search

nst / STTwitter

A stable, mature and comprehensive Objective-C library for Twitter REST API 1.1
BSD 3-Clause "New" or "Revised" License
999 stars 161 forks source link

How to do the normal OAuth flow? #265

Closed ePirat closed 8 years ago

ePirat commented 8 years ago

I am wondering how to do a normal OAuth flow:

I am using the following code to obtain the necessary OAuth URL that opens in the Browser for the User to visit:

    // Start request OAuth
    STTwitterAPI *instance = [STTwitterAPI twitterAPIWithOAuthConsumerKey:@""
                                                           consumerSecret:@""];
    [instance postTokenRequest:^(NSURL *url, NSString *oauthToken) {
        [[NSWorkspace sharedWorkspace] openURL:url];
    }
authenticateInsteadOfAuthorize:YES
                    forceLogin:@(YES)
                    screenName:usernameField.stringValue
                 oauthCallback:@"myappfoo://oauthcallback/" errorBlock:^(NSError *error) {
                     NSLog(@"Something gone wrong :(");
    }];

Now I am wondering, when the user is redirected to my App (which works fine), I get a oauth_token but I still need the oauth_token_secret. Does STTwitter provide a method to obtain it? I was only able to find:

- (void)postAccessTokenRequestWithPIN:(NSString *)pin
                         successBlock:(void(^)(NSString *oauthToken, NSString *oauthTokenSecret, NSString *userID, NSString *screenName))successBlock
                           errorBlock:(void(^)(NSError *error))errorBlock;

The name suggest this is only for pin auth, but there is just no other for the non-pin based auth. Should I just use this method and pass the oauth_token as pin parameter?

nst commented 8 years ago

Are you looking for -[STTwitterAPI oauthAccessTokenSecret]?

ePirat commented 8 years ago

I don't think so. I will explain what I am struggling with:

I successfully use the above mentioned method to get the URL to present to the user, the user grants my app access and is redirected into my app using the callback URL. Now my app opens and has to do something with the callback URL parameters in order to somehow obtain the oauth_token_secret, so it can do actual requests in behalf of the user. I am wondering how to do that.

It's very clearly documented for PIN (oob) auth flow, not really for the normal one using the callback url.

EDIT: I checked the docs again, it seems I was slightly confused about the exact tokens… There are just so many, sorry. What I am trying to do is described at "Step 3: Converting the request token to an access token" here: https://dev.twitter.com/web/sign-in/implementing

ePirat commented 8 years ago

Ok, after looking into the iOS demo project, it seems that postAccessTokenRequestWithPIN:successBlock:errorBlock: is what I should use, as this is what the demo project does here.

The only reason I was not using it, was that the name somehow suggests it is specific for PIN auth, which is kind of misleading.