Silverlight E2E OAuth

Aug 6, 2011 at 12:52 AM

Hi Folks,

 

I'm confused about using the OAuth with browser hosted Silverlight application. I used the OnWebAuth sample code in the Silverlight demo. It redirects the user to the right page, user inserts the username and password and accepts my application to access his account. However, the following takes place:

- Twitter fails to return to the CallBackUrl.

- I never get into the auth.CompleteAuthorize.

- I'm not able to get Authorization Token.

 

I get my CallBackUrl from: Uri url = HtmlPage.Document.DocumentUri; 

 

Any clues?

Coordinator
Aug 6, 2011 at 3:22 AM

Hi,

If after the request returns from authentication and you click on the tab again, the code will call CompleteAuthorize.  There was a bug that I fixed last week associated with the authorization token and the fix is in the downloadable source code right now.  I'll take a look at the problem with not returning to the callback url, which should clear up the problem with CompleteAuthorize not being called.

Joe

Aug 6, 2011 at 4:07 AM

Thanks Joe for your reply!

 

I think the main problem here is not able to go back to the callbackUrl. It should work even if I'm working on a localhost, right? Do you know a turn around for this bug right now?

 

Thanks,

Mohamed

Coordinator
Aug 6, 2011 at 5:17 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Coordinator
Aug 6, 2011 at 7:30 PM

I don't have an answer on this yet.  This particular problem is taking too much of my time to track down and I'm going to let it set a while.  If you or anyone else would like to help debug, let me know.  I'll provide the details of what I've found so far.

Joe

Aug 7, 2011 at 2:22 AM

Hi Joe,

 

Yes, I can contribute solving this bug. Please DM me the details.

 

Thanks

M

Aug 14, 2011 at 12:14 AM
Hi Joe,
I've been trying to debug following the same path you followed. The sample works after getting the latest code. Here is what I noticed so far:
  • When the proxy get called request token url is only passed: "https://api.twitter.com/oauth/request_token". However, the full HTTP request that includes the consumer secret and key is in the Authorization header not in the url.
    • In such case, Twitter redirects to the sample's home page without the 404 Not found error.

  • I copied exactly the samples code into my application and deployed the new compiled dlls. However, the passed url to the proxy includes the call back, consumer key, & secret. I couldn't find the authorization header. Twitter in this case fails to return to the callback page.
Any idea why the authorization header is not included in the http context?
Thanks,
Mohamed
On Sat, Aug 6, 2011 at 11:30 AM, JoeMayo <notifications@codeplex.com> wrote:

From: JoeMayo

I don't have an answer on this yet. This particular problem is taking too much of my time to track down and I'm going to let it set a while. If you or anyone else would like to help debug, let me know. I'll provide the details of what I've found so far.

Joe

Read the full discussion online.

To add a post to this discussion, reply to this email (LinqToTwitter@discussions.codeplex.com)

To start a new discussion for this project, email LinqToTwitter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com

Aug 14, 2011 at 12:18 AM
I'm using IIS, could it be stripping out the Authorization header?

On Sat, Aug 13, 2011 at 4:13 PM, Mohamed Ahmed <moh.f.ahmed@gmail.com> wrote:
Hi Joe,
I've been trying to debug following the same path you followed. The sample works after getting the latest code. Here is what I noticed so far:
  • When the proxy get called request token url is only passed: "https://api.twitter.com/oauth/request_token". However, the full HTTP request that includes the consumer secret and key is in the Authorization header not in the url.
    • In such case, Twitter redirects to the sample's home page without the 404 Not found error.

  • I copied exactly the samples code into my application and deployed the new compiled dlls. However, the passed url to the proxy includes the call back, consumer key, & secret. I couldn't find the authorization header. Twitter in this case fails to return to the callback page.
Any idea why the authorization header is not included in the http context?
Thanks,
Mohamed
On Sat, Aug 6, 2011 at 11:30 AM, JoeMayo <notifications@codeplex.com> wrote:

From: JoeMayo

I don't have an answer on this yet. This particular problem is taking too much of my time to track down and I'm going to let it set a while. If you or anyone else would like to help debug, let me know. I'll provide the details of what I've found so far.

Joe

Read the full discussion online.

To add a post to this discussion, reply to this email (LinqToTwitter@discussions.codeplex.com)

To start a new discussion for this project, email LinqToTwitter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


Coordinator
Aug 14, 2011 at 12:35 AM

Maybe the proxy is stripping out the authorization header. I recall making a change, in the not too distant past, where I moved OAuth parameters from the URL to the Authorization header – OAuth best practice.

Joe

From: MohamedAhmed [email removed]
Sent: Saturday, August 13, 2011 5:18 PM
To: jmayo@mayosoftware.com
Subject: Re: Silverlight E2E OAuth [LinqToTwitter:267988]

From: MohamedAhmed

I'm using IIS, could it be stripping out the Authorization header?

On Sat, Aug 13, 2011 at 4:13 PM, Mohamed Ahmed <moh.f.ahmed@gmail.com> wrote:

Hi Joe,

I've been trying to debug following the same path you followed. The sample works after getting the latest code. Here is what I noticed so far:

  • When the proxy get called request token url is only passed: "https://api.twitter.com/oauth/request_token". However, the full HTTP request that includes the consumer secret and key is in the Authorization header not in the url.
    • In such case, Twitter redirects to the sample's home page without the 404 Not found error.
  • I copied exactly the samples code into my application and deployed the new compiled dlls. However, the passed url to the proxy includes the call back, consumer key, & secret. I couldn't find the authorization header. Twitter in this case fails to return to the callback page.

Any idea why the authorization header is not included in the http context?

Thanks,

Mohamed

On Sat, Aug 6, 2011 at 11:30 AM, JoeMayo <notifications@codeplex.com> wrote:

From: JoeMayo

I don't have an answer on this yet. This particular problem is taking too much of my time to track down and I'm going to let it set a while. If you or anyone else would like to help debug, let me know. I'll provide the details of what I've found so far.

Joe

Read the full discussion online.

To add a post to this discussion, reply to this email (LinqToTwitter@discussions.codeplex.com)

To start a new discussion for this project, email LinqToTwitter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com

Aug 14, 2011 at 12:46 AM
You are right, I checked the code. It is stripping out the authorization header. If it is there and just send parameters through that header rather than through a query string, it would be better and avoid that error.

On Sat, Aug 13, 2011 at 4:35 PM, JoeMayo <notifications@codeplex.com> wrote:

From: JoeMayo

Maybe the proxy is stripping out the authorization header. I recall making a change, in the not too distant past, where I moved OAuth parameters from the URL to the Authorization header – OAuth best practice.

Joe

From: MohamedAhmed [email removed]
Sent: Saturday, August 13, 2011 5:18 PM
To: jmayo@mayosoftware.com
Subject: Re: Silverlight E2E OAuth [LinqToTwitter:267988]

From: MohamedAhmed

I'm using IIS, could it be stripping out the Authorization header?

On Sat, Aug 13, 2011 at 4:13 PM, Mohamed Ahmed <moh.f.ahmed@gmail.com> wrote:

Hi Joe,

I've been trying to debug following the same path you followed. The sample works after getting the latest code. Here is what I noticed so far:

  • When the proxy get called request token url is only passed: "https://api.twitter.com/oauth/request_token". However, the full HTTP request that includes the consumer secret and key is in the Authorization header not in the url.
    • In such case, Twitter redirects to the sample's home page without the 404 Not found error.
  • I copied exactly the samples code into my application and deployed the new compiled dlls. However, the passed url to the proxy includes the call back, consumer key, & secret. I couldn't find the authorization header. Twitter in this case fails to return to the callback page.

Any idea why the authorization header is not included in the http context?

Thanks,

Mohamed

On Sat, Aug 6, 2011 at 11:30 AM, JoeMayo <notifications@codeplex.com> wrote:

From: JoeMayo

I don't have an answer on this yet. This particular problem is taking too much of my time to track down and I'm going to let it set a while. If you or anyone else would like to help debug, let me know. I'll provide the details of what I've found so far.

Joe

Read the full discussion online.

To add a post to this discussion, reply to this email (LinqToTwitter@discussions.codeplex.com)

To start a new discussion for this project, email LinqToTwitter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com

Read the full discussion online.

To add a post to this discussion, reply to this email (LinqToTwitter@discussions.codeplex.com)

To start a new discussion for this project, email LinqToTwitter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


Coordinator
Aug 14, 2011 at 9:16 PM

Fiddler shows that Authorization header is being sent properly.  I tried moving OAuth parameters to the query string, and not in the Authorization header, but that resulted in the same problem.

Joe