Hey folks, especially the Twitter-employed folks. Got a problem with your services:
I am developing a new OAuth library, and I want it to be compliant to the OAuth specs. However, your oauth/request_token method (possibly oauth/access_token as well) isn't making that easy for me. The problem is that the token and secret are sent with Content-Type: text/html; charset=UTF-8 instead of Content-Type: application/x-www-form-urlencoded as required by the OAuth specifications (Section 2.1 of the IETF draft): "The server MUST verify the request and if valid, respond back to the client with a set of temporary credentials [...]. The temporary credentials are included in the HTTP response body using the application/x-www-form-urlencoded content type as defined by [W3C.REC-html40-19980424]" Can't provide a link to oauth.net since it doesn't load for me today. The server also ignores an Accept: application/x-www-form-urlencoded request header. I'd hate to have to introduce hacks to work around your standards violations. I realize it'll probably take a while for you to fix it (if you are willing to, that is), so I'll probably have to come up with a workaround anyway, but I still hope you recognize the Content- Type is wrong, from a technical perspective and consider fixing it some time (soon! haha). :) Best regards and THANKS Ingmar Runge