1) First you need to decide: where is oauth_verifier ?
I looked at the requests made by tumblr when authorizing the application. There was this http://www.tumblr.com/oauth/authorize?oauth_token=xxx .
It was forwarded to chrome-extension://jlaojpiafmimgibgdfbmphfkejnlifdn/chrome_ex_oauth.html?chromeexoauthcallback=true&oauth_token=XXX&oauth_verifier=dmbcbNDGj7QatrFznXG587RIM7wI1LG3bnKwYGy5tc2icmUVvE#_=_ .
The verifier is in place, so why don't we understand it? In chrome_ex_oauth.js we have this method ChromeExOAuth.formDecode() , which will decode the current url and get parameters from it.
And there is a magic check line 315 :
var keyval = param.split("="); if (keyval.length == 2) {
As you can see, the URL ends with #_=_ , something strange. Therefore, at first I decided to rewrite this method a bit to get an oauth_verifier from it.
2) It didnβt work with oauth_verifier=dmbcbNDGj7QatrFznXG587RIM7wI1LG3bnKwYGy5tc2icmUVvE#_=_ , so I decided to completely enable this hashtag and got: oauth_verifier=dmbcbNDGj7QatrFznXG587RIM7wI1LG3bnKwYGy5tc2icmUVvE .
The question for me is still: why is the hashtag at the end of the redirected URL that Tumblr wants me to follow?
My slightly modified method is as follows:
ChromeExOAuth.formDecode = function(encoded) { // Cut hash at the end of the url. var hash_index = encoded.indexOf('#'); if ( hash_index > -1 ) { encoded = encoded.substring(0, hash_index); } var params = encoded.split("&"); var decoded = {}; for (var i = 0, param; param = params[i]; i++) { var keyval = param.split("="); if (keyval.length == 2) { var key = ChromeExOAuth.fromRfc3986(keyval[0]); var val = ChromeExOAuth.fromRfc3986(keyval[1]); decoded[key] = val; } } return decoded; };