This project has moved and is read-only. For the latest updates, please go here.

Silverlight OAuth Token Problems

Nov 9, 2011 at 11:58 AM


I'm still failing to correctly receive and/or store OAuth tokens for users of my application. If I use my 'Access token' and 'Access token secret' generated via everything works perfectly. If I use a pair generated at runtime via the OAuth workflow in my app then I receive a '401: Invalid / Expired token' error. I think I'm missing a step somewhere in the workflow.

This is a code snippet from my implementation of CompleteAuthorization:

var callbackUrl = HtmlPage.Document.DocumentUri;

auth.CompleteAuthorize(callbackUrl, resp =>
   _dispatcher.BeginInvoke(() =>
    switch (resp.Status)
      case TwitterErrorStatus.Success:
        StorageCredentials(resp.State.UserID, resp.State.ScreenName, auth.Credentials.AccessToken, auth.Credentials.OAuthToken);
      case TwitterErrorStatus.TwitterApiError:
      case TwitterErrorStatus.RequestProcessingException:
        MsgBox.Show(resp.Error.ToString(), resp.Message);

This returns the correct UserID and ScreenName and 2 valid-looking strings for AccessToken and OAuthToken.

This is a code snippet from a factory that creates TwitterContext objects...

private static string BASE_URL = "";
private static string SEARCH_URL = "";

internal static TwitterContext Create()
  var auth = new SilverlightAuthorizer
    Credentials = new InMemoryCredentials
      AccessToken = GetOAuthTokenFromStorage(),
      OAuthToken = GetAccessTokenFromStorage(),

      ConsumerKey = ConsumerKeys.KEY,
      ConsumerSecret = ConsumerKeys.SECRET
    ScreenName = GetScreenNameFromStorage,
    UserId = GetUserIdFromStorage

  return new TwitterContext(auth, BASE_URL, SEARCH_URL);

I doesn't matter which way 'round I use the user's tokens it always produces the same 401 error.

What concerns me is that the 2 user-generated tokens are almost identical lengths where as the 'Access token' generated on the twitter website is about 20% longer. Is there an extra step that I've missed that gets a correct pair of string?

Any help please? I've pretty run out of ideas now :(.


Nov 9, 2011 at 5:16 PM

Hi Chris,

It looks like you've already gone through the initial OAuth dance to get all the credentials and this scenario is grabbing credentials that have already been saved?  I might have a hard time reproducing the problem, so a sample app might be helpful - I can't work on a full-blown application because it would take me too long to set up, but a minimal sample that reproduces the problem would be helpful.

Since you already have credentials, another options might be to try to use the PinAuthorizer in case there's a bug in the Silverlight authorizer for your scenario.

BTW, here's a working sample for Silverlight OAuth that might help (you've probably looked at this already) that's also part of the downloadable code:


Nov 9, 2011 at 10:42 PM

Hi Joe,

I've used both the Pin and Web workflows with the same results. I've now got a really simple example written that demonstrates the problem. Could you let me know the best email address for you please (either here or ping me at