Re: [twitter-dev] Obtaining access token WITHOUT using a PIN

[ryan alford]

You DO NOT need the PIN for a browser app.  It is ONLY REQUIRED for desktop
apps.

1.  oauth_consumer_key = Consumer key given to you by Twitter
2.  oauth_token = The token
3.  oauth_signature_method = "HMAC-SHA1"
4.  oauth_signature = computed HMAC-SHA1 hash value of the other parameters
5.  oauth_timestamp = the number of seconds since Jan 1 1970
6.  oauth_nonce = a unique value.  I would suggest using a GUID.

For the signature, here is an example of what needs to be hashed:  this is a
GET request to "rate_limit_status"

GET&http%3A%2F%2Ftwitter.com%2Faccount%2Frate_limit_status.xml&oauth_consumer_key%3DYourConsumerKey%26oauth_nonce%3D0f419e62-8680-468f-a647-0532706af529%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D126354%26oauth_token%3D36116361-8YRR4w9rRwz7HOc0nYTMmNWjCDrQdFYtnPwsiP7jm%26oauth_version%3D1.0

You would take this value and hash it.  The KEY to the hash would be
"yourConsumerSecret&tokenSecret", and "tokenSecret" is allowed to be blank
for the cases where you don't have the secret.

Even though the documentation says the "oauth_version" is optional, I
include it anyway.

Ryan

On Wed, Jan 20, 2010 at 9:59 AM, eco_bach  wrote:

> Hi
> According to the offcial OAuth spec, in order to obtain an access
> token, the consumer request MUST contain the following parameters
>
>1 oauth_consumer_key:The Consumer Key.
>2 oauth_token:The Request Token obtained previously.
>3 oauth_signature_method: The signature method the Consumer
> used to
> sign the request.
>4 oauth_signature: The signature as defined in Signing
> Requests
> (Signing Requests).
>5 oauth_timestamp: As defined in Nonce and Timestamp (Nonce
> and
> Timestamp).
>6 oauth_nonce: As defined in Nonce and Timestamp (Nonce and
> Timestamp).
>
> I'm developing a web application in Flash and hence, NOT using the
> extra pin handshake. (at least I've been told it wasn't necessary, my
> Application Type is defined as 'Browser').
>
> So far, I've been unsuccessful, 'verified'= false in my access token
> request handler.
> Can someone cofirm for me that I in fact don't need the PIN, and if
> so, do I need to explicitly define all six parametres above in my
> request?
> Thanks for any feedback!
>

[twitter-dev] Obtaining access token WITHOUT using a PIN

[eco_bach]

Hi
According to the offcial OAuth spec, in order to obtain an access
token, the consumer request MUST contain the following parameters

1 oauth_consumer_key:The Consumer Key.
2 oauth_token:The Request Token obtained previously.
3 oauth_signature_method: The signature method the Consumer 
used to
sign the request.
4 oauth_signature: The signature as defined in Signing Requests
(Signing Requests).
5 oauth_timestamp: As defined in Nonce and Timestamp (Nonce and
Timestamp).
6 oauth_nonce: As defined in Nonce and Timestamp (Nonce and
Timestamp).

I'm developing a web application in Flash and hence, NOT using the
extra pin handshake. (at least I've been told it wasn't necessary, my
Application Type is defined as 'Browser').

So far, I've been unsuccessful, 'verified'= false in my access token
request handler.
Can someone cofirm for me that I in fact don't need the PIN, and if
so, do I need to explicitly define all six parametres above in my
request?
Thanks for any feedback!