tweetinvi icon indicating copy to clipboard operation
tweetinvi copied to clipboard

Published 20 hours ago verified publisher icon linvi

RequestCredentialsParameters.FromCallbackUrlAsync error when no oauth_verifier returned

Open redoc209 opened this issue 4 years ago • 5 comments

When authenticating a Twitter app, if the user selects "Cancel" instead of "Authorize App" a "denied" parameter is sent back and no "oauth_token" which causes an error in RequestCredentialsParameters.FromCallBackURLAsync.

ERROR: "System.ArgumentException: oauth_verifier query parameter not found, this is required to authenticate the user Parameter name: callbackUrl"

 public async Task<ActionResult> TwitterUserAuthCallbackAsync()
        {
    
            var appClient = new TwitterClient(TWITTER_API_KEY, TWITTER_API_SECRET);

            string q = Request.QueryString.ToString();
            // Extract the information from the redirection url
            var requestParameters = await RequestCredentialsParameters.FromCallbackUrlAsync(q, _myAuthRequestStore);

            // Request Twitter to generate the credentials.
            var userCreds = await appClient.Auth.RequestCredentialsAsync(requestParameters);

            var userClient = new TwitterClient(userCreds);
            var user = await userClient.Users.GetAuthenticatedUserAsync();

        }

Steps to recreate: Send request to connect to Twitter. Instead of Authorize App button, click Cancel button and Twitter sends user to another page with "return to MyApp" button. The button has a Twitter generated return URL that looks like this. https://mydomain.com/TwitterUserAuthCallbackAsync?tweetinvi_auth_request_id=XXXXXXXXXXdenied=XXXXXX

redoc209 avatar Nov 01 '20 22:11 redoc209

Thank you, I will be looking into this.

linvi avatar Nov 15 '20 01:11 linvi

Hello there. So I took a look and I think it is correct for Tweetinvi to throw an Exception here.

I do acknowledge though that System.ArgumentException might strange though and that you might except an UserDeniedAuthenticationException or something similar.

I will improve this in the future.

Can I ask what do you think is wrong here and what you would expect.

Thanks, Linvi

linvi avatar Nov 15 '20 02:11 linvi

Hi, I think it would be helpful to add support to allow no oauth_token and accept a denied param. This is what Twitter is sending back when cancel button is hit. We would then be able to handle it as a cancelled process with the denied param as a confirmation (as it is actually not an error). That is how we intend to fix it on this end I think. An error for a missing param for a valid response back from Twitter is what seems to be an issue for us. Please correct me if I'm wrong though. Thanks

redoc209 avatar Nov 15 '20 02:11 redoc209

So I have thought about it. I do think it makes sense for RequestCredentialsParameters.FromCallbackUrlAsync to throw an exception when providing invalid parameters. The reason is that a factory cannot create an object if you provide invalid parameters, it does make sense for a factory method to throw an InvalidParameterException.

Though I do understand that you might not want to be aware of the cancellation via an exception. My current approach to this problem is that I will add a new method similar to client.Auth.GetAuthenticationResult(string url).

This would return an enum:

enum AuthenticationResult 
{
    ApprovedByUser,
    CancelledByUser,
    NeverRequestedByApp
}

Let me know what you think

linvi avatar Nov 15 '20 22:11 linvi

That seems like a good solution.

redoc209 avatar Nov 16 '20 06:11 redoc209