Continuation from : Setting up Twitter OAuth without 3rd party libraries
Thanks to Mr. Nylander's help, I managed to get my oAuth class working (albeit only after a long time)! However, I'm confused about a few aspects of the oAuth flow.
Here's a breakdown of what's happening in a program I made:
==edit, I think I'll post partial code, it's hard to explain with just words for me==
//1st code segment
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://api.twitter.com/oauth/request_token");
string response = "";
HttpWebResponse resp = (HttpWebResponse)request.GetResponse();
using (StreamReader reader = new StreamReader(resp.GetResponseStream()))
{
response = reader.ReadToEnd();
}
Up to this point, I can get the response successfully.
Response --> oauth_token=asjndiqufh9uf&oauth_token_secret=oinroiqurhwunwer&oauth_callback_confirmed=true
//2nd code segment
Process proc = new Process();
proc.StartInfo.UseShellExecute = true;
proc.StartInfo.FileName = "https://api.twitter.com/oauth/authenticate?" + response;
proc.Start();
This brings the user(me) to a page where I have to choose whether I want to authorize it or not. If I agree, I'll then be taken to a page which contains a PIN.
//3rd code segment
Console.WriteLine("Enter the PIN");
string pin = Console.ReadLine();
baseString = generateBaseString("POST", "https://api.twitter.com/oauth/access_token", oauth_token);
oauth_signature = generateSignature(baseString, oauth_token_secret);
HttpWebRequest request2 = (HttpWebRequest)WebRequest.Create("https://api.twitter.com/oauth/access_token");
request2.Method = "POST";
request2.Headers["Authorization"] = generateAuthorizationHeader(oauth_token);
string response2 = "";
HttpWebResponse resp2 = (HttpWebResponse)request2.GetResponse();
using (StreamReader reader = new StreamReader(resp2.GetResponseStream()))
{
response2 = reader.ReadToEnd();
}
Console.WriteLine(response2);
}
The code here just requests for the PIN to be entered into the application and then returns the final oauth_token and oauth_token_secret in response2 for a fully working oAuth app. (tl;dr - At this point, the app already has ALL the tokens it needs)
-If I have NOT logged in during the second code segment, regardless of wether I enter a PIN or not, I get a 401 Unauthorized error, I'm guessing this is expected.
-If I have logged in during the second code segment and have been directed to the PIN page, but then chose NOT to enter the PIN/enter some wrong PIN into my application, I still get successfully authenticated and can get the final tokens without any problems. Why?
-Am I doing a 3-legged oAuth or an OOB oAuth?
-Why would I need the PIN then?
-How am I supposed to use the PIN correctly (if I need it)?
-How am I supposed to authenticate without the PIN (if I DON'T need it)?
-How do I make it so that users won't always see the PIN page after authenticating one time? I could put a callback in the very first request, but what if I don't want the user to get redirected to ANY page at all?
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 聊天终结者 的文章《Twitter OAuth Flow - Confused about oob/3-legged a》','https://www.manongdao.com/article-821273.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}