Interesting Things

• Keep your OAuth Nonce values simple.

The Twitter Api, which is requiring all clients to move to OAuth for authentication by June 30, 2010, like all OAuth systems requires a nonce value for every call. This value is supposed to be random and unique for each request you make.

While there are many ways to generate a random ASCII value, our recent experience with Twitter’s OAuth system shows that a nonce value should not include a ‘%’ character – which would happen if your value has any non-URL-safe character. Twitter will return you a 401 error and tell you that your signature and token cannot be verified.

We’ve filed a bug with Twitter. But until then, keep your nonce value to ASCII letters & numbers and the calls will work just fine.