Oh I see, I didn't even try to get access once I saw there was no oauth verifier but after looking at some of the other samples I see they don't expect an oauth_verifier. Works without using an oauth_verifer.
Got it. Guess we'll have to fix our implementation when you guys support this part of the spec. Thanks for the quick reply. On Apr 6, 2:24 pm, Taylor Singletary <[email protected]> wrote: > Hi Bjorn, > > This is one area where we aren't spec-compliant but would like to move > to compliance in the near future. Under OAuth 1.0a, we should be > returning an oauth_verifier to you in the callback for the > authorization step, regardless of the type of authorization you are > performing. Today, we are not. Similarily, we only expect the > oauth_verifier to be present on the access_token step for applications > that have indicated the desktop "PIN code" flow (where the verifier is > hand-entered by the user, then passed as part of the access token > exchange step). > > In the future, we'll look into a non-invasive way to phase requirement > of the oauth_verifier for all access token requests, regardless of > desktop vs. web status, as the spec dictates. > > Taylor > > On Apr 6, 1:57 pm, Bjorn Tipling <[email protected]> wrote: > > > > > I'm not seeing it. I'm following the specifications as outlined here: > > >http://tools.ietf.org/html/draft-hammer-oauth-10#section-2 > > > and here: > > >http://oauth.net/core/1.0/#anchor9 > > > I have Application Type set to "Browser" > > > callbackURL set to my callbakck URL > > > Everything seems to work up until the user clicks "Allow" Once the > > user clicks "Allow" all the callback gets is the oauth_token, I don't > > see an oauth_verifier. > > > How do I get this? What am I doing wrong? "oauth_verifier" is not in > > the GET path it's not in the POST body. The only actual POST is when > > the user clicks the "Allow" button and that sends a POST to twitter > > with an authenticity token and the oauth token but no oauth_verifier > > anywhere. It's no where. And it's required. What is going on? -- To unsubscribe, reply using "remove me" as the subject.
