HI, I've been working with the spring-security-oauth code (http://spring- security-oauth.codehaus.org/) to use it for signin with twitter and I've come across an issue where I get a 401 Unauthorized when the oauth_callback param is submitted in the Authorization header, but works when the rest of the OAuth parameters are in the header and oauth_callback is part of the POST content or query string.
In either of the above scenarios the oauth_callback is being used in the signature base string to sign the request. I was just wondering if this is expected behaviour? Andrew