hours ago and it's still currently valid

[back-2-95]

I have been using one auth_token for 2-3 weeks for now - and I also had like 2-7 days between of every run.