Twitter oauth_callback parameter being ignored!

Question

I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com

I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course).

So my request URL looks like this:

http://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fmydomain.com%2Ftwittercallback

Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters.

However, my response comes through as: oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET

I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful!

Thanks, A.

Answer 1

I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course).

So my request URL looks like this:

http://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fmydomain.com%2Ftwittercallback

just because YOU read the spec doesn't mean that TWITTER read it. :P

kidding - this is essentially correct - but the way twitter likes to receive this data is a little different (and not well documented).

the way i've found to get the oauth_callback to confirm is as follows: specify the oauth_callback in the parameters of the request function, NOT within the URL.

python example (using oauth2):

''' Create our client.'''

client = oauth.Client(consumer)

''' do the request '''

resp, content = client.request(request_token_url,"POST",body=urllib.urlencode({'oauth_callback':callbackURL}))


''' note that it's called "body" in this particular OAuth function for Client but in OAuth Request object it's called "parameters."  YMMV depending on programming language/ library of course. '''

this is ALSO the only way i've managed to get an oauth verifier back. supposedly one should not have to specify the callback URL every time, since we provide it in app settings...but experience seems to indicate otherwise.

finally, please be aware that at leg 3 you have to do the same thing AGAIN - this time including the oauth_verifier as well as the callback URL in the parameters.

hope this helps - can't begin to tell you how much effort i put into figuring this out.

good luck!

J

Answer 2

I've used this guide to set up my PC to be used as the callback location. Basically you set up your hosts file in a certain way, clear your cache and add a couple of Firefox registry values. At the end when you are debugging an oauth call the redirect comes back to your local PC.

As I said it worked for me.

Answer 3

<?php
    // oauth-php example
    $token = OAuthRequester::requestRequestToken(
                $consumer_key,
                $user_id,
                array('oauth_callback'=>  urlencode($callback_uri))
             );
?>