DotNetOpenAuth.WebServerClient.XSRF-Session changes during callback

Question

DotNetOpenAuth.WebServerClient.XSRF-Session changes during callback

I am trying to set up simple Oauth2 login authentication. However, I am stuck in a callback that throws the following exception:

[ProtocolException: Unexpected OAuth authorization response received with callback and client state that does not match an expected value.] DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String unformattedMessage, Object[] args) +426 DotNetOpenAuth.OAuth2.WebServerClient.ProcessUserAuthorization(HttpRequestBase request) +771

The exact problem is discussed here.

In my case, the SessionID remains unchanged, but the DotNetOpenAuth.WebServerClient.XSRF-Session cookie changes its value on the callback.

Implementation:

  public void Authorize(HttpRequest request) { string callbackString = request.Url.AbsoluteUri; Uri callbackUri = new Uri(callbackString);; IAuthorizationState authorization = nimbleClient.ProcessUserAuthorization(); if (authorization == null) { // Kick off authorization request nimbleClient.RequestUserAuthorization(returnTo: callbackUri); } else { //Get AccesToken Uri.EscapeDataString(authorization.AccessToken); }

+7

.net asp.net oauth dotnetopenauth

Lucas bol Feb 22 '13 at 11:46

source share

1 answer

Kaustav banerjee · Answer 1 · 2015-01-08T06:43:11+0000

You have declared your cookie persistent as shown below:

 private const string XsrfCookieName = "DotNetOpenAuth.WebServerClient.XSRF-Session"

This will help maintain value even with a callback.

DotNetOpenAuth.WebServerClient.XSRF-Session changes during callback

More articles: