"Desktop applications only support the oauth_callback value 'oob'" when oauth_callback is present

Sep 14, 2011 at 4:43 AM

I'm having difficulty getting the full OAuth handshake to operate for a registered app.  The app is set with Read-Write access.  I've reviewed the troubleshooting suggestions at https://dev.twitter.com/discussions/204

When I set the Callback URL setting to either an empty string or some placeholder value, I receive the following request/response pair on request_token (https://api.twitter.com/oauth/request_token)  - note synced timestamps; obfuscated key & signature; using the v2.0.21 of LinqToTwitter library. 

Any clues as to what might be happening?

Authorization: OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3733%2FLinqToTwitterWebFormsDemo%2Fdefault.aspx",oauth_consumer_key="0*********************Q",oauth_nonce="3831000",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1315974215",oauth_version="1.0",oauth_signature="5*******************%3D"
LocalDate: 9/14/2011 4:23:35 AM
Host: api.twitter.com

Status: 401 Unauthorized
X-Transaction: 1315974408-93987-28162
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
X-MID: 9150783fc3e6eeddc598fddf2f02df8fb67d3d9b
Content-Length: 178
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Type: text/html; charset=utf-8
Date: Wed, 14 Sep 2011 04:26:48 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Wed, 14 Sep 2011 04:26:48 GMT
Set-Cookie: k=; path=/; expires=Wed, 21-Sep-11 04:26:48 GMT; domain=.twitter.com,guest_id=v1%3A131597440884643076; domain=.twitter.com; path=/; expires=Fri, 13 Sep 2013 16:26:48 GMT,_twitter_sess=BAh7CDoHaWQiJTg3YTA5NGFkMDg5MzliNjc2YzkxNzZlNzE2MTllZGZjIgpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsAOg9jcmVhdGVkX2F0bCsIj%252BovZjIB--7cb6eaefdf925847cb90cb77f60baa39a0eeaa40; domain=.twitter.com; path=/; HttpOnly
Server: hi
WWW-Authenticate: OAuth realm="http://api.twitter.com"
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <error>Desktop applications only support the oauth_callback value 'oob'</error>

Sep 14, 2011 at 5:27 AM


Looking at hash/error, it seems that Twitter thinks you are or should be using a desktop application.  This is what "oob" means.  I vaguely recall some time in the past where you could specify whether your application was desktop or Web, but I can't see anything about it in the settings today.  One possible suggestion is to visit your application, at dev.twitter.com, and ensure you've entered a callback URL, because I believe it's absence makes Twitter think your application type is desktop.  The actual callback you use, set via BeginAuthorization, will override the default application callback.


Sep 14, 2011 at 12:42 PM

Thanks Joe! That was the resolution.  

Within dev.twitter.com, I updated the app's Callback URL value to a non-empty string and the request_token responded as expected.