Hello, I originally commented on issue thread 447 but that issue was closed, so I wanted to repost my problem to see if it's something I'm doing wrong on my side.
I am still failing, but using C# / .NET and a self-authored OAuth implementation. My GET calls work correctly, my POST calls 401. Here is the URI: http://twitter.com/statuses/update.xml?status=testing Here is my signature base string: POST&http%3A%2F%2Ftwitter.com%2Fstatuses %2Fupdate.xml&oauth_consumer_key%3Dw9zJ2JxgWTsJN5OyEHIZjw%26oauth_nonce %3Ddudialjpcnn4p355%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1239673686%26oauth_token%3D11173402- LxhEcmKGl2zKjsbuBE0tdt4UBAxHoR1LFfrs5tTo4%26oauth_version%3D1.0 And the signature (url encoded): E0UkQEmfcaT3DOG7a8L7sImCmVw%3D And the authorization header: OAuth oauth_consumer_key="w9zJ2JxgWTsJN5OyEHIZjw",oauth_token="11173402- LxhEcmKGl2zKjsbuBE0tdt4UBAxHoR1LFfrs5tTo4",oauth_nonce="dudialjpcnn4p355",oauth_timestamp="1239673686",oauth_signature_method="HMAC- SHA1",oauth_signature="E0UkQEmfcaT3DOG7a8L7sImCmVw %3D",oauth_version="1.0" And the request header out the door: POST /statuses/update.xml?status=testing HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: <as above> Host: twitter.com - I've also tried including "status=testing" in the list of post parameters included in the signature hashing. I'm not clear on whether it's expected to exist there b/c of the normalization done to the URI during signature hashing, i.e. otherwise it would only exist on the POST itself and not in the signature I wonder if someone could clarify a point about POST with status=X, and that is, when preparing a POST with the default W3C application/x- www-form-urlencoded content type, are we supposed to: a) remove the status=X line from the URI query, and instead write it to the request as POST parameters (and therefore include status=X in the signature base string as per OAuth 1.0), or b) keep the status=X in the URI itself, and only including other parameters in the POST parameters. I think what might be happening is that .NET treats the Query fragment of a URI as post parameters, and maybe all approaches with application/ x-www-form-urlencoded do; in other words it's not really a query as per a GET call, it's just the absolute uri path, and then all query params are added to the signature base and written in the POST message ---> with different URL escaping than a URI (i.e. +'s are part of the POST encoding spec as opposed to %20's that are part of the URI encoding spec). See, maybe you can't POST because you use %20's in the sig base but +'s in the POST params, which is actually according to the spec. I'd love to know if anyone has some insight into this problem. The inability to POST w/ OAuth on Twitter is effecting everyone that uses my library. Daniel
