is it possible to authenticate with oauth, on the iphone, without making the user enter a pin?
Yup. What you can do is register a custom URI scheme with your application and use it in the oauth_callback parameter. This saves you from having to use out-of-band callback configuration, which requires the user to manually enter a verifier, as you describe.
Details on registering a custom URI scheme for your app here:
http://iphonedevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
Edited - Elaborating
Using a custom URI scheme, you can instruct an OAuth Service Provider to 'call back' to your iPhone application when a user authorizes a Request Token. This is an alternative to the cumbersome "out-of-band callback" workflow that requires a user to authorize a Request Token, and then be given a verifier code that they manually enter via your application. It is also more analogous to how Web Applications that use OAuth behave.
The steps involved in using a URI scheme would be the following:
- Using the above link as a guide, bind a custom URI scheme to your iPhone application (i.e. "myapp://").
- When requesting a Request Token from the OAuth Service Provider, provide a URI that uses your custom scheme as the value of the 'oauth_callback' parameter. For example, oauth_callback=myapp://oauth/callback
- When you get a Request Token, direct the user to the Service Providers authorization endpoint URL via the browser (launch Safari, send the user to http://example.com/oauth/authorize?oauth_token=token).
- If the user chooses to authorize the Request Token, the Service Provider will redirect them (usually via a 301 HTTP Status header) to the URI you provided in step # 2.
- Safari will recognize that the URI uses a scheme that is bound to your application and launch your app.
- When the callback is called (again, see the above linked guide for details) you will be able to exchange the authorized OAuth Request Token for an Access Token.
- Finally, with an Access Token you will be able to access Protected Resources from the OAuth Service Provider.
Does that make more sense?
NSString *helperAppPath = [[mainBundle bundlePath]
stringByAppendingString:@"/Contents/Resources/Helper.app"];
[[NSWorkspace sharedWorkspace] launchApplication:helperAppPath];