[twitter-dev] oauth status update returning error 401 invalid / used nonce
Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig
Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce
We have a few (difficult to pin down) edge cases where we throw a bad nonce error in an otherwise legit scenario -- often while we are under heavy amounts of load. Is this error consistent for you no matter what nonce you use? Do you know if your timestamp is aligned with the time indicated in an HTTP header of our response to your requests? While others have found complicated nonce values cause issues, your nonce seems relatively tame in comparison to those who ran into those issues. Just the same, I'd recommend you try a different nonce generation scheme, perhaps one with an eye for simplicity. Otherwise, your request seems structurally correct. What does your POST body for this request look like? Do you receive the same error when you replace your %20 space character in your POST body with plus? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Fri, Jun 11, 2010 at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig
Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce
Based on another bug I've seen come up but have been unable to track consistently, can you try creating a new application and doing the oauth dance and then trying to make the status update again using the new keys and the new access tokens? Thanks! On Friday, June 11, 2010, Craig chanson9...@gmail.com wrote: Thanks for your quick reply! This error occurs consistently no matter what nonce I'm using. My timestamp appears to be aligned with the time from your response. I also tried a different nonce scheme and that didn't seem to work either. Here is my post body: status=My%20Tweet I just attempted to use a + instead of the %20 but that did not work. I'm at a loss as to what it could be. Maybe I'll try yet one more nonce scheme? Is the any scheme in particular that you have found to work? Thanks! Craig On Jun 11, 5:56 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: We have a few (difficult to pin down) edge cases where we throw a bad nonce error in an otherwise legit scenario -- often while we are under heavy amounts of load. Is this error consistent for you no matter what nonce you use? Do you know if your timestamp is aligned with the time indicated in an HTTP header of our response to your requests? While others have found complicated nonce values cause issues, your nonce seems relatively tame in comparison to those who ran into those issues. Just the same, I'd recommend you try a different nonce generation scheme, perhaps one with an eye for simplicity. Otherwise, your request seems structurally correct. What does your POST body for this request look like? Do you receive the same error when you replace your %20 space character in your POST body with plus? Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Fri, Jun 11, 2010 at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig -- Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce
xAuth in this case, I think, is unrelated to the issue. If you can use a different key and use the my token feature to get your access token, then try to tweet using that token, it will sufficiently express the problem I think. Taylor On Jun 11, 2010, at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig
