OAuth with Microsoft not working correctly

Question

I created a single Web application based on Visual Studio 2012 Web application template and tried to test OAuth which is added OOB. I went to the following link to register my application and get a client id.

https://manage.dev.live.com/Applications/Index

OpenAuth.AuthenticationClients.AddMicrosoft always generates: The provided value for the input parameter 'redirect_uri' is not valid. The value must be an absolute URL whose scheme is http:// or https://.

but if I follow this article I can log in without problem. (by adding iframe and so on)

http://weblogs.asp.net/dwahlin/archive/2007/08/17/integrate-windows-live-id-authentication-into-your-website.aspx

Answer 1

Steps:

1. Register your application in: Windows Live application management site, please See Registering Your Application with Windows Live
2. Under API Configuration, enter your Root Domain, for example:

www.yourdomain.com

3. Under API Configuration, enter your application URL. Do not forget to include: Account/RegisterExternalLogin

www.yourdomain.com/YourApp/Account/RegisterExternalLogin

4. Edit AuthConfig.vb, uncomment OpenAuth.AuthenticationClients.AddMicrosoft and copy from Windows Live application management site your clientId and clientSecret

   OpenAuth.AuthenticationClients.AddMicrosoft(
       clientId:="0000000000000", 
       clientSecret:="x0-0000000000000000")
   

5. Publish your application in www.yourdomain.com/YourApp

PS. Don't forget to update your connectionString in Web.config (DefaultConnection)

Answer 2

Short answer:

1) Update your hosts file, adding line: "127.0.0.1 mynewApplication.test"

2) In manage.dev.live.com set "Redirect Domain" to http://mynewApplication.test:[PORT]

3) run your application locally, make sure you have http://mynewApplication.test:[PORT] in your browser

4) Login with Microsoft

This worked fine for me.

Long answer:

Looks like you must specify "Redirect Domain" in Ms Application management tools to some unique domain name, which you have to maintain in your hosts file, if you test your app locally. They do not allow to set shared domain name like "localtest.me" any longer.

If you look in fiddler you will see that MVC adds refer URL (current URL you see in your browser) to oauth request. So when you send click button redirecting you to Microsoft oauth, make sure your browser loaded current page from the same domain name, which was registered in App Redirect domain.