[twitter-dev] Hard lesson learned

2 views
Skip to first unread message

Miguel de Icaza

unread,
May 23, 2010, 5:52:07 PM5/23/10
to Twitter Development Talk
Hello guys,

Perhaps the most frustrating piece in dealing with the OAuth
configuration is that the twitter OAuth page talks casually about
"urlEncode". You need to "urlEncode this" and "urlEncode that". What
the page does not say is that "urlEncode" is not a standard
urlEncoding system that web developers are used to. The urlEncode
required by OAuth signatures is actually "percent encode" and it is
*required* that you use percent encoding for anything but a small
subset of characters.

The only characters that do not require percent encoding are:

unreserved = a through z, A through Z, 0 through 9 and '-', '.', '_',
'~'

Miguel

Andrew Badera

unread,
May 23, 2010, 5:57:44 PM5/23/10
to twitter-deve...@googlegroups.com, oa...@googlegroups.com
Miguel,

This 'lesson' has been 'learned' and re-learned many times over, here on the Twitter dev list and on the oauth list. One would hope that at some point this issue would rise to enough prominence to get people in charge of implementation, and sig participants in general, to do something about it. The common developer these days is not a super savvy geek, and even the super savvy geeks among us waste time on this issue, again and again.

∞ Andy Badera
+1 518-641-1280 Google Voice
∞ This email is: [ ] bloggable [x] ask first [ ] private
∞ Google me: http://www.google.com/search?q=andrew%20badera

Zac Bowling

unread,
May 23, 2010, 9:38:02 PM5/23/10
to twitter-deve...@googlegroups.com
Hey Miguel,

Long time :-)

OAuth 1.0a spec lays it out clearly for hmac/sha1 signatures. Has all the specific details.

Soon though with OAuth WRAP/2.0 it will make it much easier by just leaving it all up the transport layer and using ssl/tls.

Hope mono is doing well!

Zac

Sent from my iPad
Reply all
Reply to author
Forward
0 new messages