Asynchronous OAuth Requests

Grantland

unread,

Feb 20, 2011, 9:46:38 PM2/20/11

to Signpost users

I'm having an issue with the OAuth-Signpost library when invoking
asynchronous OAuth requests. More often than not, asynchronous calls
are having duplicate nonces generated and getting denied by the server
for "Invalid Signature".

I believe this is stemming from the "new Random.nextLong()" used to
generate nonces since Randoms apparently use System.nanoTime for
generating random numbers which would cause my asynchronous requests
to have the same nonce.

Is there a way around this other than using a sleep to prevent them
from being invoked at the same time?

Matthias

unread,

Feb 21, 2011, 7:57:53 AM2/21/11

to signpos...@googlegroups.com

interesting. I remember closing an issue related to duplicate nonces, since Signpost used to explicitly base them on timestamps on earlier versions. The issue reported said his problems were gone after I switched to Random.nextLong().

I suppose that only way to fix this is to either switch to a true random number generator or use a seed for the Random instance that does not involve time? Suggestions?

Grantland

unread,

Feb 22, 2011, 7:50:18 PM2/22/11

to Signpost users

just an update: it seems to only work when signing with HMAC_SHA1 and
not with PLAINTEXT. Really odd...

Grantland

unread,

Feb 22, 2011, 6:37:13 PM2/22/11

to Signpost users

I saw that change too, but I've been receiving duplicate nonces when
running asynchronous OAuth requests...

On Feb 21, 4:57 am, Matthias <m.kaepp...@googlemail.com> wrote:

Reply all

Reply to author

Forward