In our API we implemented DotNetOpenAuth (v3.4.7). We frequently receive the exception "A token in the message was not recognized by the service provider", along with this stack trace:
at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args)
at DotNetOpenAuth.Messaging.ErrorUtilities.ThrowProtocol(String message, Object[] args)
at DotNetOpenAuth.OAuth.ChannelElements.TokenHandlingBindingElement.VerifyThrowTokenTimeToLive(ITokenContainingMessage message)
at DotNetOpenAuth.OAuth.ChannelElements.TokenHandlingBindingElement.ProcessIncomingMessage(IProtocolMessage message)
at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message)
Just recently I discovered this exception is thrown when people take too long authorize their request token. So the time between step 1 and step 2 of the authorization process is too long.
Can this time be configured in the web.config or programmatically?
Note: I tried messaging lifetime="00:30:00" but that does not seem to influence what I'm aiming for.
Two factors go into possibly producing this error:
IServiceProviderTokenManager.GetRequestToken throws a KeyNotFoundException, ORdotNetOpenAuth/oauth/serviceProvider/security/@maxAuthorizationTime setting.For example:
<dotNetOpenAuth>
<oauth>
<serviceProvider>
<security maxAuthorizationTime="00:05:00"/>
</serviceProvider>
</oauth>
</dotNetOpenAuth>