So my testing before was wrong somehow. I think I was not setting a callback url and was getting sent to production where I had a valid session already going.
They correct flow is: 1) get request token from twitter. 2) send user to twitter with oauth_token for the first time. 3) user returns and app uses request token to get user access token which get stored. 4) user come back to site to sign in and is not signed in. 5) site gets request token from twitter. 6) user is sent to twitter with request oauth_token and are automatically redirected back to site. 7) access oauth_token is returned with user which can be matched with oauth_token_secret stored in the database. It seems like it would make more sense to use the same work flow for both oauth/authorize and oauth/authenticate. Then the same code could be used in the callback function and the authenticate method would be more secure. Sorry about all the misinformation. Abraham On Thu, Apr 16, 2009 at 17:25, djMax <djm...@gmail.com> wrote: > > I'm not sure you don't have the secret for it. I'm still trying to > understand the tweet# code, but you were supposed to have saved the > "new" secret for that token when you got the original request token > right? Right now when trying to exchange that secondary oauth_token > for an access token, tweet# isn't passing a secret. > > On Apr 16, 6:14 pm, Dossy Shiobara <do...@panoptic.com> wrote: > > On 4/16/09 6:02 PM, Abraham Williams wrote: > > > > > the oauth_token you are returned is only good for getting an access > > > token from oauth/access_token. that access token is what lets you act > as > > > the user. > > > > Wait, what? The oauth_token that's returned from the > > _oauth/authenticate_ method is already an Access Token, for which you > > don't have the secret to. > > > > I'm hoping Twitter fixes this somehow. > > > > -- > > Dossy Shiobara | do...@panoptic.com |http://dossy.org/ > > Panoptic Computer Network |http://panoptic.com/ > > "He realized the fastest way to change is to laugh at your own > > folly -- then you can let go and quickly move on." (p. 70) > -- Abraham Williams | http://the.hackerconundrum.com Hacker | http://abrah.am | http://twitter.com/abraham Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
