Suggestion for clarifying authorization_header generation in API documentation


#1

This page is a bit confusing to me:
https://dev.twitter.com/docs/auth/authorizing-request
especially
"For any given Twitter API request, collecting these 7 values and creating a similar header will allow you to specify authorization for the request."
To me, this says: collect these 7 values and you’re done.

If you look at e.g.
https://dev.twitter.com/docs/auth/implementing-sign-twitter
step 1, you see that the
oauth_callback parameter is added to the authorization header.

Also in RFC5849,
3.5.1. Authorization Header
"Protocol parameters SHALL be included in the “Authorization” header"…indicating that all oauth parameters must be included.

Suggestion: change
"For any given Twitter API request, collecting these 7 values and creating a similar header will allow you to specify authorization for the request.“
to
"For any given Twitter API request, collecting at least these 7 values, all other oath_ parameters (if any), and creating a similar header will allow you to specify authorization for the request.”

Thanks.