Huzzah! It looks like the OAuth gem, when not given the parameter oauth_callback, automatically passes oob, FTL! :P
So... in our case, we simply did this: consumer = OAuth::Consumer.new("TOKENZ", "SECRETZ", { :site=>"http:// twitter.com" }) consumer.get_request_token(:oauth_callback => "http:// tweetingtoohard.com/auth_success") And now things are looking like they ought to :) Hope that helps anyone else who may be using the OAuth gem with Ruby :P --Keith On Jun 9, 6:16 pm, Matt Sanford <m...@twitter.com> wrote: > Hi there, > > I just checked the tokens generated on several of these services > and I see oauth_callback was set to "oob". Doug is working on the docs > right now to make it clear how all of this shakes out. The end result > is that if you want to use the pre-configured callback url don't send > an oauth_callback parameter at all. If you're seeing this error but > are not sending the oauth_callback parameter please email me off list > with a copy of the URL, headers and body where you make the > request_token call so I can try and debug the issue. It doesn't seem > to be all apps which is what I would expect in the case of a bug. > > Thanks; > – Matt Sanford / @mzsanford > Twitter Dev > > On Jun 9, 2009, at 3:53 PM, lebreeze wrote: > > > > > I'm seeing exactly the same behaviour and it just started happening a > > few hours ago > > > App ishttp://moodmapr.com > > > Users just cannot login but instead are provided with a PIN > > > On Jun 9, 11:37 pm, Keith Hanson <seraphimrhaps...@gmail.com> wrote: > >> I'm actually not using an oauth callback parameter and am getting > >> this > >> behavior. > > >> I'm running on Sinatra at the moment, but have implemented my login > >> routine by pretty much copy/pasting the Rails tutorial in the API > >> Wiki. > > >> I'm using the gem OAuth 0.3.5 for redirecting and what-not. > > >> I did take a look at the redirect url, though, and didn't see any > >> oauth_callback params set. It sounds as if they shouldn't be there > >> anyways, correct? > > >> On Jun 9, 5:28 pm, Elliott Kember <elliott.kem...@gmail.com> wrote: > > >>> Sorry - having said that, I've removed the oauth_callback parameter > >>> and the behaviour is still persisting - and it also doesn't save the > >>> authentication so I have to hit Allow every time. > > >>> On Jun 9, 11:21 pm, Elliott Kember <elliott.kem...@gmail.com> wrote: > > >>>> Hey Matt, > > >>>> Yep, I'm passing oauth_callback - and it does look like that's the > >>>> problem, because I have another app which doesn't send it, and it's > >>>> working fine. > > >>>> Is this by design, or will it be changed back? I don't need it to > >>>> use > >>>> the oauth_callback url that I pass, but it'd be good to return to > >>>> the > >>>> specified callback URL by default. > > >>>> Thanks, > >>>> Elliott > > >>>> On Jun 9, 11:17 pm, Matt Sanford <m...@twitter.com> wrote: > > >>>>> Hi there, > > >>>>> Are you by chance passing anything in to the request_token > >>>>> call > >>>>> for the value of oauth_callback? I checked out a few other > >>>>> services > >>>>> and they seemed fine. If you're sending oauth_callback=oob (a.k.a. > >>>>> "out of band") then the system is forced into the PIN flow. We're > >>>>> working on docs for all of this now but let me know if that's what > >>>>> you're sending. > > >>>>> — Matt > > >>>>> On Jun 9, 2009, at 2:55 PM, Keith Hanson wrote: > > >>>>>> Same here, actually, for tweetingtoohard.com (tried to post here > >>>>>> before but it looks like it got eaten :P) > > >>>>>> We've put up a snarky message in the meantime about the > >>>>>> blunders :P > >>>>>> But please do correct us if we have done something incorrect. > > >>>>>> -- Keith Hanson > >>>>>> @big_love > >>>>>> keith (at) tweetingtoohard.com > > >>>>>> On Jun 9, 4:47 pm, Elliott Kember <elliott.kem...@gmail.com> > >>>>>> wrote: > >>>>>>> Hey guys, > > >>>>>>> I'm having a few problems with the OAuth API and my browser- > >>>>>>> based app > >>>>>>> - it's giving me PIN numbers at the /oauth/authorize page, even > >>>>>>> though > >>>>>>> it's set to return to a callback in the OAuth settings - I've > >>>>>>> rechecked my settings, and the application is definitely set > >>>>>>> as a > >>>>>>> browser app. > > >>>>>>> I'm guessing this is something to do with the new PIN-based > >>>>>>> desktop > >>>>>>> app code, just wondering when it'll be fixed - or whether I'm > >>>>>>> doing > >>>>>>> something wrong! > > >>>>>>> Thanks, > >>>>>>> Elliott