You DO NOT need the PIN for a browser app. It is ONLY REQUIRED for desktop apps.
1. oauth_consumer_key = Consumer key given to you by Twitter 2. oauth_token = The token 3. oauth_signature_method = "HMAC-SHA1" 4. oauth_signature = computed HMAC-SHA1 hash value of the other parameters 5. oauth_timestamp = the number of seconds since Jan 1 1970 6. oauth_nonce = a unique value. I would suggest using a GUID. For the signature, here is an example of what needs to be hashed: this is a GET request to "rate_limit_status" GET&http%3A%2F%2Ftwitter.com%2Faccount%2Frate_limit_status.xml&oauth_consumer_key%3DYourConsumerKey%26oauth_nonce%3D0f419e62-8680-468f-a647-0532706af529%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1263999954%26oauth_token%3D36116361-8YRR4w9rRwz7HOc0nYTMmNWjCDrQdFYtnPwsiP7jm%26oauth_version%3D1.0 You would take this value and hash it. The KEY to the hash would be "yourConsumerSecret&tokenSecret", and "tokenSecret" is allowed to be blank for the cases where you don't have the secret. Even though the documentation says the "oauth_version" is optional, I include it anyway. Ryan On Wed, Jan 20, 2010 at 9:59 AM, eco_bach <bac...@gmail.com> wrote: > Hi > According to the offcial OAuth spec, in order to obtain an access > token, the consumer request MUST contain the following parameters > > 1 oauth_consumer_key:The Consumer Key. > 2 oauth_token:The Request Token obtained previously. > 3 oauth_signature_method: The signature method the Consumer > used to > sign the request. > 4 oauth_signature: The signature as defined in Signing > Requests > (Signing Requests). > 5 oauth_timestamp: As defined in Nonce and Timestamp (Nonce > and > Timestamp). > 6 oauth_nonce: As defined in Nonce and Timestamp (Nonce and > Timestamp). > > I'm developing a web application in Flash and hence, NOT using the > extra pin handshake. (at least I've been told it wasn't necessary, my > Application Type is defined as 'Browser'). > > So far, I've been unsuccessful, 'verified'= false in my access token > request handler. > Can someone cofirm for me that I in fact don't need the PIN, and if > so, do I need to explicitly define all six parametres above in my > request? > Thanks for any feedback! >