Taylor,
Thanks for your response. The crux might be
> Normalizing spaces to %20, and avoiding "+" is also a best practice.
tweetstream4j uses Apache's HttpClient 4.0 (see
http://hc.apache.org/httpcomponents-client-ga/index.html). I believe
if a request has application/x-www-form-urlencoded params, HttpClient
URL-encodes (i.e. space => +), and one can't percent-encode beforehand
because the param will be double-encoded, e.g. foo%20bar => foo
%2520bar instead of "foo bar". One also can't avoid the HttpClient URL
encoding by using a different type of param, because then the params
are not labeled application/x-www-form-urlencoded.
I wouldn't be surprised if twitter4j and tweepy were in a similar sort
of bind, though I have not verified.
Can you elaborate on why avoiding + is so important? I would hate to
have to patch Apache's HttpClient.
Also, do you know of any Java or Python library that gets this right?
On Nov 10, 8:56 am, Taylor Singletary <
taylorsinglet...@twitter.com>
wrote:
> Think of it this way.. a valid POST body already must contain
> application/x-www-form-urlencoded encoded values for the body to be valid.
> Normalizing spaces to %20, and avoiding "+" is also a best practice. OAuth
> kicks in after you've already constructed a valid POST body.
>
> Here's an example of tracking a term with a space character in it: "twitter
> api"
>
> == POST Body
> track=twitter%20api
>
> == signature_base_string
> POST&http%3A%2F%
2Fstream.twitter.com
> %2F1%2Fstatuses%2Ffilter.json&oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DQKWqIP8eEedgOPk5ujopscNxqeoafDNC0r6TZyLFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1289400791%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0%26track%3Dtwitter%2520api
>
> == Authorization Header
> Authorization: OAuth
> oauth_nonce="QKWqIP8eEedgOPk5ujopscNxqeoafDNC0r6TZyLFM",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1289400791",
> oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ",
> oauth_token="819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw",
> oauth_signature="jaEvelmcrQOkHdWADBvwZsQeGiQ%3D", oauth_version="1.0"
>
> Taylor
>
> On Wed, Nov 10, 2010 at 1:38 AM, Ciaran <
ciar...@gmail.com> wrote:
> > Try ui-encoding them first, my understanding of the Twitter OAuth
> > signature validation is that it is non-standard (although there
> > appears to be debate about this) I suspect if you encode them first
> > before signing the url it will start to work
> > -cj.
>