In a web app oauth, what's the meaning of oauth of PIN code?


I’m a web-flow app, I shoud need a callback url to accept the oauth_verifier to finish the access_token step to fetch the access_token, but now the authorize step lead to a PIN code page, and no callback is work…

Then i use this PIN code as the oauth_verifier to fetch the access_token, not success.

What can i do?


From the FAQ:

What’s a placeholder URL? How do I set my callback URL?

In OAuth 1.0a, you’re required to send an explicit oauth_callback value on every request to POST oauth/request_token, regardless of any pre-registered callback you may have associated with your application or if you’re going to be performing out-of-band OAuth (for which you’d provide an oauth_callback=oob value).

When you create or edit your application on, you need to choose which kind of OAuth authentication you’ll be using: standard callback-based OAuth, out-of-band mode OAuth (also known as “PIN-code OAuth” & “OOB OAuth”), or xAuth.

If you’re exclusively using out-of-band OAuth or xAuth, you want to leave the “Callback URL” field empty. By doing so, your application will not allow for callback-based OAuth to be performed.

If you’ll be using callback-based OAuth, you want to provide the “Callback URL” field with a fully qualified “placeholder” URL. This URL does not have to be the actual oauth_callback value you’ll send on oauth/request_token, but it does need to represent a HTTP or HTTPS-based URL with a TLD we recognize. If you know you’ll be performing callback-based OAuth, consider just providing a URL to your home page.


Thanks for you help. And i understood your answer, but the question is in my app page :{show, settings}, i didn’t found any checkbox or select HTML dom showed the my chosen of “which kind of OAuth authentication you’ll be using”, so where i can do the chosen.

Thanks again!


You choose which kind of OAuth you’re doing by the presence or absence of the callback URL field: if you put a valid string in that field and save it, you’re app is in “web mode” and can do callback-based OAuth. If you don’t put a string in there, you can only do out-of-band style OAuth.