发表新帖
发表新帖

Twitter external login with Owin gives HTTP 403 (Forbidden)

后端 未结
关注
1 2043
借酒劲吻你
借酒劲吻你 2021-01-02 08:56

ASP.NET MVC 5 Project.
Owin Version 4.0.0.0

Startup.Auth

app.UseTwitterAuthentication(
  consumerKey: \"somekey\",
  con
相关标签:
1条回答
  • 暖寄归人
    2021-01-02 09:12

    We had a similar issue in the past week or two and found that Twitter, while previously not validating the callback URL, have started checking it.

    The login flow for Twitter is like this:

    1. Client calls your backend.
    2. Backend calls Twitter API with callback URL, keys, etc.
    3. Twitter issues a login URL.
    4. Backend redirects client to login URL as a result of the challenge.
    5. Client logs in on Twitter (and authorises the app)
    6. Twitter redirects to the callback URL (usually https://www.example.com/signin-twitter unless you specify an alternative callbackPath)
    7. Backend receives Twitter tokens.

    The callback URL validation happens at #2 and will return a 403 to the client if it fails.

    I note in your image that your callbackPath is /twittersignin but you're not configuring it on the ASP.NET side, so ASP.NET is using /signin-twitter. You should update your callback URLs on Twitter (via the developer portal) to reflect this.

    0 讨论(0)
 看不清?
提交回复
热议问题