When do we get PIN code?

[deadcoder0904]

I read https://github.com/PLhery/node-twitter-api-v2/blob/master/doc/auth.md & I found this line:

A dedicated input field where users can input a PIN code when they accepted you app on Twitter

But when I implemented Login to Twitter, I didn't find any kind of PIN code so I'm wondering where it's coming from.

Do I need to use mobile to see the PIN code screen or is it a part of 2FA?

Here's my code → https://sourcegraph.com/github.com/deadcoder0904/twitter-api-v2-3-legged-login-using-next-connect

[alkihis]

Hi,

PIN code is a digit code generated by Twitter (on their website) when user accepts application.
This code is here when you don't provide a callback URL.

It can be used as OAuth verifier on the third step of 3-legged OAuth.

Usually, web services do use callbacks to their own websites instead of PIN code authentification :)

[deadcoder0904]

@alkihis so if I provide a callback myself I don't have to write the logic for PIN code, right?

[alkihis]

Nope :)

[alkihis]

You can find an example of how we create a web server that support a 3-legged OAuth flow here: https://github.com/alkihis/twitter-api-v2-user-oauth-flow-example

[deadcoder0904]

@alkihis this is great. i'll have to ask though, how does this work in a real-world application when there is just 1 login button?

i believe 2 buttons login & login with pin will cause confusion.

[alkihis]

You provide only one type of login in a real world app, here the two methods are here for sake of completeness.

[deadcoder0904]

thanks, @alkihis got it. wish i had the example a few days earlier but learnt about oauth flow haha :)