You DO NOT need the PIN for a browser app. It is ONLY REQUIRED for desktop
apps.
1. oauth_consumer_key = Consumer key given to you by Twitter
2. oauth_token = The token
3. oauth_signature_method = "HMAC-SHA1"
4. oauth_signature = computed HMAC-SHA1 hash value of the other parameters
5. oauth_timestamp = the number of seconds since Jan 1 1970
6. oauth_nonce = a unique value. I would suggest using a GUID.
For the signature, here is an example of what needs to be hashed: this is a
GET request to "rate_limit_status"
GET&http%3A%2F%2Ftwitter.com%2Faccount%2Frate_limit_status.xml&oauth_consumer_key%3DYourConsumerKey%26oauth_nonce%3D0f419e62-8680-468f-a647-0532706af529%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D126354%26oauth_token%3D36116361-8YRR4w9rRwz7HOc0nYTMmNWjCDrQdFYtnPwsiP7jm%26oauth_version%3D1.0
You would take this value and hash it. The KEY to the hash would be
"yourConsumerSecret&tokenSecret", and "tokenSecret" is allowed to be blank
for the cases where you don't have the secret.
Even though the documentation says the "oauth_version" is optional, I
include it anyway.
Ryan
On Wed, Jan 20, 2010 at 9:59 AM, eco_bach wrote:
> Hi
> According to the offcial OAuth spec, in order to obtain an access
> token, the consumer request MUST contain the following parameters
>
>1 oauth_consumer_key:The Consumer Key.
>2 oauth_token:The Request Token obtained previously.
>3 oauth_signature_method: The signature method the Consumer
> used to
> sign the request.
>4 oauth_signature: The signature as defined in Signing
> Requests
> (Signing Requests).
>5 oauth_timestamp: As defined in Nonce and Timestamp (Nonce
> and
> Timestamp).
>6 oauth_nonce: As defined in Nonce and Timestamp (Nonce and
> Timestamp).
>
> I'm developing a web application in Flash and hence, NOT using the
> extra pin handshake. (at least I've been told it wasn't necessary, my
> Application Type is defined as 'Browser').
>
> So far, I've been unsuccessful, 'verified'= false in my access token
> request handler.
> Can someone cofirm for me that I in fact don't need the PIN, and if
> so, do I need to explicitly define all six parametres above in my
> request?
> Thanks for any feedback!
>