"Desktop applications only support the oauth_callback value 'oob'" when oauth_callback is present

Sep 14, 2011 at 4:43 AM

I'm having difficulty getting the full OAuth handshake to operate for a registered app.  The app is set with Read-Write access.  I've reviewed the troubleshooting suggestions at https://dev.twitter.com/discussions/204

When I set the Callback URL setting to either an empty string or some placeholder value, I receive the following request/response pair on request_token (https://api.twitter.com/oauth/request_token)  - note synced timestamps; obfuscated key & signature; using the v2.0.21 of LinqToTwitter library. 

Any clues as to what might be happening?

REQUEST
=================
Authorization: OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3733%2FLinqToTwitterWebFormsDemo%2Fdefault.aspx",oauth_consumer_key="0*********************Q",oauth_nonce="3831000",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1315974215",oauth_version="1.0",oauth_signature="5*******************%3D"
LocalDate: 9/14/2011 4:23:35 AM
Host: api.twitter.com

RESPONSE
=================
Status: 401 Unauthorized
X-Transaction: 1315974408-93987-28162
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
X-MID: 9150783fc3e6eeddc598fddf2f02df8fb67d3d9b
Content-Length: 178
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Type: text/html; charset=utf-8
Date: Wed, 14 Sep 2011 04:26:48 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Wed, 14 Sep 2011 04:26:48 GMT
Set-Cookie: k=98.240.211.26.1315974408837750; path=/; expires=Wed, 21-Sep-11 04:26:48 GMT; domain=.twitter.com,guest_id=v1%3A131597440884643076; domain=.twitter.com; path=/; expires=Fri, 13 Sep 2013 16:26:48 GMT,_twitter_sess=BAh7CDoHaWQiJTg3YTA5NGFkMDg5MzliNjc2YzkxNzZlNzE2MTllZGZjIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIj%252BovZjIB--7cb6eaefdf925847cb90cb77f60baa39a0eeaa40; domain=.twitter.com; path=/; HttpOnly
Server: hi
WWW-Authenticate: OAuth realm="http://api.twitter.com"
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<hash>
  <error>Desktop applications only support the oauth_callback value 'oob'</error>
  <request>/oauth/request_token</request>
</hash>


Coordinator
Sep 14, 2011 at 5:27 AM

Hi,

Looking at hash/error, it seems that Twitter thinks you are or should be using a desktop application.  This is what "oob" means.  I vaguely recall some time in the past where you could specify whether your application was desktop or Web, but I can't see anything about it in the settings today.  One possible suggestion is to visit your application, at dev.twitter.com, and ensure you've entered a callback URL, because I believe it's absence makes Twitter think your application type is desktop.  The actual callback you use, set via BeginAuthorization, will override the default application callback.

Joe

Sep 14, 2011 at 12:42 PM

Thanks Joe! That was the resolution.  

Within dev.twitter.com, I updated the app's Callback URL value to a non-empty string and the request_token responded as expected.