Hey guys. I’m using a mobile app to generate an access token and token secret for an authenticating user. I want to send this to my api which is built in python. The api will ingest the token and secret and determine the user and profile. I am assuming that the verify credentials endpoint would be used for this. I am not able to return the profile of the authenticating user however it only works when I submit my consumer apps access token and token secret. Is this endpoint only used exclusively for the consumer credentials as opposed to external authenticating users.
The user access_token/secret and consumer key/secret pairs are all required for standard OAuth 1 requests. If you only one the consumer key/secret in your mobile app you might look into using something like OAuth Echo. With Echo you generate the signed request on the device and send it to the server which executes the request without access to the secrets.
@abraham so in other words verify credentials can only be used when you have the consumer, consumer secret, access, and access secret? All I need, is an endpoint that can retrieve the profile given the access token. I have already done the oauth1 dance on the mobile end yielding access token and secret. Now I just want to see the user.
The OAuth 1 signature method requires all four values to create the signature so yes, all of them are needed at some point.