This is one area where we aren't spec-compliant but would like to move
to compliance in the near future. Under OAuth 1.0a, we should be
returning an oauth_verifier to you in the callback for the
authorization step, regardless of the type of authorization you are
performing. Today, we are not. Similarily, we only expect the
oauth_verifier to be present on the access_token step for applications
that have indicated the desktop "PIN code" flow (where the verifier is
hand-entered by the user, then passed as part of the access token
In the future, we'll look into a non-invasive way to phase requirement
of the oauth_verifier for all access token requests, regardless of
desktop vs. web status, as the spec dictates.
On Apr 6, 1:57 pm, Bjorn Tipling <bjorn.tipl...@gmail.com> wrote:
> I'm not seeing it. I'm following the specifications as outlined here:
> and here:
> I have Application Type set to "Browser"
> callbackURL set to my callbakck URL
> Everything seems to work up until the user clicks "Allow" Once the
> user clicks "Allow" all the callback gets is the oauth_token, I don't
> see an oauth_verifier.
> How do I get this? What am I doing wrong? "oauth_verifier" is not in
> the GET path it's not in the POST body. The only actual POST is when
> the user clicks the "Allow" button and that sends a POST to twitter
> with an authenticity token and the oauth token but no oauth_verifier
> anywhere. It's no where. And it's required. What is going on?
To unsubscribe, reply using "remove me" as the subject.