Twitter 3-legged (sign in) OAuth documentation incorrect?


The documentation regarding submitting the oauth_verifier might not be correct. I’ve been trying to get my OAuth flow working and have been providing the oauth_verifier data as the body of the POST request as described in the third step of the sign in documentation, but was getting 401’s stating the oauth_verifier wasn’t provided as a parameter to the request, not in the POST body, like I had been trying. When I moved it into the parameters of the request, things started working. Perhaps I’ve misinterpreted something, but I wanted to run this by somebody to make sure.

Please feel free to reclassify this post. It’s my first topic submission and I’m not sure which category is correct for this post.



No, there’s no problem with the documentation. The oauth_verifier should be included in POST body only. It worked for me. Here’s how i did it:
URL urlObj = new URL(“”);
HttpURLConnection conn = (HttpURLConnection) urlObj.openConnection();
conn.setRequestProperty(“Authorization”,"******"); // include oauth_verifier in header generation
DataOutputStream writer = new DataOutputStream(conn.getOutputStream());
String requestData = “oauth_verifier=XXXXXXXX” // do not percent encode
int responseCode = conn.getResponseCode()
InputStream connStream = conn.getInputStream();
BufferedReader connReader =
new BufferedReader(new InputStreamReader(connStream));
String line = null;
StringBuffer response = new StringBuffer();
while ((line = connReader.readLine()) != null)

Also you can try using POSTMAN app.