Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Securities
Re: [BTC-TC] Community Exchange w/ Options, DRIP, 2FA, API, CSV, etc.
by
inh
on 15/05/2013, 18:28:10 UTC
Quote from: burnside on May 15, 2013, 06:16:30 PM
Quote from: inh on May 15, 2013, 05:46:35 PM
Quote from: inh on May 15, 2013, 02:13:48 AM
I'm working with the oauth API right now, and it seems it doesn't support 'oob' for situations when you don't have a callback url available. If you could implement this, I'd be really grateful. All it needs to do is if there is no callback url, or the callback url is 'oob', just display a page with the token and verification information in it so the user can copy and paste it where they need it to go.

After doing more testing, it appears that with "oob" passed as the callback, the page uses itself as the callback URL with the verifier string in the URL as well. This would be fine except I think as soon as the page is loaded with the same token, it invalidates the old verifier, so I can't just copy the verifier from the URL and use it because it's already invalid Sad

If you could make it show a new page that just displays the verifier string when the callback URL is "oob" that would be most excellent.

I'll definitely spend some time on this soon as I can.  I've been looking a bit at some other implementations to see what the "right way" to implement it is.  Wink

Awesome, thank you very much, oauth is such a PITA!

I was basing my statements on how Twitter does it. I made an app at https://dev.twitter.com and it generates the consumer secret and key. Then of course the user (with my sample code) has to hit up the URL http://api.twitter.com/oauth/authorize?oauth_token= and once the user OK's the app, it takes you to a page with just the verification string that is normally returned through the callback URL.

Just wanted to post that as a sample of the work flow for something that is probably doing it right.