I am using twitterizer to authenticate users. everything works fine except everytime I try to logout, I got "bad request" back. I also tested the sample application I downloaded from twitterizer.com, try the logout.aspx page, couldn't get that working.
public ActionResult Logout()
{
FormsAuthentication.SignOut();
OAuthTokens tokens = new OAuthTokens()
{
AccessToken = _twitterAccessToken,
AccessTokenSecret = _twitterAccessTokenSecret,
ConsumerKey = _twitterConsumerKey,
ConsumerSecret = _twitterConsumerSecret
};
TwitterResponse<TwitterErrorDetails> twitterResponse = TwitterAccount.EndSession(tokens, null);
var result = twitterResponse.Result;
return RedirectToAction("Index", "Home");
}
twitterResponse.Result always returns back "BadRequest", I refreshed the page, still logged in.
The end session endpoint will have no effect unless the user logs into twitter during the authentication process. If the user logs in and, after logged in, authorizes your application, the end session method will do nothing.
The API provides only very limited control over the user's session. This has been a big issue for a very long time.