RequestCredentialsParameters.FromCallbackUrlAsync error when no oauth_verifier returned

[redoc209]

When authenticating a Twitter app, if the user selects "Cancel" instead of "Authorize App" a "denied" parameter is sent back and no "oauth_token" which causes an error in RequestCredentialsParameters.FromCallBackURLAsync.

ERROR: "System.ArgumentException: oauth_verifier query parameter not found, this is required to authenticate the user
Parameter name: callbackUrl"

 public async Task<ActionResult> TwitterUserAuthCallbackAsync()
        {
    
            var appClient = new TwitterClient(TWITTER_API_KEY, TWITTER_API_SECRET);

            string q = Request.QueryString.ToString();
            // Extract the information from the redirection url
            var requestParameters = await RequestCredentialsParameters.FromCallbackUrlAsync(q, _myAuthRequestStore);

            // Request Twitter to generate the credentials.
            var userCreds = await appClient.Auth.RequestCredentialsAsync(requestParameters);

            var userClient = new TwitterClient(userCreds);
            var user = await userClient.Users.GetAuthenticatedUserAsync();

        }

Steps to recreate:
Send request to connect to Twitter.
Instead of Authorize App button, click Cancel button and Twitter sends user to another page with "return to MyApp" button.
The button has a Twitter generated return URL that looks like this.
https://mydomain.com/TwitterUserAuthCallbackAsync?tweetinvi_auth_request_id=XXXXXXXXXXdenied=XXXXXX

[linvi]

Thank you, I will be looking into this.

[linvi]

Hello there. So I took a look and I think it is correct for Tweetinvi to throw an Exception here.

I do acknowledge though that System.ArgumentException might strange though and that you might except an UserDeniedAuthenticationException or something similar.

I will improve this in the future.

Can I ask what do you think is wrong here and what you would expect.

Thanks,
Linvi

[redoc209]

Hi,
I think it would be helpful to add support to allow no oauth_token and accept a denied param. This is what Twitter is sending back when cancel button is hit. We would then be able to handle it as a cancelled process with the denied param as a confirmation (as it is actually not an error). That is how we intend to fix it on this end I think. An error for a missing param for a valid response back from Twitter is what seems to be an issue for us. Please correct me if I'm wrong though. Thanks

[linvi]

So I have thought about it. I do think it makes sense for RequestCredentialsParameters.FromCallbackUrlAsync to throw an exception when providing invalid parameters. The reason is that a factory cannot create an object if you provide invalid parameters, it does make sense for a factory method to throw an InvalidParameterException.

Though I do understand that you might not want to be aware of the cancellation via an exception.
My current approach to this problem is that I will add a new method similar to client.Auth.GetAuthenticationResult(string url).

This would return an enum:

enum AuthenticationResult 
{
    ApprovedByUser,
    CancelledByUser,
    NeverRequestedByApp
}

Let me know what you think

[redoc209]

That seems like a good solution.