Hi again,
Nobody is forcing you to use the PIN unless you're registered as
a desktop app (which has no callback). The issue here is that the
library you are using is setting a value of "oob" and specifically
requesting the PIN flow. I have filed an issue with the gem maintainer
on github [1] and hopefully the default can be changed. You can get
around this right now by passing the callback into your
get_request_token call as described in one of my previous emails.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
[1] - http://github.com/mojodna/oauth/issues#issue/7
On Jun 9, 2009, at 5:15 PM, Elliott Kember wrote:
Surely this is all moot anyway - can't the OAuth process just redirect
if the application only accepts callbacks? We set a preference for
callbacks in the OAuth settings, so why are we being forced into PIN
verification?
On Jun 10, 12:46 am, lebreeze <[email protected]> wrote:
I managed to get the old behaviour back by modifying the oauth gem to
not set a default oauth_callback (oob)
For some reason the twitter-auth gem is not passing over the
configuration to override the default
I'm too tired to investigate further at the minute but will keep
looking in the morning (GMT)
On Jun 10, 12:16 am, Matt Sanford <[email protected]> wrote:
Hi there,
I just checked the tokens generated on several of these
services
and I see oauth_callback was set to "oob". Doug is working on the
docs
right now to make it clear how all of this shakes out. The end
result
is that if you want to use the pre-configured callback url don't
send
an oauth_callback parameter at all. If you're seeing this error but
are not sending the oauth_callback parameter please email me off
list
with a copy of the URL, headers and body where you make the
request_token call so I can try and debug the issue. It doesn't seem
to be all apps which is what I would expect in the case of a bug.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
On Jun 9, 2009, at 3:53 PM, lebreeze wrote:
I'm seeing exactly the same behaviour and it just started
happening a
few hours ago
App ishttp://moodmapr.com
Users just cannot login but instead are provided with a PIN
On Jun 9, 11:37 pm, Keith Hanson <[email protected]>
wrote:
I'm actually not using an oauth callback parameter and am getting
this
behavior.
I'm running on Sinatra at the moment, but have implemented my
login
routine by pretty much copy/pasting the Rails tutorial in the API
Wiki.
I'm using the gem OAuth 0.3.5 for redirecting and what-not.
I did take a look at the redirect url, though, and didn't see any
oauth_callback params set. It sounds as if they shouldn't be there
anyways, correct?
On Jun 9, 5:28 pm, Elliott Kember <[email protected]>
wrote:
Sorry - having said that, I've removed the oauth_callback
parameter
and the behaviour is still persisting - and it also doesn't
save the
authentication so I have to hit Allow every time.
On Jun 9, 11:21 pm, Elliott Kember <[email protected]>
wrote:
Hey Matt,
Yep, I'm passing oauth_callback - and it does look like that's
the
problem, because I have another app which doesn't send it, and
it's
working fine.
Is this by design, or will it be changed back? I don't need it
to
use
the oauth_callback url that I pass, but it'd be good to return
to
the
specified callback URL by default.
Thanks,
Elliott
On Jun 9, 11:17 pm, Matt Sanford <[email protected]> wrote:
Hi there,
Are you by chance passing anything in to the request_token
call
for the value of oauth_callback? I checked out a few other
services
and they seemed fine. If you're sending oauth_callback=oob
(a.k.a.
"out of band") then the system is forced into the PIN flow.
We're
working on docs for all of this now but let me know if that's
what
you're sending.
— Matt
On Jun 9, 2009, at 2:55 PM, Keith Hanson wrote:
Same here, actually, for tweetingtoohard.com (tried to post
here
before but it looks like it got eaten :P)
We've put up a snarky message in the meantime about the
blunders :P
But please do correct us if we have done something incorrect.
-- Keith Hanson
@big_love
keith (at) tweetingtoohard.com
On Jun 9, 4:47 pm, Elliott Kember <[email protected]>
wrote:
Hey guys,
I'm having a few problems with the OAuth API and my browser-
based app
- it's giving me PIN numbers at the /oauth/authorize page,
even
though
it's set to return to a callback in the OAuth settings - I've
rechecked my settings, and the application is definitely set
as a
browser app.
I'm guessing this is something to do with the new PIN-based
desktop
app code, just wondering when it'll be fixed - or whether I'm
doing
something wrong!
Thanks,
Elliott
