Hello, After carefully reading your OAuth page instructions, I concluded that the pseudo-code for base string in Signing Requests section of Authenticating Requests pages is wrong (http://dev.twitter.com/pages/ auth#signing-requests). The pseudo-code only URL encodes the parameters once, but i must be twice, as you can see from the example in this same page:
oauth_callback = http://localhost:3005/the_dance/process_callback?service_provider_id=11 url_encode( oauth_callback ) = http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback %3Fservice_provider_id%3D11 url_encode( url_encode( oauth_callback ) ) = http%253A%252F%252Flocalhost%253A3005%252Fthe_dance %252Fprocess_callback%253Fservice_provider_id%253D11 note how ":" is encoded in the two forms: the first, as "%3A", while the second, as "%253A". Thanks and sorry for the annoyance. Rafael