3

Disclaimer: I'm still starting out with MVC3 (and OAuth in particular). I might be making a basic mistake.

The Problem

My Controller sees that the cookie isn't stored [Note: yes, I'm using cookies per a different discussion. Let's accept that and move on.] and directs me to Twitter. Great. However, when I click authorize, I come right back to Twitter's authorization page.

My Hunch So Far

It seems that my app isn't correctly handling the Twitter postback/callback to my page.

The Ingredients

  • ASP.NET MVC 3
  • Twitterizer library
  • C#

The General Idea / Logic Flow

There might be an issue with this, as this is my first go-round with MVC3 and OAuth.

http://i56.tinypic.com/2rxchw7.png

The Code

I'm hesitant to post it at first because I want to make sure my perception of how this should flow is correct, and because there's understandably a little bit of it to dig through.

Thanks in advance for any help you can give!

SeanKilleen
  • 8,809
  • 17
  • 80
  • 133
  • Have you specified a callback in your twitter application or are you specifying the oauth_callback during the authorization process? – Jon Nylander Aug 21 '11 at 19:16
  • Thanks for responding! I have tried both, setting the settings for both to the same. Because I am trying to redirect to my localhost, I've used http://127.0.0.1:[port]/Home/ConnectToTwitter. I then tried specifying xyz.com:[port]/Home/ConnectToTwitter and then setting xyz.com in my hosts file to redirect to localhost. Is there a better way for non-production testing? This could be the issue. – SeanKilleen Aug 22 '11 at 03:01

2 Answers2

0

I am not 100% sure since I am not a Twitter API pro. But I think Twitter disallows localhost as callback. And it may be that they do a lookup that an URL resolves before allowing a redirect to take place. They wont be able to reach something specified in your .hosts file.

Consider simply issuing oauth_callback to a live URL, preferably one you yourself control. Check that you end up there. Then you can work out how to get hold of the oauth_token and oauth_verifier. (pro-tip: scrape the URL, or if you can, have the page print the variables on screen for easier scraping).

Also test specifying "oob" as callback, see what happens.

EDIT: I just realized that scraping the URL wont work since you are doing a web application. Sorry. But how about having a live URL take the oauth_token and oauth_verifier and from that page redirect to localhost or whatever?

Jon Nylander
  • 8,743
  • 5
  • 34
  • 45
  • Well, the first reason is that the site is purely in development, and I have no hosting upon which to put a live page. :) Guess I'll get on that, but I'm surprised that Twitter doesn't help out folks who are testing in a development environment. – SeanKilleen Aug 24 '11 at 00:35
  • I see your problem. I found this page: http://www.tonyamoyal.com/2009/08/17/how-to-quickly-set-up-a-test-for-twitter-oauth-authentication-from-your-local-machine/. Perhaps that will work. – Jon Nylander Aug 24 '11 at 11:02
  • 1
    Twitter does not allow you to register a localhost callback url, but does allow you to override the registered url at runtime. Moreover, Twitterizer requires developers to override the registered callback url. Without it, Twitter does no supply a verifier to the callback. – Ricky Smith Aug 25 '11 at 18:40
  • Hi Ricky, thanks! It looks as though providing localhost (127.0.0.1) in the specific callback override doesn't work either. However, I did get the redirect when I specified both the registered URL and the override URL to an external web site (pointed it to a blogger site just to check). – SeanKilleen Aug 26 '11 at 02:05
  • Just to update and edit: this answer is the correct one -- Twitter does not allow localhost. Upon this realization, I was able to refactor a bit and things run smoothly in production. Thanks! – SeanKilleen Oct 19 '11 at 00:47
0

If I am reading your flow chart correctly, you may have misunderstood part of the oauth flow. When I followed the chart as though it was the first time a user visits (no cookie, no token/verifier) you have a POST after twitter interaction. There would never be a POST. Twitter's servers do not execute the callback. The user would be redirected (HTTP 302) to the callback url with token and verifier appended to the querystring.

Also, it seems strange to have different behaviors depending on whether you have a verifier or token supplied. If you're doing it right, you would never have one without the other and even if you're doing it wrong, you'll never have a verifier without a token.

At what point are you calling the GetAccessToken method?

Ricky Smith
  • 2,379
  • 1
  • 13
  • 29
  • Hi Ricky, given your comments and exploration, I see now that twitter does a redirect. Given this, it should be a GET request to the MVC controller, and thus another [httpPost] controller isn't required. I had initially added the additional controller out of the confusion that arose from twitter not allowing localhost callbacks. Thank you! – SeanKilleen Aug 26 '11 at 02:07