I am trying to better understand OAuth by experimenting with the twitteroauth php library.
It is my understanding that the way to authenticate over OAuth is to make use of an 'Authorize' header when using cUrl. However, examining the source for the twitteroauth library, I can see that the header is set as so for post requests:
curl_setopt($ci, CURLOPT_HTTPHEADER, array('Expect:'));
And the parameters that should be set in the 'Authorize' header are actually being set in the post body instead in the line:
curl_setopt($ci, CURLOPT_POSTFIELDS, $postfields);
What is the reason for it being done this way? When in the twitter API guidelines is specifies the following implementation for the header:
POST /1/statuses/update.json?include_entities=true HTTP/1.1
Accept: */*
Connection: close
User-Agent: OAuth gem v0.4.4
Content-Type: application/x-www-form-urlencoded
Authorization:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
oauth_version="1.0"
Content-Length: 76
Host: api.twitter.com
status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21
