Ask Your Question
1

What is the callback url when setting up OAuth applications eg. Twitter?

asked 2011-02-22 10:08:17 -0600

Rupreck gravatar image

updated 2011-02-22 13:33:35 -0600

Evgeny gravatar image

This is required when installing keys to connect the external services. Sites such as twitter ask for the callback url.

edit retag flag offensive close merge delete

Comments

The settings page has the linkedin 'create app' url wrong (a typo from the twitter one above). The link needed is: https://www.linkedin.com/secure/developer
Rupreck gravatar imageRupreck ( 2011-02-22 10:56:25 -0600 )edit
Edited your post - Twitter (as well as facebook and linkedin) uses OAuth, protocol, not OpenID .
Evgeny gravatar imageEvgeny ( 2011-02-22 13:34:34 -0600 )edit
I knew that but it seems my fingers didn't... thanks.
Rupreck gravatar imageRupreck ( 2011-02-22 17:42:15 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2011-02-22 13:39:04 -0600

Evgeny gravatar image

updated 2011-02-22 16:07:52 -0600

Hi Rupreck, for the "Registered callback URL" in Twitter, please just type URL of your site (better to the /questions page - to avoid a redirect). The meaning of that setting - is where the login provider must redirect after authentication is complete.

The URL you've mentioned "complete-oauth" is internal - no need to use it for the registrations. It is used for the protocol communication internally.

edit flag offensive delete link more

Comments

Facebook has a Deauthorise Callback. What should this be? Is it supported?
Rupreck gravatar imageRupreck ( 2011-02-22 17:45:40 -0600 )edit
If I understand correctly - you can enter any url you want. That is supposedly the page you want to show the user when he/she removes access to your site through the OAuth provider. All the OAuth client does in askbot at this point - lets the user log in. Also it is possible to log in via multiple methods to the same account at the same time, take a look at "manage login methods" link in your profile.
Evgeny gravatar imageEvgeny ( 2011-02-22 17:58:25 -0600 )edit
I suspect such a facility would allow the user to instruct the authentication provider (facebook) to effectively withdraw the granted token from all service providers (using SSO/SAML thinking). i.e. the user hypothetically could go to their authentication provider and in one click log themselves out of everywhere. eg. if they felt they had been compromised or in the case of facebook if the user removes the app. So this would have to point to a page that would log the user out of askbot immediately.
Rupreck gravatar imageRupreck ( 2011-02-22 18:42:11 -0600 )edit
Actually the explanation is here: http://developers.facebook.com/docs/authentication/ about two thirds of the way down the page.
Rupreck gravatar imageRupreck ( 2011-02-22 18:44:08 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2011-02-22 10:08:17 -0600

Seen: 25,120 times

Last updated: Feb 22 '11