Hi all, I'm currently writing my own OAuth lib for use with Twitter and have gotten stuck whilst using the Authorization HTTP header, rather than putting the OAuth parameters in the body.
An example of a request that is failing is: POST /1/statuses/update.xml HTTP/1.1 Authorization: OAuth realm="http://api.twitter.com/1/statuses/ update.xml", oauth_consumer_key="xxxxxxxxxxxxxxxxx", oauth_token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx", oauth_nonce="xxxxxxxxxxxxxxxxxxxxx", oauth_timestamp="1280937572", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="DLPyc3h6BcC5zbGXrUcujvZnqxk=" User-Agent: Java/1.6.0_07 Host: api.twitter.com Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 53 status=Test%25201%25202%25203%25204%25201280937572396 ...(token etc blanked out, and new lines added in) This results in the server returning a 500 error and the "Something is technically wrong." error page. I've talked to another developer who doesn't experience this. I've tried this with the parameters alphabetically ordered, unordered and with and without the 'realm' parameter, which isn't used in the http://dev.twitter.com/pages/auth page. I don't have the same problem (as in the 500 error) when I put the OAuth parameters in the request body, but this often fails as well with 401 'Invalid signature' errors. What's strange is that putting the OAuth parameters into the form at Hueniverse's OAuth request signing page (http://tinyurl.com/y9bvjyt) shows them, including the signature, to be correct. If I retry the same request, it eventually works (sometimes it works the first time, just not consistently), so I don't think I'm calculating the signature incorrectly. Are the 401 errors occurring because Twitter is busy, or am I doing something wrong? Thanks in advance, any help would be greatly appreciated! ben