You're absolutely right -- if you want to pass state in OAuth 1.0A, you are best served by specifying an oauth_callback in the request_token step that includes parameters for your state. As long as your oauth_callback is a single URL-encoded string, that's what your user will be sent back to. You might be specifying state as query parameters, you might use another means (elements of the path, etc.). It's up to you.
Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 13, 2010 at 7:07 AM, Jonathan Sachs <jhsa...@jhsachs.com> wrote: > Raffi Krikorian replied to my question about pass-through parameters in > the callback URL: > > > i don't think this is possible in oauth 1.0a. i know oauth 2.0 has a > state parameter (don't quote me on the name) that will allow clients to > pass > an opaque string to the server who will then pass it back. > > One of my co-workers came up with this: > > looking at the twitter docu on github > http://github.com/abraham/twitteroauth/blob/master/DOCUMENTATION > > i see this: > > 4) You will now have a Twitter URL that you must send the > user to. You can add parameters and > they will return with the user in step 5. > > https://twitter.com/oauth/authenticate?oauth_token=xyz123 > https://twitter.com/oauth/authenticate?oauth_token=xyz123&info=abc > // info will return with > user > > > I haven't tried this yet, but it appears to be saying that the feature I > want _is_ available. How should I interpret it? > > -- To unsubscribe, reply using "remove me" as the subject.