Ok Several days of hair pulling but this is what I discovered. When you navigate to the twitter OAuth authticate or authorize page, Twitter sets several cookies. One of these is _twitter_sess If you successfully sign In, this is recorded in the session cookie.
If you happen to go back and re-initiate the sign In process (click sign in with Twitter ' on your application). When you get to the Twitter OAuth authorize page, this session cookie will already indicate that you have signed in And clicking the signIn button will always give you the 403 error. Solution? haven't tried, but think some variation of simply deleting this session cookie when you load your application page...
