I’ve been trying to implement ‘Sign in with Twitter’, but I’m stuck at trying to work out how to get an OAuth token secret for the user.
The Twitter API docs (https://dev.twitter.com/docs/auth/implementing-sign-twitter) say:
“To start a sign in flow, your application must obtain a request token by sending a signed message to POST oauth/request_token
The body of the response will contain the oauth_token, oauth_token_secret, and oauth_callback_confirmed parameters”
And the docs for creating a signature (https://dev.twitter.com/docs/auth/creating-signature) say:
“The value which identifies the account your application is acting on behalf of is called the oauth token secret. This value can be obtained in several ways, all of which are described at Obtaining access tokens.”
And the ‘obtaining access tokens’ page links back to “Implementing Sign in with Twitter”, completing the circle.
How can I obtain a token secret if I need a token secret to sign the request to obtain the token secret? What the heck?