Having surmounted my problems with the request_token yesterday I am now having issues with exchanging the PIN retrieved from the out of bound flow for an access token.
The documentation suggests that I use this value as the oauth_verifier parameter to the oauth/access_token endpoint…
My header is as follows:
Authorization: OAuth oauth_consumer_key=“TJnY0B0OGa6GgfkDidIc2A”, oauth_nonce=“4F8EE8014C351954ADDD0004AC12062E”, oauth_signature=“Up0ZSz4GiqXQU0TAO7yWVnpee4A%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1320846065”, oauth_token=“XLf1KLRPSb23fwXT1ah3LXl85V33MwBhktPvrkVgM”, oauth_verifier=“8152134”, oauth_version=“1.0”
However I get an empty response from the server - both over SSL and unencrypted connections.
For comparison, I have downloaded Twitter4J and when I perform this stage of the process, and looking at the traffic in wireshark that application doesn’t seem to do what the documentation suggests.
Rather than adding the oauth_verifier to the authorization header as the documentation states, it is putting the PIN number into an oauth_verifier parameter in the body of the POST and omitting it from the header altogether.
I don’t want to go down the route they have done if it is not correct and I am making a different mistake though… can anyone advise if this is a mistake in the documentation, or whether I have something else going wrong?!