POST /oauth/request_token is kind of obscured


#1

I want to obtain a valid access token for testing, and I believe that the only way to do that is to first obtain a request token via the /oauth/request_token endpoint. Unfortunately I continually receive 401 errors, and I think it’s because my signature doesn’t match. It’s difficult to know what should be used in the signature generation, since “Creating a Signature” (https://dev.twitter.com/docs/auth/creating-signature) says that the parameters passed via the URL query string and the body of the HTTP request should be included in the signature base string, but then seems to include the parameters from the Authorization header as well. This is very confusing, and might I add that OAuth Tool should really be expanded to generate OAuth initialization requests as well in order to be truly useful. By the time I have the tools I need to obtain an access token from Twitter, I’ll pretty much be able to do everything that the OAuth Tool can do and more, it seems.

EDIT: Nevermind… I re-read that page and it says clearly that oauth_* from the Authorization header must be included in the signature base string.