使用 Owin 的 Twitter 外部登录给出 HTTP 403(禁止)
Twitter external login with Owin gives HTTP 403 (Forbidden)
ASP.NET MVC 5 项目。
欧文版本 4.0.0.0
Startup.Auth
app.UseTwitterAuthentication(
consumerKey: "somekey",
consumerSecret: "someSecretKey");
异常发生在ExternalLogin
方法
Response status code does not indicate success: 403 (Forbidden).
这是回调网址
仅供参考: 该网站是真实的,并且没有问题,Twitter 登录在几周前工作,但现在突然开始失败错误。
StackTrace
[HttpRequestException: Response status code does not indicate success: 403 (Forbidden).]
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +121834
Microsoft.Owin.Security.Twitter.<ObtainRequestTokenAsync>d__23.MoveNext() +2387
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Twitter.<ApplyResponseChallengeAsync>d__12.MoveNext() +1091
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +376
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +475
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +215
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +968
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +184
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
System.Web.<>c__DisplayClass11_0.<InvokeEndHandler>b__0() +41
System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +151
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +156
我们在过去一两周遇到了类似的问题,发现 Twitter 虽然之前未验证回调 URL,但已开始检查它。
Twitter 的登录流程是这样的:
- 客户端调用您的后端。
- 后端通过回调 URL、键等调用 Twitter API
- Twitter 发出登录 URL。
- 作为质询的结果,后端将客户端重定向到登录 URL。
- 客户端登录 Twitter(并授权应用)
- Twitter 重定向到回调 URL(通常
https://www.example.com/signin-twitter
除非您指定替代 callbackPath
)
- 后端接收 Twitter 令牌。
回调 URL 验证发生在 #2,如果失败,将 return 向客户端发送 403。
我在你的图片中注意到你的 callbackPath 是 /twittersignin
但你没有在 ASP.NET 端配置它,所以 ASP.NET 使用 /signin-twitter
。您应该在 Twitter 上更新您的回调 URLs(通过开发者门户)以反映这一点。
ASP.NET MVC 5 项目。
欧文版本 4.0.0.0
Startup.Auth
app.UseTwitterAuthentication(
consumerKey: "somekey",
consumerSecret: "someSecretKey");
异常发生在ExternalLogin
方法
Response status code does not indicate success: 403 (Forbidden).
这是回调网址
仅供参考: 该网站是真实的,并且没有问题,Twitter 登录在几周前工作,但现在突然开始失败错误。
StackTrace
[HttpRequestException: Response status code does not indicate success: 403 (Forbidden).]
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +121834
Microsoft.Owin.Security.Twitter.<ObtainRequestTokenAsync>d__23.MoveNext() +2387
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Twitter.<ApplyResponseChallengeAsync>d__12.MoveNext() +1091
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +376
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +475
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +215
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +968
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +184
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
System.Web.<>c__DisplayClass11_0.<InvokeEndHandler>b__0() +41
System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +151
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +156
我们在过去一两周遇到了类似的问题,发现 Twitter 虽然之前未验证回调 URL,但已开始检查它。
Twitter 的登录流程是这样的:
- 客户端调用您的后端。
- 后端通过回调 URL、键等调用 Twitter API
- Twitter 发出登录 URL。
- 作为质询的结果,后端将客户端重定向到登录 URL。
- 客户端登录 Twitter(并授权应用)
- Twitter 重定向到回调 URL(通常
https://www.example.com/signin-twitter
除非您指定替代callbackPath
) - 后端接收 Twitter 令牌。
回调 URL 验证发生在 #2,如果失败,将 return 向客户端发送 403。
我在你的图片中注意到你的 callbackPath 是 /twittersignin
但你没有在 ASP.NET 端配置它,所以 ASP.NET 使用 /signin-twitter
。您应该在 Twitter 上更新您的回调 URLs(通过开发者门户)以反映这一点。