I got pinless OAuth working on Adobe AIR for Desktop, iOS, but not Android.
For some reason, we're not getting the oauth_verifier (which contains the
sha'd code) in StageWebView on an Android device. Any clue? Here's the
debug for on desktop and on Droid 2; notice the 3rd line in the Droid 2 trace output which is missing
all the OAuth variables after the callback URL.
Desktop:
AuthorizeTwitterService::onComplete, data:
oauth_token=De2k4zANjzAhT3hXV4eqOfTVxJsshVIJjgsuwPMUg8&oauth_token_secret=s WsBzyS43nh6DDBwLaogaWpVftoDaiYTJDfBKQE&oauth_callback_confirmed=true
--------------------
TwitterLoginView::onLocationChange
location:
https://api.twitter.com/oauth/authorize?oauth_callback=oob&applicatio...
--------------------
TwitterLoginView::onLocationChange
location: https://api.twitter.com/oauth/authorize
--------------------
TwitterLoginView::onLocationChange
location:
http://www.twitter.com/combovercharlie?oauth_token=De2k4zANjzAhT3hXV4&oauth_verifier=js1B4bAYfUer05a2rlZSDcOLOaIa66q93K24FUzrk
Droid 2:
AuthorizeTwitterService::onComplete, data:
oauth_token=BtwJHbpaS5OWy1AMYdwl0ecGKGpU9AEcyrFYaXQ8&oauth_token_secret=Z2C ff3ECfY5dp8dLLSA9qXvL2SRaZ3v5veStGuA00&oauth_callback_confirmed=true
--------------------
TwitterLoginView::onLocationChange
location:
https://api.twitter.com/oauth/authorize?oauth_callback=oob&applicatio...
Charlie&oauth_token=BtwJHbpaS5OWy1AMYdwl0ecGKGpU9AEcyrFYaXQ8&oauth_consumer _key=LbMYslVau91uSAMZyGsOg
--------------------
TwitterLoginView::onLocationChange
location: https://api.twitter.com/oauth/authorize
--------------------
TwitterLoginView::onLocationChange
location: http://mobile.twitter.com/combovercharlie
I fixed it via Event.COMPLETE for my Droid 2 and Nexus One. I'm not even getting a LocationChangeEvent.LOCATION_CHANGING on my desktop nor Android, but bottom line, Event.COMPLETE does get the oauth_verifier sha'd pin in it. I can parse that out of StageWebView's location property, submit, and I'm good to go. Out of paranoia, I'm leaving all 3 events in there just in case. If you're curious, here's the redirect event differences between OS's via Mark Lochrie: http://kb2.adobe.com/cps/895/cpsid_89526.html.
Also, it's assumed your application is actually registered as a "web application", and not a desktop application, otherwise, you'll be forced to use a pin, and you won't get the oauth_verifier in the response URL. Yes, you can make up a callback URL to whatever you want; just make sure it's a standard URL that hopefully doesn't 404.
stageWebView = new StageWebView();
stageWebView.addEventListener(LocationChangeEvent.LOCATION_CHANGING, onLocationChange);
stageWebView.addEventListener(LocationChangeEvent.LOCATION_CHANGE, onLocationChange);
stageWebView.addEventListener(Event.COMPLETE, onLocationChange);
stageWebView.stage = stage;
stageWebView.viewRect = new Rectangle(0, 0, stage.stageWidth, stage.stageHeight);
// loaded from an OAuth library
// try http://code.google.com/p/oauth-as3/ or Tweetr http://wiki.swfjunkie.com/tweetr
stageWebView.loadURL(authenticationURL);
var code:String;
function onLocationChange(event:Event):void
{
var location:String;
if(event is LocationChangeEvent)
{
location = LocationChangeEvent(event).location;
}
else
{
location = _stageWebView.location;
}
var search:String = "oauth_verifier=";
var ver:String = location;
var startIndex:int = ver.lastIndexOf(search);
if(startIndex != -1)
{
code = ver.substr(startIndex + search.length, location.length);
// remove listeners and dispatch success here
}
}