0

In our API we implemented DotNetOpenAuth (v3.4.7). We frequently receive the exception "A token in the message was not recognized by the service provider", along with this stack trace:

   at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args)
   at DotNetOpenAuth.Messaging.ErrorUtilities.ThrowProtocol(String message, Object[] args)
   at DotNetOpenAuth.OAuth.ChannelElements.TokenHandlingBindingElement.VerifyThrowTokenTimeToLive(ITokenContainingMessage message)
   at DotNetOpenAuth.OAuth.ChannelElements.TokenHandlingBindingElement.ProcessIncomingMessage(IProtocolMessage message)
   at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message)

Just recently I discovered this exception is thrown when people take too long authorize their request token. So the time between step 1 and step 2 of the authorization process is too long.

Can this time be configured in the web.config or programmatically?

Note: I tried messaging lifetime="00:30:00" but that does not seem to influence what I'm aiming for.

Jacco
  • 3,251
  • 1
  • 19
  • 29

1 Answers1

2

Two factors go into possibly producing this error:

  1. IServiceProviderTokenManager.GetRequestToken throws a KeyNotFoundException, OR
  2. The token is older than the timeout specified in your web.config file's dotNetOpenAuth/oauth/serviceProvider/security/@maxAuthorizationTime setting.

For example: 

<dotNetOpenAuth>
    <oauth>
        <serviceProvider>
            <security maxAuthorizationTime="00:05:00"/>
        </serviceProvider>
    </oauth>
</dotNetOpenAuth>
Andrew Arnott
  • 80,040
  • 26
  • 132
  • 171
  • Factor 2 was my problem. Thanks a lot for answering. Keep up the good work on your library. Hope to update to v4 very soon. – Jacco May 11 '12 at 07:27
  • I tried putting this info in my web.config file, but no changes to the expires_in time...it still shows the same value (in my case 3600). – sanjosep43 Sep 03 '14 at 16:28