tags:

views:

1671

answers:

6
+3  Q: 

Why do users have to enter a 7-digit twitter PIN to grant my application access?

I am implementing some ruby on rails code tweet stuff for my users. I am creating the proper oauth link...something like

http://twitter.com/oauth/authorize?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv

But after my test account grants access to twitter, it pulls up a page saying "You've successfully granted access to . Simply return to and enter the following PIN to complete the process. 1234567"

I have no idea where the user should enter this PIN and why they have to do that. I don't think this should be a necessary step. Twitter should be redirecting the user to the callback URL I provided in the application settings. Does anyone know why this is happening?

UPDATE I found this article that states I need to send my users to this URL (note "authenticate" instead of "authorize"):

http://twitter.com/oauth/authenticate?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv

I made the change but Twitter redirects the user to the authorize path after he clicks "Allow" which then gives him the 7 digit PIN again!

+3  A: 

OAuth 1.0a added the PIN to solve a social engineering attack to which OAuth 1.0 was vulnerable. But the PIN is only necessary to be entered manually by the user if your application is a desktop/iphone app. If it's a web app the PIN should flow automatically as part of the browser redirects and the user shouldn't have to see or enter this.

So if your app is a web app, then there's a bug either in your OAuth library or your use of it. If your app is a desktop app, this is a "feature" designed to keep your users safe.

Andrew Arnott  2009-08-12 06:18:47
My app is a web app. According to the Twitter docs, taking the user to /oauth/authenticate will tell Twitter that my app is a web app and to include the PIN automatically. However, after clicking Allow, Twitter is redirecting to /oauth/authorize which is the path for Desktop apps. I don't see how I can change anything on my side to fix this.
Tony  2009-08-12 13:31:25
Well, considering that no other Twitter web app has this problem, it's gotta be on the client side. Now, it might also be that you have your twitter.com/oauth_client setup for your web app to be a desktop app. I recommend double-checking that Twitter knows that your consumer_key is associated with a web app and not a desktop app. Failing that, I return to "it's a bug in your library or the way you're using it."
Andrew Arnott  2009-08-12 18:11:37
You were right about an oauth bug. Getting oauth 0.3.4 fixed my application. The issue is with oauth 0.3.5
Tony  2009-08-14 16:59:46
+1  A: 

If you don't specify an oauth_callback parameter with the URL you'd like the user redirected to when they accept, it will default to the pin-based authentication mechanism. Using oauth_callback=oob will also trigger the pin-based authentication flow.

Nathan de Vries  2009-08-13 02:55:58
that did not work for me. for twitter, they have a callback parameter you can set in the application settings...so i am not sure sending a URL param will make a difference but thanks for the response
Tony  2009-08-13 21:41:40
A: 

I just changed it from Desktop Application to Web Application on Twitter's setting Page & its fine for me....:)

Rajiv  2010-03-08 10:44:15
A: 

I have the same problem...Twitter keeps giving me a PIN.

Did you solve the problem?

Regards

Ivan

Ivan  2010-03-19 14:31:08
A: 

I noticed that when I use the

config.gem "twitter", :version => "0.6.12"

twitter redirects fine and don't show the pin

but when I use the newer gem version

config.gem "twitter", :version => "0.9.2"

it always shows the pin.

This definitely needs further investigation, and may be solved with further configuration that I didn't do with the newer GEM.

Roy  2010-03-27 12:19:17
+1  A: 

Just log in to you twitter account and edit the application to change from Desktop to Browser Everybody is doing that mistake including myself.

 2010-07-14 11:28:56

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?