The PIN-based OAuth flow is intended for applications which cannot access or embed a web browser in order to redirect the user to the authorization endpoint. Examples of such applications would be command-line applications, embedded systems, game consoles, and certain types of mobile apps.
The PIN-based flow is implemented in the same exact way as Implementing Sign in with Twitter and 3-legged authorization, with the only difference being that the value for
oauth_callback must be set to
oob during the POST oauth/request_token call.
oob callback is requested and the user visits Twitter, they will not be automatically redirected to the application upon approving access. Instead, they will see a PIN code, with instructions to return to the application and enter this value.
Your application must allow the user to input this PIN to complete the flow. The PIN code must be passed as the value for
oauth_verifier for the POST oauth/access_token request. All other requests will work normally.