[twitter-dev] help!! 'Invalid / used nonce' problem about twitter api on google app engine

2010-06-14 Thread ggcc11 
I create a jsp project about twitter api.When I run it on my own local
jsp server,tomcat,it works correctly.So I upload it to google app
engine.On the app engine,If I visit the unnecessary authorized
api,such as public_timeline,it works well.But when it need
authorize,such as home_timeline,it always response the 'Invalid / used
nonce' error.Why?

here is the location detail:
my location:China
google app engine's location:may be US,absolutely not in China

When program get the access_token,it will send request to
home_timeline.
There are two http head from twitter api via two different web server:

google app engine:
OAuth oauth_consumer_key=9WXY7kD9XiznbN4zRMyNuA,
oauth_nonce=92fa4a6aa648672cf26dbb05a9b4a744,
oauth_signature=iq9N97qB1x9Ae251cxv%2Bvvmyjn0%3D,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276437638,
oauth_token=154805754-WwhuUbBdwmfOcajq0jxfDg4Ers8St4N6lHe3FmrU,
oauth_version=1.0

my local tomcat:
OAuth oauth_consumer_key=9WXY7kD9XiznbN4zRMyNuA,
oauth_nonce=4e3de3e506b8cf961d3d02d2aca1c8ed,
oauth_signature=860zZiqdK9DuXOvUDBLZMMhgm2M%3D,
oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276437655,
oauth_token=154805754-WwhuUbBdwmfOcajq0jxfDg4Ers8St4N6lHe3FmrU,
oauth_version=1.0

part of code:

tk = sb.getAccessToken(tk, pin);
req = new Request(Request.Verb.GET,http://api.twitter.com/statuses/
home_timeline.xml);
sb.signRequest(req, tk);
resp = req.send();
out.println(resp.getBody());
res=req.getHeaders().get(Authorization);
System.out.println(res);

ps:
pin is the user authorized code,
tk is the access_token,
signRequest means add the tk to request stream,
the result will be printed to the web browser,
res is the http header which like I mentioned above.

Need any more infomation?

Thanks for tolerating my ravings

Re: [twitter-dev] help!! 'Invalid / used nonce' problem about twitter api on google app engine

2010-06-14 Thread Taylor Singletary 
Are you repeating the process to get the access token on every authenticated
request, or are taking your access token components from a database (or
other storage medium) and re-using them?

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Sun, Jun 13, 2010 at 8:53 AM, ggcc11 ggc...@sina.com wrote:

 I create a jsp project about twitter api.When I run it on my own local
 jsp server,tomcat,it works correctly.So I upload it to google app
 engine.On the app engine,If I visit the unnecessary authorized
 api,such as public_timeline,it works well.But when it need
 authorize,such as home_timeline,it always response the 'Invalid / used
 nonce' error.Why?

 here is the location detail:
 my location:China
 google app engine's location:may be US,absolutely not in China

 When program get the access_token,it will send request to
 home_timeline.
 There are two http head from twitter api via two different web server:

 google app engine:
 OAuth oauth_consumer_key=9WXY7kD9XiznbN4zRMyNuA,
 oauth_nonce=92fa4a6aa648672cf26dbb05a9b4a744,
 oauth_signature=iq9N97qB1x9Ae251cxv%2Bvvmyjn0%3D,
 oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276437638,
 oauth_token=154805754-WwhuUbBdwmfOcajq0jxfDg4Ers8St4N6lHe3FmrU,
 oauth_version=1.0

 my local tomcat:
 OAuth oauth_consumer_key=9WXY7kD9XiznbN4zRMyNuA,
 oauth_nonce=4e3de3e506b8cf961d3d02d2aca1c8ed,
 oauth_signature=860zZiqdK9DuXOvUDBLZMMhgm2M%3D,
 oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276437655,
 oauth_token=154805754-WwhuUbBdwmfOcajq0jxfDg4Ers8St4N6lHe3FmrU,
 oauth_version=1.0

 part of code:

 tk = sb.getAccessToken(tk, pin);
 req = new Request(Request.Verb.GET,http://api.twitter.com/statuses/
 home_timeline.xml);
 sb.signRequest(req, tk);
 resp = req.send();
 out.println(resp.getBody());
 res=req.getHeaders().get(Authorization);
 System.out.println(res);

 ps:
 pin is the user authorized code,
 tk is the access_token,
 signRequest means add the tk to request stream,
 the result will be printed to the web browser,
 res is the http header which like I mentioned above.

 Need any more infomation?

 Thanks for tolerating my ravings