1. 技术文章
  2. Twitter external login with Owin gives HTTP 403 (Forbidden)

Twitter external login with Owin gives HTTP 403 (Forbidden)

故事扮演 提交于 2019-12-30 04:37:08

问题


ASP.NET MVC 5 Project.
Owin Version 4.0.0.0

Startup.Auth

app.UseTwitterAuthentication(
  consumerKey: "somekey",
  consumerSecret: "someSecretKey");

The exception happened in the ExternalLogin method

Response status code does not indicate success: 403 (Forbidden).

Here are the callback URLs

FYI: the website is real and it is working without problem, The Twitter Login was working a couple of weeks ago, but Now, suddenly, started to fail with the previous error.


StackTrace

[HttpRequestException: Response status code does not indicate success: 403 (Forbidden).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +121834
   Microsoft.Owin.Security.Twitter.<ObtainRequestTokenAsync>d__23.MoveNext() +2387
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Twitter.<ApplyResponseChallengeAsync>d__12.MoveNext() +1091
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +376
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +475
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +215
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +968
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +184
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
   System.Web.<>c__DisplayClass11_0.<InvokeEndHandler>b__0() +41
   System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +151
   System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +156

回答1:


We had a similar issue in the past week or two and found that Twitter, while previously not validating the callback URL, have started checking it.

The login flow for Twitter is like this:

  1. Client calls your backend.
  2. Backend calls Twitter API with callback URL, keys, etc.
  3. Twitter issues a login URL.
  4. Backend redirects client to login URL as a result of the challenge.
  5. Client logs in on Twitter (and authorises the app)
  6. Twitter redirects to the callback URL (usually https://www.example.com/signin-twitter unless you specify an alternative callbackPath)
  7. Backend receives Twitter tokens.

The callback URL validation happens at #2 and will return a 403 to the client if it fails.

I note in your image that your callbackPath is /twittersignin but you're not configuring it on the ASP.NET side, so ASP.NET is using /signin-twitter. You should update your callback URLs on Twitter (via the developer portal) to reflect this.



来源:https://stackoverflow.com/questions/50942270/twitter-external-login-with-owin-gives-http-403-forbidden

标签
c#
asp.net-mvc
owin
twitter-login
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!