Twitter should not force requests to have the character ":" encoded as %3A in URL query parameters


#1

Twitter expects requests to have the character “:” encoded as “%3A” in URL query parameters. But it seems to me this is an error and Twitter should allow “:”.

My application perform requests to OAuth authenticated services. To do this, I use the “Google OAuth Client Library for Java” (1.18.0-RC version - currently is the last one) to send the requests to OAuth services and process the responses.

If I send a request to https://api.twitter.com/1.1/search/tweets.json?q=Obama, I get a correct response.
If I change the query to “q=Obama since:2014-12-10” (to obtain the twits after 2014/12/10) I send a request to
https://api.twitter.com/1.1/search/tweets.json?q=Obama%20since%3A2014-12-10. Twitter returns a 401 error and the message “Could not authenticate you”,“code”:32".

Debugging, I see that the Google OAuth library converts the URL from https://api.twitter.com/1.1/search/tweets.json?q=Obama%20since%3A2014-12-10
to
https://api.twitter.com/1.1/search/tweets.json?q=Obama%20since:2014-12-10 (note that “:” is NOT encoded to “%3A”)

Reading the RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax) it seems that what the Google OAuth library is doing is correct. I also tried to encode the URL query parameter “q=Obama since:2014-12-10” with the class UriBuilder of the Jersey framework. The result is the same as with the Google OAuth library: “q=Obama%20since:2014-12-10”

So it seems that Twitter is not allowing to put the colon in the query, but it should.

Although my application could behave differently when it connects to Twitter, I would prefer Twitter to behave as other applications so I would not have to encode the URLs differently depending on the API the user is invoking.

This is the “curl logging” generated by the Google OAuth logging when invoking https://api.twitter.com/1.1/search/tweets.json?q=Obama%20since%3A2014-12-10 (note that “%3A” is transformed into “:”) (I am not sure if this is any help)

curl -v --compressed -H 'Accept-Encoding: gzip' -H 'Authorization: OAuth oauth_consumer_key="bQOCEa6MUzvXAPEMO3cBPw", oauth_nonce="2994e4bf2d5815b", oauth_signature="tcPntEoPTj%2BDxwih%2BsH13LsVXDs%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1421967637", oauth_token="1397680154-tRDENyZGHxGNIfYuhctmJ2soAxv7rD9hvcCZZjP", oauth_version="1.0"' -H 'User-Agent: Mozilla/5.0 (compatible; MSIE 5.5; Windows NT 5.0)' -- 'https://api.twitter.com/1.1/search/tweets.json?q=Obama%20since:2014-12-10'

#2

Thanks for the feedback. You can learn more about our encoding requirements (based on RFC 3986) in the documentation.