Twitter OAuth doesn't redirect back to my web site properly

Disclaimer开发者_Go百科: I'm still starting out with MVC3 (and OAuth in particular). I might be making a basic mistake.

The Problem

My Controller sees that the cookie isn't stored [Note: yes, I'm using cookies per a different discussion. Let's accept that and move on.] and directs me to Twitter. Great. However, when I click authorize, I come right back to Twitter's authorization page.

My Hunch So Far

It seems that my app isn't correctly handling the Twitter postback/callback to my page.

The Ingredients

• ASP.NET MVC 3
• Twitterizer library
• C#

The General Idea / Logic Flow

There might be an issue with this, as this is my first go-round with MVC3 and OAuth.

http://i56.tinypic.com/2rxchw7.png

The Code

I'm hesitant to post it at first because I want to make sure my perception of how this should flow is correct, and because there's understandably a little bit of it to dig through.

Thanks in advance for any help you can give!

I am not 100% sure since I am not a Twitter API pro. But I think Twitter disallows localhost as callback. And it may be that they do a lookup that an URL resolves before allowing a redirect to take place. They wont be able to reach something specified in your .hosts file.

Consider simply issuing oauth_callback to a live URL, preferably one you yourself control. Check that you end up there. Then you can work out how to get hold of the oauth_token and oauth_verifier. (pro-tip: scrape the URL, or if you can, have the page print the variables on screen for easier scraping).

Also test specifying "oob" as callback, see what happens.

EDIT: I just realized that scraping the URL wont work since you are doing a web application. Sorry. But how about having a live URL take the oauth_token and oauth_verifier and from that page redirect to localhost or whatever?

If I am reading your flow chart correctly, you may have misunderstood part of the oauth flow. When I followed the chart as though it was the first time a user visits (no cookie, no token/verifier) you have a POST after twitter interaction. There would never be a POST. Twitter's servers do not execute the callback. The user would be redirected (HTTP 302) to the callback url with token and verifier appended to the querystring.

Also, it seems strange to have different behaviors depending on whether you have a verifier or token supplied. If you're doing it right, you would never have one without the other and even if you're doing it wrong, you'll never have a verifier without a token.

At what point are you calling the GetAccessToken method?