Also, here's my signature string: POST&https%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_token&oauth_consumer_key%3DjbEiZQ85zjOamkhVRTclnA %26oauth_nonce%3DE23ADF41-F137-4E33- BC51-00AEB7C95439%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272598628%26oauth_version%3D1.0
Here's how it should look like according to (http://dev.twitter.com/ pages/auth) httpMethod + "&" + url_encode( base_uri ) + "&" + sorted_query_params.each { | k, v | url_encode ( k ) + "%3D" + url_encode ( v ) }.join("%26") POST& https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token & oauth_consumer_key%3DEditedKey %26 oauth_nonce%3DE23ADF41-F137-4E33-BC51-00AEB7C95439 %26 oauth_signature_method%3DHMAC-SHA1 %26 oauth_timestamp%3D1272598628 %26 oauth_version%3D1.0 I think it's ok, so it's probably my signing? I'm signing with my consumer secret (URLEncoded) followed by an ampersand (without encoding).