Double check that your server clocks are correct. I've seen issues like this
if servers
are not synced with NTP. If the time between twitter and your server is off
too much
twitter will throw this error.

On Thu, Aug 13, 2009 at 2:20 PM, JDG <ghil...@gmail.com> wrote:

> if it's a bug, open an issue in their bugtracker.
>
>
> On Thu, Aug 13, 2009 at 13:06, Zaudio <si...@z-audio.co.uk> wrote:
>
>>
>> Nope - trial has now failed. I've even added the current time ms to
>> the nonce to ensure it is unique for any single timestamp... to
>> clarify my nonce is:
>>
>> userid____ms___randomno
>>
>> And I STILL am getting invalid nonce logs... on the ids methods
>> only.... ARGH
>>
>> Surely this IS a twitter side bug now???
>>
>> Simon
>>
>> On Aug 12, 3:49 pm, Zaudio <si...@z-audio.co.uk> wrote:
>> > My trial has worked so far today... not a singleinvalidnonce
>> > error.... but it's only been 12 hours
>> >
>> > Simon
>> >
>> > On Aug 12, 12:59 pm, "Rob O'Brien" <r...@zepoid.com> wrote:
>> >
>> >
>> >
>> > > The interesting thing with my situation is that I'm still in
>> development, so
>> > > there's only a single person (me) hitting the app. Further, I'm only
>> > > attempting a single call to Twitter.
>> >
>> > > Also, I get a 401 on everything that requires authentication, but not
>> on
>> > > something like a rateLimitStatus check.
>> >
>> > > Further, a call to /followers/ids.xml *works* on my local dev box, but
>> not
>> > > on the production server. The only difference I can think of would be
>> IP
>> > > address.
>> >
>> > > I've been able to trace 3 separate requests being generated by
>> Twitter4J and
>> > > here are the values:
>> >
>> > > [Wed Aug 12 10:19:56 PDT 2009]
>> > > oauth_timestamp="1250097596",oauth_nonce="329444963"
>> >
>> > > [Wed Aug 12 10:20:20 PDT 2009]
>> > > oauth_timestamp="1250097620",oauth_nonce="173112023"
>> >
>> > > [Wed Aug 12 10:24:39 PDT 2009]
>> > > oauth_timestamp="1250097879",oauth_nonce="3202768030"
>> >
>> > > Each timestamp is larger than the last and eachnonceis unique.
>> >
>> > > Knowing that my values are legit makes me think there's another
>> problem, but
>> > > Twitter hasn't responded to my api@ email.
>> >
>> > > Rob O'Brien
>> > > Web Application Developer & Consultant
>> > > r...@zepoid.com
>> >
>> > > -----Original Message-----
>> > > From: twitter-development-talk@googlegroups.com
>> >
>> > > [mailto:twitter-development-t...@googlegroups.com] On Behalf Of
>> Zaudio
>> > > Sent: Tuesday, August 11, 2009 12:04 PM
>> > > To: Twitter Development Talk
>> > > Subject: [twitter-dev] Re:Invalid/usednonce
>> >
>> > > We're having the same issue in our app, occurs sporadically in our
>> > > logs - but I believe the cause with us is that:
>> >
>> > > We're generatingnoncevalues as a timestamp seeded sequence of random
>> > > numbers
>> > > We're creating an instance of the Oauth class that does this for each
>> > > logged in user for the app
>> >
>> > > Thus, for a single timestamp, it IS possible that the time
>> seedednoncevalues are the same....
>> >
>> > > So - corrrective action being trialled: I'm prefixing the
>> 'random'noncevalue with the userID stripped from the start of the token,
>> > > padded to a fixed length of chars... this should guarantee then that
>> > > thenonce/timestamp combo is indeed unique for every request made from
>> > > our app ....
>> >
>> > > Simon
>> >
>> > > On Aug 11, 6:45 am, Dan Borthwick <dan.borthw...@playfish.com> wrote:
>> > > > For our app, we successfully call request_token from our server.
>> When
>> > > > we then call statuses/update from the client, we get a 401 'Invalid/
>> > > > usednonce' response. If the request_token call comes directly from
>> > > > the client, the update call succeeds.
>> >
>> > > > The nonces have been sanity checked and are definitely different for
>> > > > each call. GET requests to users/show succeed regardless of whether
>> > > > the request_token comes from the proxy server or client. Code is
>> based
>> > > > on MGTwitterEngine-1.0.8-OAuth.
>> >
>> > > > The same code was working ok prior to the recent DoS downtime.
>> Perhaps
>> > > > something has been changed on Twitter's side that might result in
>> the
>> > > > 401 response?
>> >
>> > > > On Aug 11, 8:38 am, graceawalker <grace_blo...@hotmail.com> wrote:
>> >
>> > > > > No, mynonceis definately new every time. Surely if there was
>> > > > > something wrong with the way it was being generated it would error
>> > > > > during requestToken/accessToken/VerifyCredentials too?? All the
>> code
>> > > > > ive looked through is doing it exactly the same way. Is the
>> 'status'
>> > > > > parameter beingusedjust like all the oauth parameters? is an
>> > > > > 'invalidnonce' error, definately an invalidnonceor could it be to
>> > > > > do with the timestamp and timezones. Clutching at straws here...
>> >
>> > > > > On Aug 11, 3:12 am, Chris Babcock <cbabc...@asciiking.com> wrote:
>> >
>> > > > > > On Mon, 10 Aug 2009 04:14:43 -0700 (PDT)
>> >
>> > > > > > graceawalker <grace_blo...@hotmail.com> wrote:
>> > > > > > > I am calling and getting the whole way up to getting the
>> access
>> > > token
>> > > > > > > just fine in my app (one im writing myself in c#), but when i
>> try
>> > > and
>> > > > > > > call the update status URL im getting an 'Invalid/usednonce'
>> error
>> > > in
>> > > > > > > my response data. Im not sure why this is, im calling the
>> update
>> > > > > > > method in the exact same way that i called request token apart
>> from
>> > > > > > > the new 'status' parameter in the query string. I call 'verify
>> > > > > > > credentials' with my access token to ensure that it is working
>> and
>> > > it
>> > > > > > > sends me back all of the correct data, but it is erroring when
>> > > trying
>> > > > > > > to update my status. Is there any obvious solution to this, or
>> am i
>> > > > > > > not supposed to be signing and organising the parameters in
>> the same
>> > > > > > > way that i did before? Im really stuck here guys and need
>> help!
>> >
>> > > > > > Right, thenonceis a "numberusedonce". Its purpose is to prevent
>> > > > > > replay attacks. If you use the samenoncefor more than one call
>> to the
>> > > > > > API then you *should* be getting an error.
>> >
>> > > > > > Chris- Hide quoted text -
>> >
>> > > > - Show quoted text -- Hide quoted text -
>> >
>> > > - Show quoted text -- Hide quoted text -
>> >
>> > - Show quoted text -
>>
>
>
>
> --
> Internets. Serious business.
>



-- 
Josh

Reply via email to