When trying to authorise the user I get given a 401 error with the
error message:{request":"/oauth/access_token","error":"Invalid / used
nonce"}"Looking at the debug output taken from libcurl and looking at values it looks like it should be working to me, I've tested the signature generation with the test values on the documentation and get back the correct values so I'm confident the signature generated is valid. The debug output from libcurl is as follows (secure data changed obviously) > POST /oauth/access_token HTTP/1.1 Host: api.twitter.com Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_nonce="iqlxlrA3pTVVVpwMKazlYUqrYPMiXCihUexbGvh2AO", ouath_timestamp="1276784317", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="xxxxxxxxxxxxxxxxx", oauth_version="1.0", oauth_signature="oM%2FecGU%2F%2BybuA6fggUWuZ620nmA%3D" Accept: application/json Content-Length: 82 I'm then trying to post the following data: "x_auth_Mode=client_auth&x_auth_password=password&x_auth_username=username" I'm encoding values before adding to the header as can be seen with signature, the password and username are encoded as needed (although currently testing with values with only valid characters so that shouldn't be an issue) looking at advice tips given on this board already I think I meet all of them: - I'm using HTTP headers adding the content type, authorization and accept strings to the header using curl_slist_append and then use curl_easy_setopt(curlhandle, CURLOPT_HTTPHEADER, headers) to set the headers to those that I have created (as can be seen in debug dump) - I'm using the libcurl POST functions to post the actual information: curl_easy_setopt(curlhandle, CURLOPT_POST, 1); curl_easy_setopt(curlhandle, CURLOPT_POSTFIELDS, data_char); curl_easy_setopt(curlhandle, CURLOPT_POSTFIELDSIZE, data_length) - I use the curl_easy_setopt(curlhandle, CURLOPT_SSL_VERIFYPEER, FALSE) for SSL, without this the communication to API fails so assume SSL is fine - Post bosy is xAuth params in format required as can be seen in my post string, will take the application/x-www-form-urlencoded property from the header set in request - paramaters in POST are url encoed but as stated this test example isn't using unsafe characters >From the error message I'd assume there is something about my nonce it doesn't like but it is randomly generated each request and isn't the same as past nonce ? I'm not sure about the timestamp, the post was made at 15:18 (GMT +1, UK) used in debug dump so gave me a timestamp of 1276784317 Any feedback as to why I'm getting the error would be great, been looking at it for some time trying a fair few different ideas and not able to get it working
