Have been scratching my head for all day on this one. As soon as I set an Callback URL during the request_token POST I get a 401.
Observations:
- No callback URL works fine (default callback URL on the Application is used)
- Callback URL set to “oob” works kinda fine (provides PIN)
- Callback URL set to “www.whatever.com.au” tried to redirect Twitter to “https://api.twitter.com/oauth/www.whatever.com.au”
- Adding a forward slash to “www.whatever.com.au” causes 401 (ie. “www.whatever.com.au/”)
Here is my base string used to create the signature:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%2Fsign-in-with-twitter%2F%26oauth_consumer_key%3D< my key 
>%26oauth_nonce%3DNjM1MDEyNzQxNjg3ODEzMTc1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1365641369%26oauth_version%3D1.0
Here are my OAuth headers:
OAuth oauth_callback=“http%3A%2F%2F127.0.0.1%2Fsign-in-with-twitter%2F”,
oauth_consumer_key="< my key >",
oauth_nonce=“NjM1MDEyNzQxNjg3ODEzMTc1”,
oauth_signature=“NXxPAP6aMJN%2BLjcqAw4pOCjAB5s%3D”,
oauth_signature_method=“HMAC-SHA1”,
oauth_timestamp=“1365641369”,
oauth_version=“1.0”
No capitalization issues on the encoded URLs, as you can see. I have a default callback URL setup in the Twitter Application.
Not sure what else to try. Only other suggestion I have seen is to try and create a new application.
