Hi, A bit late to this party, so sorry for repeating stuff, but trying to get my old head around the twitter 1.0a OAuth changes.
http://oauth.googlecode.com/svn/spec/core/1.0a/drafts/3/oauth-core-1_0a.html#auth_step3 http://groups.google.com/group/twitter-development-talk/browse_frm/thread/1c48fedf4ae7ed52/7d772dedcc756cbf#7d772dedcc756cbf I have a desktop client (an iphone app, Twitkwik) which 'now' supplies the user with a pin code after they authorise the app to use Twitter. My understanding is that the app should ask the user for the pin code and then send this (as oauth_verifier) when swapping the request token for an access token request. Does that sound correct? As far as I can tell, webapps can get round this by providing a callback. Thanks in advance, Chris
