Oh I see, I didn't even try to get access once I saw there was no
oauth verifier but after looking at some of the other samples I see
they don't expect an oauth_verifier. Works without using an
oauth_verifer.

Got it. Guess we'll have to fix our implementation when you guys
support this part of the spec.

Thanks for the quick reply.

On Apr 6, 2:24 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Bjorn,
>
> This is one area where we aren't spec-compliant but would like to move
> to compliance in the near future. Under OAuth 1.0a, we should be
> returning an oauth_verifier to you in the callback for the
> authorization step, regardless of the type of authorization you are
> performing. Today, we are not. Similarily, we only expect the
> oauth_verifier to be present on the access_token step for applications
> that have indicated the desktop "PIN code" flow (where the verifier is
> hand-entered by the user, then passed as part of the access token
> exchange step).
>
> In the future, we'll look into a non-invasive way to phase requirement
> of the oauth_verifier for all access token requests, regardless of
> desktop vs. web status, as the spec dictates.
>
> Taylor
>
> On Apr 6, 1:57 pm, Bjorn Tipling <bjorn.tipl...@gmail.com> wrote:
>
>
>
> > I'm not seeing it. I'm following the specifications as outlined here:
>
> >http://tools.ietf.org/html/draft-hammer-oauth-10#section-2
>
> > and here:
>
> >http://oauth.net/core/1.0/#anchor9
>
> > I have Application Type set to "Browser"
>
> > callbackURL set to my callbakck URL
>
> > Everything seems to work up until the user clicks "Allow" Once the
> > user clicks "Allow" all the callback gets is the oauth_token, I don't
> > see an oauth_verifier.
>
> > How do I get this? What am I doing wrong? "oauth_verifier" is not in
> > the GET path it's not in the POST body. The only actual POST is when
> > the user clicks the "Allow" button and that sends a POST to twitter
> > with an authenticity token and the oauth token but no oauth_verifier
> > anywhere. It's no where. And it's required. What is going on?


-- 
To unsubscribe, reply using "remove me" as the subject.

Reply via email to