How/why same request works with TWURL, but not with PHP/CURL.
TWURL:
<- "POST /1.1/ton/bucket/ta_partner HTTP/1.1\r\nContent-Type: text/plain\r\nX-Ton-Expires: Tue, 06 Sep 2016 19:35:39 CEST\r\nContent-Length: 12\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: OAuth gem v0.5.1\r\nAuthorization: OAuth oauth_body_hash=\"ZmqMusMfLNliIT45yUqjwqfwUQ0%3D\", oauth_consumer_key=\"s9eoznsaLE0GZlqJh77HsFemO\", oauth_nonce=\"1LKmmT7t2Fhk03dE1Y11dI3oGgkyZ3lv1VGlfhppDgE\", oauth_signature=\"Mzmlfzor2jde7p9Iqcsjo8rX%2BcE%3D\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1472665064\", oauth_token=\"same_as_in_curl_request\", oauth_version=\"1.0\"\r\nConnection: close\r\nHost: ton.twitter.com\r\n\r\n" <- "aaa@test.com"
Result:
-> "HTTP/1.1 201 Created\r\n"
CURL:
> POST /1.1/ton/bucket/ta_partner.json HTTP/1.1 Host: ton.twitter.com User-Agent: TwitterOAuth v0.2.0-beta2 Accept: */* Content-Type: text/plain X-Ton-Expires: Tue, 06 Sep 2016 19:41:33 CEST Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3 Content-Length: 12 Authorization: OAuth oauth_body_hash="ZmqMusMfLNliIT45yUqjwqfwUQ0%3D", oauth_consumer_key="s9eoznsaLE0GZlqJh77HsFemO", oauth_nonce="0e40334b786b2423bbbd7e103352bd19", oauth_signature="OxjFRPjreFvCk4eLUsKRQfb7uYI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1472665293", oauth_token="same_as_in_curl_request", oauth_version="1.0" Connection: close
Result:
HTTP/1.1 403 Forbidden
How on earth is this possible? oauth_body_hash and oauth_token are exactly the same.
