I'm working on version 2 of Twitterizer, a .NET library for using the Twitter API, but I've run into a weird issue with pin-based OAuth. I have a sample web application and a sample desktop application. From the web application I am able to perform pin-based authentication without any issues, but through the desktop application every call for access tokens are refused with "Invalid oauth_verifier parameter." I've stepped through the code (non-stop for an hour) and I'm sure that the exact code is executing for each call. I've tried changing the calls to GET, instead of POST, and the results are the same. From the web app it works great, from the desktop app, not so much.
Using fiddler, I've captured the HTTP request/response from each, and they look exactly the same (to me). Here is the call from the web application (works): POST http://twitter.com/oauth/access_token?oauth_verifier=2068385 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm="Twitter API",oauth_consumer_key="Ds8w95QVNTITV16pqMwtHA",oauth_nonce="6E723378",oauth_signature_method="HMAC- SHA1",oauth_timestamp="1267995036",oauth_token="Vy5cCHkomrAKocY9c8J18hAEf1PJ2ONwBtQxmdGGaI",oauth_version="1.0",oauth_signature="OU3Qfi2tq %2Fwyaij0NezCARqLVCA%3D" User-Agent: Twitterizer/2.0.0.0 Host: twitter.com And here is the call from the desktop application (does not work): POST http://twitter.com/oauth/access_token?oauth_verifier=541907 HTTP/ 1.1 Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm="Twitter API",oauth_consumer_key="Ds8w95QVNTITV16pqMwtHA",oauth_nonce="7F8D82E3",oauth_signature_method="HMAC- SHA1",oauth_timestamp="1267995086",oauth_token="uTcERUybyJF0WKi77w5dPCTZbwO7DZJX1hQuJK0fg",oauth_version="1.0",oauth_signature="iUUcdVtM %2B4nxfDKrqPqElE9IPgY%3D" User-Agent: Twitterizer/2.0.0.0 Host: twitter.com The response body is: <?xml version="1.0" encoding="UTF-8"?> <hash> <request>/oauth/access_token?oauth_verifier=541907</request> <error>Invalid oauth_verifier parameter</error> </hash> This may be more of a .NET question, as there may be some kind of nuance when making requests through a windows application, but I thought it might be worth my time to ask everyone, in case I'm doing something dumb (it happens). Thanks for your time, Ricky www.twitterizer.net