gazure
commented
4 years ago Hi there!
Apologies for the delayed response.
You are correct in that we do not return the oauth_callback_confirmed parameter in the repsonse to POST /oauth/request_token, I apologize if that's causing issues with OAuth libraries and recommend you extend or modify any modules that require that parameter as we have no plans to include it at this time.
As far as callback urls, the best way to specify one is to include the url as the GET parameter callback_url when directing the user-agent of the resource owner to /oauth/authorize along with the request token key. If you would rather it be stored in our system with your other consumer data, send an email to support@tripit.com with the name and key of your consumer and the url you wish to receive oauth callbacks by default and we can update that for you. However, we generally recommend you include the callback_url in the request to /ouath/authorize.
Let us know if you have any other questions.
Grant Azure Tripit SDE
As per OAuth 1.0 spec for temporary credentials, https://tools.ietf.org/html/rfc5849#section-2.1
However it is not, which prevents the use of off the shelf OAuth libraries e.g. github.com/dghubble/oauth1 for doing three legged OAuth sign-in. I'm no OAuth expert, could be missing something. I feel like most OAuth scope grantors usually let the consumer configure the set of acceptable callback URLs on the dashboard or something, and validate from that, but I don't see that on the Tripit dev dashboard.