Close
Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

PIVOTAL LABS
Standup 5/17/2010: Nonce-sense Edition

Interesting Things

  • Keep your OAuth Nonce values simple.

The Twitter Api, which is requiring all clients to move to OAuth for authentication by June 30, 2010, like all OAuth systems requires a nonce value for every call. This value is supposed to be random and unique for each request you make.

While there are many ways to generate a random ASCII value, our recent experience with Twitter’s OAuth system shows that a nonce value should not include a ‘%’ character – which would happen if your value has any non-URL-safe character. Twitter will return you a 401 error and tell you that your signature and token cannot be verified.

We’ve filed a bug with Twitter. But until then, keep your nonce value to ASCII letters & numbers and the calls will work just fine.

Comments
Post a Comment

Your Information (Name required. Email address will not be displayed with comment.)

* Copy This Password *

* Type Or Paste Password Here *