(at)-sign in search




When using the search API with an @-sign in the query, e.g. “?q=@morten242”, it seems you (twitter) is generating a different oauth signature than reference implementations do?

Given identical parameters my application generates the same signature as this tool: http://lti.tools/oauth/

Why/How is twitter generating a different signature (which results in “‘Could not authenticate you’ error 32”)?

Mårten Nordheim


Can you be more specific? I’m not sure I understand what you’re describing here.


I edited the top-post a bit now that I had a bit more time to write it. Hope it’s a bit clearer now.


Where is Twitter doing the generation - are you using twurl or something to query the API?


Somewhere in your back-end is a check to see if my generated signature is correct. Where you will also have to generate the signature. It happens whenever an authenticated query happens to the twitter API.

Here’s a link to your documentation: Creating Signatures


I’d recommend comparing what your code is doing to any of the more popular third party client libraries for the Twitter API, which generally do not have issues with the OAuth signature specification documented on the developer site.


Same result in python (using requests_oauthlib):

>>> from requests_oauthlib import OAuth1Session
>>> twitter = OAuth1Session('redacted', client_secret='redacted', resource_owner_key='redacted', resource_owner_secret='redacted')
# With '@':
>>> url = 'https://api.twitter.com/1.1/search/tweets.json?q=@Morten242'
>>> r = twitter.get(url)
>>> r.text
'{"errors":[{"code":32,"message":"Could not authenticate you."}]}'`
# and without '@':
>>> url = 'https://api.twitter.com/1.1/search/tweets.json?q=Morten242'
>>> r = twitter.get(url)
>>> r.text


Apologies for not having understood the original question correctly - my bad!

I believe you need to urlencode the @ character. When I use twurl to hit /1.1/search/tweets.json?q=@Morten242 it automatically encodes @ to %40 before sending the request.


(I just confirmed this by doing the same thing as you in Python - works with a search for %40andypiper but error with @andypiper)


No worries. I’m probably equally at fault for not being more explicit from the start.

OT: This is sort of my original question here;

Why/how does twitter generate a different signature when using the ‘@’-sign? (other services function correctly if a user uses the ‘@’-sign in a query.)


… it is basically 6 years since that code was put in place, so unfortunately I don’t have the historical context on that one. I couldn’t say whether it was a spec interpretation at a point in time, or a bug. Sorry for any confusion on this, though - I will see if we can clarify the signature generation documentation to call this out to avoid this in future.