FACTS (you don't want to see my Java):
The nonce is a unique string. You create this on the fly for every request
you make. A simple way to do this is to do a MD5_hex( current_time .
access_token . request_path ) -- the nonce must be unique for every request
sent by your API key.
The signature
Working with OAuth is really platform/language-dependent. While there are
some similarities to approach and object model between OAuth libraries in
various languages, each has their own quirks. And each HTTP interface
library has its own quirks.
That said, I have been working on a guide
Scribe is an excellent choice. The author is very responsive to issues as
well.
So, the one access token flow is essentially starting OAuth from the point
of having completed the Exchange Request Token for an Access Token flow --
now you have an oauth_token and oauth_token_secret that comprise