Hi Ryan, oauth_verifier is always required on the access token step in the OAuth 1.0a protocol, regardless of oauth_callback matching a pre-registered one or not. We'll pass the oauth_verifier to you on your callback step which you then need to send along with your access token request.
You may find it easier to debug OAuth issues if you use HTTP Headers to authenticate instead of attaching parameters to the query string. If you're still having issues, I would recommend sharing the full URI you are executing, the HTTP method, the signature base string you've generated for the request, and all parameters you are sending with the request (excluding any secrets). Thanks, Taylor On Tue, Jul 20, 2010 at 10:22 AM, Ryan <[email protected]> wrote: > Having trouble with the OAuth process at the point where my callback > requests the access token. Since the callback URL matches the one in > my app settings, I did not think passing back the oauth_verifier was > needed. But I get this error in XML: > > <?xml version' => '"1.0" encoding="UTF-8"?> > <hash> > <request>/oauth/access_token? > oauth_consumer_key=VkiB3AfQh6BWz6JTcFPHzg', > 'amp;oauth_nonce' => 'a30511ba69dc30b600b48d39e0aa880e', > 'amp;oauth_signature' => 'NPdMqVXLXCcfEwQfhh+48hne7p4=', > 'amp;oauth_signature_method' => 'HMAC-SHA1', > 'amp;oauth_timestamp' => '1279646107', > 'amp;oauth_token' => 'uakv65JDkQrjGzyZP7RbazyHKKspywp0SJMbzmb4Co', > 'amp;oauth_version' => '1.0</request> > <error>Invalid oauth_verifier parameter</error> > </hash> > > Cool. Now, when I try passing the oauth_verifier Twitter comes back > with a non-descript 500 error page in HTML. Not very helpful. > > Any help? >
