I've successfully implemented a few OAuth implementations with Twitter now and was setting up a new application. Got to the callback URL when registering the app and thought "nah, not sure what it will be, will leave it blank and either enter it later or just pass oauth_callback anyway". So I saved the application with a blank callback URL.
Turns out this was "A bad idea TM." I'm using the Ruby OAuth gem which is new to me, but I was getting the following problems: On my request token step - if I didn't pass an oauth_callback, it did an OOB / PIN authentication for me. If I did pass an oauth_callback it returned a 401. Eventually I remembered about the callback URL I didn't create and tried to change it. Having not entered a callback URL in the first place, it now seemed like I can't edit it at all. So, eventually I tried to delete the application (fail whale), so I just created a new one, and this time entered a Callback URL. Changed the consumer keys and the exact same code now works perfectly and the oauth_callback is doing exactly what I expected (which is returning to a URL that's not the one registered with the App). Looks like that step of registering the Callback URL is critical and shouldn't be allowed to be left blank, although also I think if I pass an oauth_callback even if it IS blank it should acknowledge it. Cheers, Tim -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk