So I’ve recently been struggling with the first step of oAuth 1.0a, which is getting a “request token.” Twitter still uses oAuth 1.0a, and although they have fairly decent documentation on the authentication flow, I’m still having a rough time with it. I had read that supposedly oAuth 2.0 would be easier to work with than oAuth 1.0a, but that didn’t really matter to me since Twitter isn’t using oAuth 2.0 yet.
When push came to shove, and oAuth 1.0a was still giving me headaches, I figured I would just try out oAuth 2.0, to see how easy it was to get an access token. As it turns out, it’s REALLY FREAKIN’ easy, and you don’t have to worry about giving out your application’s consumer secret key (aka. consumer key, client secret, etc.), which is sensitive information. Rather, all you need to do is pass in your callback URL (the one that you configure on your application registration), and the consumer ID (aka. client ID) that the service provides you with.