After some work (and some help from the group) my implementation works, but...
The QUEST to get an access token 1. app gets a request token from twitter 2. user clicks a button on the ap 3. app opens a twitter page, user types username/password 4. twitter gives user a PIN 5. user use this PIN in the application 6. GREAT, finally app exchange the request token for an access token This token belongs to who? I mean, i don't even know his username! The user will have to repeat the steps above *every time*? I have no idea on how to fit oauth in a real application, i'm probably missing something :/ Thanks in advance. Arthur.