1

What is the callback url when setting up OAuth applications eg. Twitter?

This is required when installing keys to connect the external services. Sites such as twitter ask for the callback url.

Evgeny's avatar
13.2k
Evgeny
updated 2011-02-22 13:33:35 -0600
Rupreck's avatar
305
Rupreck
asked 2011-02-22 10:08:17 -0600
edit flag offensive 0 remove flag close merge delete

Comments

The settings page has the linkedin 'create app' url wrong (a typo from the twitter one above). The link needed is: https://www.linkedin.com/secure/developer
Rupreck's avatar Rupreck (2011-02-22 10:56:25 -0600) edit
Edited your post - Twitter (as well as facebook and linkedin) uses OAuth, protocol, not OpenID .
Evgeny's avatar Evgeny (2011-02-22 13:34:34 -0600) edit
I knew that but it seems my fingers didn't... thanks.
Rupreck's avatar Rupreck (2011-02-22 17:42:15 -0600) edit
add a comment see more comments

1 Answer

1

Hi Rupreck, for the "Registered callback URL" in Twitter, please just type URL of your site (better to the /questions page - to avoid a redirect). The meaning of that setting - is where the login provider must redirect after authentication is complete.

The URL you've mentioned "complete-oauth" is internal - no need to use it for the registrations. It is used for the protocol communication internally.

Evgeny's avatar
13.2k
Evgeny
updated 2011-02-22 16:07:52 -0600, answered 2011-02-22 13:39:04 -0600
edit flag offensive 0 remove flag delete link

Comments

Facebook has a Deauthorise Callback. What should this be? Is it supported?
Rupreck's avatar Rupreck (2011-02-22 17:45:40 -0600) edit
If I understand correctly - you can enter any url you want. That is supposedly the page you want to show the user when he/she removes access to your site through the OAuth provider. All the OAuth client does in askbot at this point - lets the user log in. Also it is possible to log in via multiple methods to the same account at the same time, take a look at "manage login methods" link in your profile.
Evgeny's avatar Evgeny (2011-02-22 17:58:25 -0600) edit
I suspect such a facility would allow the user to instruct the authentication provider (facebook) to effectively withdraw the granted token from all service providers (using SSO/SAML thinking). i.e. the user hypothetically could go to their authentication provider and in one click log themselves out of everywhere. eg. if they felt they had been compromised or in the case of facebook if the user removes the app. So this would have to point to a page that would log the user out of askbot immediately.
Rupreck's avatar Rupreck (2011-02-22 18:42:11 -0600) edit
Actually the explanation is here: http://developers.facebook.com/docs/authentication/ about two thirds of the way down the page.
Rupreck's avatar Rupreck (2011-02-22 18:44:08 -0600) edit
add a comment see more comments