Reverse Auth Token Generation Through Web Portal?



So it looks like the special request token needed for reverse auth on iOS (Step 1 in the document can be generated beforehand and packaged with the application (doesn’t rely on anything on the user’s side). There doesn’t seem to be a way to set the x_auth_mode of the authorization header through the online OAuth Tool. I’d suggest somehow letting us generare the special token through the web portal (or at least easily generate the cURL command that will get us the token).



Reverse auth isn’t a one-off process, you would need to make this request for a request token every time, for every user that you want reverse auth credentials for (in addition to the access token step). The request token is not re-usable and shouldn’t be hard-coded in an application.


Thanks, I missed the part where the user’s access token is needed in the authorization signature.


Actually I got the generation and you really don’t need the credentials of an individual user. the only thing stopping me from pre-packaging this token is the oauth_timestamp field. I know requests can timeout but since this is supposed to be treated as an opaque string, I’m not sure if this field is still important.

So I’m guessing oauth_timestamp field is what’s really stopping us from generating this token once and bundling it with our apps.


Also, being able to pre generate the request token would mean not having to include our consumer secret in the app, which would be ideal.


Sorry for spaming this thread but I hope it helps someone else down the line. After reading @theSeakCook 's comments in I realized I can get my server to actually request the request_token and then serve it to my app. Which will let me keep the consumer secret out of the app.