You DO NOT need the PIN for a browser app. It is ONLY REQUIRED for desktop
1. oauth_consumer_key = Consumer key given to you by Twitter
2. oauth_token = The token
3. oauth_signature_method = HMAC-SHA1
4. oauth_signature = computed HMAC-SHA1 hash value of the other parameters
5. oauth_timestamp = the number of seconds since Jan 1 1970
6. oauth_nonce = a unique value. I would suggest using a GUID.
For the signature, here is an example of what needs to be hashed: this is a
GET request to rate_limit_status
You would take this value and hash it. The KEY to the hash would be
yourConsumerSecrettokenSecret, and tokenSecret is allowed to be blank
for the cases where you don't have the secret.
Even though the documentation says the oauth_version is optional, I
include it anyway.
On Wed, Jan 20, 2010 at 9:59 AM, eco_bach bac...@gmail.com wrote:
According to the offcial OAuth spec, in order to obtain an access
token, the consumer request MUST contain the following parameters
1 oauth_consumer_key:The Consumer Key.
2 oauth_token:The Request Token obtained previously.
3 oauth_signature_method: The signature method the Consumer
sign the request.
4 oauth_signature: The signature as defined in Signing
5 oauth_timestamp: As defined in Nonce and Timestamp (Nonce
6 oauth_nonce: As defined in Nonce and Timestamp (Nonce and
I'm developing a web application in Flash and hence, NOT using the
extra pin handshake. (at least I've been told it wasn't necessary, my
Application Type is defined as 'Browser').
So far, I've been unsuccessful, 'verified'= false in my access token
Can someone cofirm for me that I in fact don't need the PIN, and if
so, do I need to explicitly define all six parametres above in my
Thanks for any feedback!