Folks, I've just successfully implemented xAuth for my iPad app. During this process, I went down a few ratholes due to what I now consider documentation bugs. I list them below but I would like to know where I send these things in the future?
All of these bugs are on: <http://dev.twitter.com/pages/xauth>. 1) HMAC method string, oauth_signature_method, is wrong. It is: HMAC_SHA1. It should be: HMAC-SHA1. 2) The below alludes to a POST body in the xAuth /oauth/access_token method. "Your HTTP POST body would look like this: x_auth_mode=client_auth&x_auth_password=xyz12242134&x_auth_username=episod" In fact, the above is your parameter/query string. The method requires that the POST place these parameters on the URL. BTW, it would be nice to just see the whole URL. There is little reason to save bytes here. It would look like this: <https://api.twitter.com/oauth/access_token? x_auth_mode=client_auth&x_auth_password=xyz12242134&x_auth_username= episod> Anon, Andrew