Are you repeating the process to get the access token on every authenticated request, or are taking your access token components from a database (or other storage medium) and re-using them?
Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Sun, Jun 13, 2010 at 8:53 AM, ggcc11 <ggc...@sina.com> wrote: > I create a jsp project about twitter api.When I run it on my own local > jsp server,tomcat,it works correctly.So I upload it to google app > engine.On the app engine,If I visit the unnecessary authorized > api,such as public_timeline,it works well.But when it need > authorize,such as home_timeline,it always response the 'Invalid / used > nonce' error.Why? > > here is the location detail: > my location:China > google app engine's location:may be US,absolutely not in China > > When program get the access_token,it will send request to > home_timeline. > There are two http head from twitter api via two different web server: > > google app engine: > OAuth oauth_consumer_key="9WXY7kD9XiznbN4zRMyNuA", > oauth_nonce="92fa4a6aa648672cf26dbb05a9b4a744", > oauth_signature="iq9N97qB1x9Ae251cxv%2Bvvmyjn0%3D", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276437638", > oauth_token="154805754-WwhuUbBdwmfOcajq0jxfDg4Ers8St4N6lHe3FmrU", > oauth_version="1.0" > > my local tomcat: > OAuth oauth_consumer_key="9WXY7kD9XiznbN4zRMyNuA", > oauth_nonce="4e3de3e506b8cf961d3d02d2aca1c8ed", > oauth_signature="860zZiqdK9DuXOvUDBLZMMhgm2M%3D", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276437655", > oauth_token="154805754-WwhuUbBdwmfOcajq0jxfDg4Ers8St4N6lHe3FmrU", > oauth_version="1.0" > > part of code: > > tk = sb.getAccessToken(tk, pin); > req = new Request(Request.Verb.GET,"http://api.twitter.com/statuses/ > home_timeline.xml"); > sb.signRequest(req, tk); > resp = req.send(); > out.println(resp.getBody()); > res=req.getHeaders().get("Authorization"); > System.out.println(res); > > ps: > pin is the user authorized code, > tk is the access_token, > signRequest means add the tk to request stream, > the result will be printed to the web browser, > res is the http header which like I mentioned above. > > Need any more infomation? > > Thanks for tolerating my ravings >