How do you debug an ASP.Net application accessing an OAuth secured API?

Question

I know there has to be an obvious solution to this problem and I am missing it, so I would much appreciate someone enlightening me so I don't spin my wheels...

I am writing an ASP.Net application that will interact with a service API (Evernote specifically). Evernote requires OAuth for security and before I can actually interact with the objects I need to obtain a token.

The workflow goes like this (explaining it to myself as much as anyone else!):

1. Build a url with my development api key and secret key and some other OAuth stuff, send it to Evernote to request an access token.
2. Send the url as a request to Evernote and pull the new access token out of the response
3. Build another url with the access token to request an authentication token for the user. This url goes to a page the user must interact with to login (if they haven't already) and then authorize my application to access their account. The last param of the url I build is a callback url which will be called from Evernote's servers.
4. If all goes well, Evernote will request the callback url and include the new authentication token as a param.
5. Once my server receives the callback with the embedded token I can use it so that my app can interact with the users' notes on subsequent requests.

The problem is that I'm writing this app on a local box, not an ISP under a public domain. So my callback is to the localhost server. Of course, localhost is relative, so Evernote can't resolve my callback... I can't ever receive an authentication token and debug at the same time.

There has to be a way around this problem because this authentication model is not unique to Evernote (by a longshot... Flickr uses it as do a lot of other services). So can someone tell me how to set things up so I can get the authentication token and still be able to debug on my local box?

Help is much appreciated!

Answer 1

OAuth is quite tough to implement. It may not be the answer you're looking for, but this is how I managed to get the job done:

1. Write some code on my local dev machine.
2. Run a bat file (or alternatively hook a post-build event in VS) that executes a msbuild deploy script and deploys the application to a test server.
3. Run the application on the test server. After obtaining the request token and requesting for authorization it redirects to the Evernote website.
4. After successful authorization the Evernote website redirects back to my test server and the authorized request token is exchanged for an access token.
5. Instead of debugging (I don't have VS on the test server) I examine the logs of the application (the logging I used was as simple as writing to a text file).
6. Rinse and repeat

For the purposes of testing I registered a temporary public subdomain (e.g. testing.oauth.mydomain.com) so that Evernote will be able redirect to that url.

Answer 2

According to this (http://stackoverflow.com/questions/670398/how-do-i-develop-against-oauth-locally) the callback is issued by the browser, so it should be able to hit localhost.