Hi Bjorn, This is one area where we aren't spec-compliant but would like to move to compliance in the near future. Under OAuth 1.0a, we should be returning an oauth_verifier to you in the callback for the authorization step, regardless of the type of authorization you are performing. Today, we are not. Similarily, we only expect the oauth_verifier to be present on the access_token step for applications that have indicated the desktop "PIN code" flow (where the verifier is hand-entered by the user, then passed as part of the access token exchange step).
In the future, we'll look into a non-invasive way to phase requirement of the oauth_verifier for all access token requests, regardless of desktop vs. web status, as the spec dictates. Taylor On Apr 6, 1:57 pm, Bjorn Tipling <[email protected]> wrote: > I'm not seeing it. I'm following the specifications as outlined here: > > http://tools.ietf.org/html/draft-hammer-oauth-10#section-2 > > and here: > > http://oauth.net/core/1.0/#anchor9 > > I have Application Type set to "Browser" > > callbackURL set to my callbakck URL > > Everything seems to work up until the user clicks "Allow" Once the > user clicks "Allow" all the callback gets is the oauth_token, I don't > see an oauth_verifier. > > How do I get this? What am I doing wrong? "oauth_verifier" is not in > the GET path it's not in the POST body. The only actual POST is when > the user clicks the "Allow" button and that sends a POST to twitter > with an authenticity token and the oauth token but no oauth_verifier > anywhere. It's no where. And it's required. What is going on? -- To unsubscribe, reply using "remove me" as the subject.
