We are using Scribe OAuth library to make api call to Twitter. Everything works fine until recently we found out we are getting ‘Could not authenticate you’ error if status contains ‘*’
To better understand why it’s not working, I did some experiment and use two reserved characters as example: ‘*(’
- if base string is url-encode(percent-encode("*(")) (in this case will be %252A%2528), signature verification will fail.
- if base string is percent-encode("") + url-encode(percent-encode("(")) (in this case will be %2A%2528), signature verification will success and "(" will get posted to my twitter account
- if base string is percent-encode("*(") (in this case will be %2A%28), signature verification will also fail.
It looks like expected base string should be single percent encoded “*” and double encoded any other reserved characters. Is that expected behavior? Thanks,
