I've been using both consumer keys to sign all of my requests from day
one.

I still think the issue is related to URL encoding somehow, because I
can successfully post tweets if they don't contain troublesome
characters (apostrophe, for example).

But, so long as Twitter remains silent, we'll never know.

On Jul 25, 7:37 am, srikanth yaradla <srikanth.yara...@gmail.com>
wrote:
> Hi
> I am newbie and i need clarification for the following
>
> 1)OAuth 1.0 specification says "All Token requests and Protected
> Resources requests MUST be signed by theConsumer"
>
> But twitter doesnt seem to verify the signature for all requests. I
> found out that signing the request byconsumersecretis required only
> for generating request token and requestsecret.
> But for subsequent requestsconsumersecretis not required. ex
> requesting access tokens or any protected resource (ex fetch direct
> messages). Is this desired behavior?.
> Does twitter verify the signature at all for protected resource
> requests? (i verified with blankconsumersecretwhich means the
> request is signed only by accesssecret) Or Am i missing something?
>
> 2) i am planning to write a desktop application. To protect 
> theconsumersecreti am trying to introduce a proxy which generates the
> request tokens/secrets, access tokens/secrets. Ifconsumersecretis
> not required for signing protected resource requests this setup would
> work fine with me.
> But the OAuth specification says you require both 
> accesssecretandconsumersecretto sign the request
>  http://oauth.net/core/1.0/#anchor30
>
> Experienced devs please clarify.
>
> Regards
> Srikanth

Reply via email to