CRuppert
commented
7 years ago If you like, I can fork and do a PR for this, but it seems silly for what amounts to be a 4 char change.
Closed CRuppert closed 7 years ago
CRuppert
commented
7 years ago If you like, I can fork and do a PR for this, but it seems silly for what amounts to be a 4 char change.
Tratcher
commented
7 years ago Agreed, we'll take care of it.
Interestingly we've already fixed this in Core: https://github.com/aspnet/Security/blob/b7a5a6044d61ee2fa0625446b52ef4f181c08505/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs#L28
Note to self: We should also make these endpoints settable like we do for the other providers https://github.com/aspnet/AspNetKatana/blob/b850cd8b4de61e65bbd7127ce02b5df7c4cb6db5/src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationOptions.cs#L36.
Repro: 1) Set up site with twitter auth using middleware 2) Attempt to log into said site with twitter on Android device with twitter installed 3) Twitter full client launches
This is caused by the redirect uri being set to https://twitter.com instead of https://api.twitter.com
The default https://twitter.com uri is used by the deep linking functionality of the app. This causes the app to handle the authentication request, instead of the browser, then after auth, the webview embedded in the twitter app takes over, and can not locate your redirect target.
The solution is to prefix the twitter.com domain with api. in this line https://github.com/aspnet/AspNetKatana/blob/dev/src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationHandler.cs#L25 just like the other calls, or to allow the user to override the root domains via configuration.
Reference: https://dev.twitter.com/oauth/reference/get/oauth/authenticate note the Resource url