Making a request to verify_credentials gets a 401, Incorrect signature error. (as does making a post request from the token's client to, say, create a friendship).

this came up on a first-search-attempt: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/a5e0bfd8e1cd4177 Might be relevant, but I haven't had the chance to really look at it.

I'll look into this in the morning.

I actually spent a few hours on this problem a few weeks ago.

It turned out that the problem I was facing was because I was passing additional incorrect parameters to the post body, right here:

def get_request_token(callback_url)
  options = {:scope => config[:scope]} if config[:scope]
  consumer.get_request_token({:oauth_callback => callback_url}, options)
end

Follow the path of those options and it leads to a call to sign! in lib/oauth/consumer in the oauth gem.

def sign!(request, token = nil, request_options = {})
  request.oauth!(http, self, token, options.merge(request_options))
end

I'd examine what exactly is happening in that oauth! call. Form data is being constructed and passed to the provider, and that Invalid Signature error can be pinpointed there.

I ended up removing those options and it fixed it.

Just some thoughts.

I'm not sure I follow. You deleted the options.merge call from the oauth gem? or the scope options you were passing in get_request_token?

Is that a published change to authlogic-connect? (if we're talking about the change in get request_token)?

I'm not sure I totally remember, but I messed around with that second parameter (options) in get_request_token, and that lead down into sign! and something with the form params. The result of working on that is what we have now. Don't have a solution but I know it's around there somewhere :), in the oauth gem.

Long story short, I'm a dumbass, and somehow got my staging and production keys mixed up between my old code base and my new, authlogic-connect-using codebase.