For our app, we successfully call request_token from our server. When we then call statuses/update from the client, we get a 401 'Invalid / used nonce' response. If the request_token call comes directly from the client, the update call succeeds.
The nonces have been sanity checked and are definitely different for each call. GET requests to users/show succeed regardless of whether the request_token comes from the proxy server or client. Code is based on MGTwitterEngine-1.0.8-OAuth. The same code was working ok prior to the recent DoS downtime. Perhaps something has been changed on Twitter's side that might result in the 401 response? On Aug 11, 8:38 am, graceawalker <grace_blo...@hotmail.com> wrote: > No, my nonce is definately new every time. Surely if there was > something wrong with the way it was being generated it would error > during requestToken/accessToken/VerifyCredentials too?? All the code > ive looked through is doing it exactly the same way. Is the 'status' > parameter being used just like all the oauth parameters? is an > 'invalid nonce' error, definately an invalid nonce or could it be to > do with the timestamp and timezones. Clutching at straws here... > > On Aug 11, 3:12 am, Chris Babcock <cbabc...@asciiking.com> wrote: > > > On Mon, 10 Aug 2009 04:14:43 -0700 (PDT) > > > graceawalker <grace_blo...@hotmail.com> wrote: > > > I am calling and getting the whole way up to getting the access token > > > just fine in my app (one im writing myself in c#), but when i try and > > > call the update status URL im getting an 'Invalid/used nonce' error in > > > my response data. Im not sure why this is, im calling the update > > > method in the exact same way that i called request token apart from > > > the new 'status' parameter in the query string. I call 'verify > > > credentials' with my access token to ensure that it is working and it > > > sends me back all of the correct data, but it is erroring when trying > > > to update my status. Is there any obvious solution to this, or am i > > > not supposed to be signing and organising the parameters in the same > > > way that i did before? Im really stuck here guys and need help! > > > Right, the nonce is a "number used once". Its purpose is to prevent > > replay attacks. If you use the same nonce for more than one call to the > > API then you *should* be getting an error. > > > Chris > >