I’ve implemented the PIN-based authorization (as explained at: https://dev.twitter.com/docs/auth/pin-based-authorization). Everything is working but I have one question which is best explained with the following scenario:
- The Twitter user enters an incorrect PIN number.
- I perform the POST oauth/access_token request and set the oauth_verifier parameter to the PIN number entered in Step 1.
- Because the PIN is incorrect, I receive a 401: Unauthorized error.
- At this point, I tell the user that the PIN they have entered is incorrect and that they should re-enter it.
Step 4 is the issue. The original PIN number does not seem to be valid anymore because the POST oauth/access_token request returned the 401 error (or so I think that’s why the PIN is no longer valid). Thus, my question is, is there a way to reuse the same PIN number, or can I get a new PIN number without having the Twitter user log in again?
I hope this makes sense. Thanks.