You DO NOT need the PIN for a browser app.  It is ONLY REQUIRED for desktop

1.  oauth_consumer_key = Consumer key given to you by Twitter
2.  oauth_token = The token
3.  oauth_signature_method = "HMAC-SHA1"
4.  oauth_signature = computed HMAC-SHA1 hash value of the other parameters
5.  oauth_timestamp = the number of seconds since Jan 1 1970
6.  oauth_nonce = a unique value.  I would suggest using a GUID.

For the signature, here is an example of what needs to be hashed:  this is a
GET request to "rate_limit_status"


You would take this value and hash it.  The KEY to the hash would be
"yourConsumerSecret&tokenSecret", and "tokenSecret" is allowed to be blank
for the cases where you don't have the secret.

Even though the documentation says the "oauth_version" is optional, I
include it anyway.


On Wed, Jan 20, 2010 at 9:59 AM, eco_bach <> wrote:

> Hi
> According to the offcial OAuth spec, in order to obtain an access
> token, the consumer request MUST contain the following parameters
>                1 oauth_consumer_key:The Consumer Key.
>                2 oauth_token:The Request Token obtained previously.
>                3 oauth_signature_method: The signature method the Consumer
> used to
> sign the request.
>                4 oauth_signature: The signature as defined in Signing
> Requests
> (Signing Requests).
>                5 oauth_timestamp: As defined in Nonce and Timestamp (Nonce
> and
> Timestamp).
>                6 oauth_nonce: As defined in Nonce and Timestamp (Nonce and
> Timestamp).
> I'm developing a web application in Flash and hence, NOT using the
> extra pin handshake. (at least I've been told it wasn't necessary, my
> Application Type is defined as 'Browser').
> So far, I've been unsuccessful, 'verified'= false in my access token
> request handler.
> Can someone cofirm for me that I in fact don't need the PIN, and if
> so, do I need to explicitly define all six parametres above in my
> request?
> Thanks for any feedback!

Reply via email to