Several days of hair pulling but this is what I discovered.
When you navigate to the twitter OAuth authticate or authorize page,
Twitter sets several cookies.
One of these is _twitter_sess
If you successfully sign In, this is recorded in the session cookie.
If you happen to go back and re-initiate the sign In process (click
sign in with Twitter ' on your application).
When you get to the Twitter OAuth authorize page, this session cookie
will already indicate that you have signed in
And clicking the signIn button will always give you the 403 error.
haven't tried, but think some variation of simply deleting this
session cookie when you load your application page...