Per the developer documentation, when making a request for an access token, you need to include a verifier token
oauth_verifier. The verification code that is tied to the consumer and request token.
However, there's nothing in the documentation that mentions where this verifier token comes from. I would presume it comes from the request for an access token, but the documentation doesn't reflect this.
Hoping somewhere here knows the answer ans saves me the headache of tracing out the oAuth process
Best Answer
Think I've got this one figured out. When you authorize an integration, Magento makes a
POST
to the integration's callback URL. This information includes the verifier token.Tangentially -- as the client/app owner, you use the consumer key and consumer secret to POST to
/oauth/token/request
and get a request token and a request token secret. You use the request token along with the oauth verifier when you request a access token from/oauth/token/access
. The request token secret is not used directly, but it is used indirectly. The secret is used to sign the request made to/oauth/token/access
.