PIN-based authorization

Updated on Sat, 2012-08-25 12:28

Overview

The PIN-based OAuth flow is intended for applications which cannot access or embed a web browser in order to redirect the user to the authorization endpoint. Examples of such applications would be command-line applications, embedded systems, game consoles, and certain types of mobile apps.

Implementation

The PIN-based flow is implemented in the same exact way as Implementing Sign in with Twitter and 3-legged authorization, with the only difference being that the value for oauth_callback must be set to oob during the POST oauth/request_token call.

Once your application has obtained either a GET oauth/authenticate or GET oauth/authorize URL, display the URL to the user so that they may use a web browser to access Twitter.

When an oob callback is requested and the user visits Twitter, they will not be automatically redirected to the application upon approving access. Instead, they will see a PIN code, with instructions to return to the application and enter this value.

Your application must allow the user to input this PIN to complete the flow. The PIN code must be passed as the value for oauth_verifier for the POST oauth/access_token request. All other requests will work normally.