I’m using cURL against the Twitter API to learn a bit more about the OAuth2 workflow. I’ve registered a Twitter app, concatenated its consumer key and secret with a colon, and Base64-encoded it. When I make the following request (Base64 encoded bearer token replaced with stub), I get a 400 Bad Request.
curl -i -v -X POST -d 'grant_type=client_credentials' -H 'Authorization: Basic 123abc' -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' 'https://api.twitter.com/1.1/oauth2/token'
SSL appears to be working fine. I’ve attempted without --cacert and seems to work. I’ve also attempted with --cacert pointing to a cert from the Homebrew curl-ca-bundle.
Any suggestions on how to debug this? Or, see anything obvious?