I need to create a desktop application that uses OAuth but I cannot find the page on Twitter's web site to create this.
The page I have found requires a website which my desktop application does not have.
Am I missing something?
Most of the steps are the same, except instead of sending an URL as the oauth_callback to request_token, you should just send the value "oob". From https://dev.twitter.com/docs/auth/oauth#oob:
out of band mode - Instead of providing a URL-based callback when acquiring a request token, "oob" is supplied. Once the user has given Twitter their account credentials, they are presented with a screen containing a PIN code and are asked to enter this code into the application. The application then sends this PIN as an oauth_verifier to the access token step to complete the exchange.
Your application will still generate the authorization endpoint URL and ask the user to visit it (either by printing the URL or running a system command to open a web browser to the specified location) at which point the user will be shown a PIN code they should enter into your application. The rest of the flow is pretty much the same.
I understand the OOB method, but what I don't understand is how the desktop application is meant to form the requests. According to the documentation it has to sign the requests with the consumer secret key.
So... I have to put the secret key into the desktop application? Where anyone could decompile it and start using it themselves? Or am I missing something obvious?
Yes, welcome to the exciting world of trying to keep secrets inside of desktop software. You could run a web server which would handle the OAuth access portion of the flow and deliver the access token to the desktop app somehow, but that would basically be moving the problem, not solving it (how would you prevent malicious software from using your service, for example). Obfuscating the key in your source and various other DRM approaches are the best practices here, although there will never be a silver bullet for software running on systems where an attacker has root access.
Hehe yes I did think about a website to handle the OAuth. You could solve the problem of malicious software - have the user register on your website to get a key you generate that they can use to authenticate their copy of the application to your website. Quite a handshake we have going!
Yeah, that sounds like it might be a workable approach. Of course, you'd want to use https for the website, and invalidate keys after a short period of time or upon their first use.
I have the same problem. I can not register(create) an desktop app on twitter. It gives me only to create a web app. I do not have a screen where I will select if the app that I am registering is a desktop or web app.
Please help how to add new app that is a desktop app, where I will not provide a web url.
A "desktop app" is created by not providing the callback URL. Just leave that field empty and you have a desktop app.
I use OAuth and I already created two applications with different access tokens.I have created widgets and buttons on my local Apache server page -locally on my computer and I can post messages to my Twitter and I can see messages from my widget. I want to develop multiple twitter applications on the same user account that will be used for different project at work. Each project have to be separated, to display and post messages to specific projects "twitter application". My question is how can I do it. Can I use one account and few different twitter applications for different project to do that? or Twitter allows me to use OAuth just for one user to see the messages and upload the messages to account?. Also if I ant to delete a follower from my local web site, can I do it? Can you give me better idea how I can use twitter API using PHP. Any advise??
When i register my application , it does not show the option for marking application as
Desktop application. please provide me the solution