I'll try to make this part clearer in the docs soon. I made the mistake of not including guidelines that one's actual sent POST body should always conform to application/x-www-form-urlencoded and that the values you pass into an OAuth signature base string algorithm are to have already been encoded.
The POST body should be shown in two stages rather than just one, the unencoded POST body and the encoded POST body. In my example, the actual POST body sent would have been: status=setting%20up%20my%20twitter%20%E7%A7%81%E3%81%AE%E3%81%95%E3%81%88%E3%81%9A%E3%82%8A%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B (Taking into account normalization of spaces as well, which is optional. One could also leave them as plusses and encode likewise in the POST body and signature base string). So many layers to take into account. Taylor On Mon, Aug 23, 2010 at 7:31 PM, richcollins <richcoll...@gmail.com> wrote: > I'm adding OAuth support to the Twitter addon for the Io programming > language. > > I'm trying to follow the example on > http://dev.twitter.com/pages/auth#auth-request > but there are a number of inconsistencies. Reading the OAuth spec > http://oauth.net/core/1.0/#encoding_parameters leads me to believe the > the base string is composed by joining together the percent-encoded > query, oauth and post parameters with &, and then percent encoding the > resulting string. However, the example on dev.twitter.com depicts the > status post parameter as urlencoded, but then shows it (double) > percent encoded in the base string. > > Are the post parameters urlencoded in the body but then percent > encoded in the base string? Are parameters generally percent-encoded > twice? Once before joining with & and then once after? >