Hey folks,

especially the Twitter-employed folks. Got a problem with your

I am developing a new OAuth library, and I want it to be compliant to
the OAuth specs. However, your oauth/request_token method (possibly
oauth/access_token as well) isn't making that easy for me.

The problem is that the token and secret are sent with
Content-Type: text/html; charset=UTF-8
instead of
Content-Type: application/x-www-form-urlencoded
as required by the OAuth specifications (Section 2.1 of the IETF

"The server MUST verify the request and if valid, respond back to the
client with a set of temporary credentials [...]. The temporary
credentials are included in the HTTP response body using the
application/x-www-form-urlencoded content type as defined by

Can't provide a link to oauth.net since it doesn't load for me today.

The server also ignores an
Accept: application/x-www-form-urlencoded
request header.

I'd hate to have to introduce hacks to work around your standards
violations. I realize it'll probably take a while for you to fix it
(if you are willing to, that is), so I'll probably have to come up
with a workaround anyway, but I still hope you recognize the Content-
Type is wrong, from a technical perspective and consider fixing it
some time (soon! haha). :)

Best regards and THANKS
Ingmar Runge

Reply via email to