OAuth over HTTPS - Do I need to send signature when its a secure channel?



I’m very noob. I’ve been reading the OAuth RFC and your documentation and I get the feeling that when using SSL I can send the Authorization headers in plaintext without all the encoding and signing, is this right?




I think this is OAuth 2.0, which Twitter were looking at but have gone quiet about since 6 months ago.


Correct, we only support OAuth 1.0A at this time and require the usage of signatures in all contexts.