My application was working just fine, then, sometimes, when i try to
call the api, I receive this error message
<error>Invalid / used nonce</error>
The same code runs, and sometimes it works, sometimes it does not.
The error can occur during normal API calls (POST & GET) but also
occurs when trying to authenticate with OAuth.
I would like to know if there is a reason to this error, and if there
is a way to solve this problem.
Any help appreciated.
Two things to verify: one is that you are using a timestamp that is within about 5 minutes of our system clocks. We return the current time in a Date HTTP header with every request. Second, verify that you've never used the nonce you are creating for each request -- this is across all requests your API key makes.
Are there different machines you run your code on when it works versus when it does not?
Thanks, Taylor
On Wed, Jul 28, 2010 at 8:12 AM, Mounir Regragui <reg.mou...@gmail.com>wrote:
> My application was working just fine, then, sometimes, when i try to > call the api, I receive this error message
> <error>Invalid / used nonce</error>
> The same code runs, and sometimes it works, sometimes it does not. > The error can occur during normal API calls (POST & GET) but also > occurs when trying to authenticate with OAuth.
> I would like to know if there is a reason to this error, and if there > is a way to solve this problem. > Any help appreciated.
I am almost sure that this is not a Data issue. As I told you, this
error happens randomly (unhopefully, it happens very often, 80% of my
API calls return with this error today). Also, I did not modify the
code I used before, and it was just working flawlessly last week.
I did verify the Data in the HTTP header of the twitter response. It
is a GMT time. Normally, this should not be an issue, however, I tried
to change the time & zone of my hardware to have a GMT time, and then
I have the same issue, only 20% of my API calls are "correct".
Also, when I only change one of these, it doesn't work at all. So I
think the time of my hardware is not the issue here.
Or maybe it is because I'm in France, but, this should not be the
issue.
I also run my code on different machines : an Android emulator, and
several Android devices (Nexus One, Spica ...), and I always have the
same problem.
I was just about to send you a dump of the communication, but it seems
to be working again. (and again, I did not modify the code :) )
I will try again tomorrow, I hope it will be working.
Regards
On 28 juil, 17:27, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Two things to verify: one is that you are using a timestamp that is within
> about 5 minutes of our system clocks. We return the current time in a Date
> HTTP header with every request. Second, verify that you've never used the
> nonce you are creating for each request -- this is across all requests your
> API key makes.
> Are there different machines you run your code on when it works versus when
> it does not?
> Thanks,
> Taylor
> On Wed, Jul 28, 2010 at 8:12 AM, Mounir Regragui <reg.mou...@gmail.com>wrote:
> > Hello guys!
> > So I have this issue with Twitter Rest API.
> > My application was working just fine, then, sometimes, when i try to
> > call the api, I receive this error message
> > <error>Invalid / used nonce</error>
> > The same code runs, and sometimes it works, sometimes it does not.
> > The error can occur during normal API calls (POST & GET) but also
> > occurs when trying to authenticate with OAuth.
> > I would like to know if there is a reason to this error, and if there
> > is a way to solve this problem.
> > Any help appreciated.
I would recommend adding some kind of logging so that when you do get a failed request, you know the following: the POST body included in the failed request and the signature base string prior to signing for OAuth.
There's a chance that a certain sequence of characters and UTF-8 characters might be causing this issue and not nonces at all (which is obviously dumb behavior, but not unheard of)
Taylor
On Wed, Jul 28, 2010 at 8:58 AM, Mounir Regragui <reg.mou...@gmail.com>wrote:
> I am almost sure that this is not a Data issue. As I told you, this > error happens randomly (unhopefully, it happens very often, 80% of my > API calls return with this error today). Also, I did not modify the > code I used before, and it was just working flawlessly last week. > I did verify the Data in the HTTP header of the twitter response. It > is a GMT time. Normally, this should not be an issue, however, I tried > to change the time & zone of my hardware to have a GMT time, and then > I have the same issue, only 20% of my API calls are "correct". > Also, when I only change one of these, it doesn't work at all. So I > think the time of my hardware is not the issue here.
> Or maybe it is because I'm in France, but, this should not be the > issue.
> I also run my code on different machines : an Android emulator, and > several Android devices (Nexus One, Spica ...), and I always have the > same problem.
> I was just about to send you a dump of the communication, but it seems > to be working again. (and again, I did not modify the code :) ) > I will try again tomorrow, I hope it will be working.
> Regards
> On 28 juil, 17:27, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > Hi Mounir,
> > Two things to verify: one is that you are using a timestamp that is > within > > about 5 minutes of our system clocks. We return the current time in a > Date > > HTTP header with every request. Second, verify that you've never used the > > nonce you are creating for each request -- this is across all requests > your > > API key makes.
> > Are there different machines you run your code on when it works versus > when > > it does not?
> > Thanks, > > Taylor
> > On Wed, Jul 28, 2010 at 8:12 AM, Mounir Regragui <reg.mou...@gmail.com > >wrote:
> > > Hello guys!
> > > So I have this issue with Twitter Rest API.
> > > My application was working just fine, then, sometimes, when i try to > > > call the api, I receive this error message
> > > <error>Invalid / used nonce</error>
> > > The same code runs, and sometimes it works, sometimes it does not. > > > The error can occur during normal API calls (POST & GET) but also > > > occurs when trying to authenticate with OAuth.
> > > I would like to know if there is a reason to this error, and if there > > > is a way to solve this problem. > > > Any help appreciated.
Yesterday I was exposing an issue I encoutered.
My code was working perfectly, and then I started having a 401 error
code with this error message : "<error>Invalid / used nonce</error>"
when I make API calls.
I thought it was solved because yesterday I did some API calls that
made it through. However this issue is still here today.
Actually, when I make API calls (POST, GET or OAuth requests),
sometimes everything works fine, sometimes i have the "Invalid / used
nonce" error.
As I told Taylor yesterday, I am sure that that the system time is
correct (because when I change it, nothing works), and because as I
said, when i try to send a request with the exact same code running,
sometimes it fails, sometimes it does not.
In this case I'm fairly confident then that it's the Twitter API implementation of OAuth that's at fault here and these invalid nonce errors are spurious for you. While I hate to suggest working around bugs like this, it might be your best strategy -- if you encounter an invalid nonce error, pause for a few moments, regenerate the request with a different nonce and timestamp, and try again.
If you find a case where it's repeatably throwing you this error, for example -- you notice that it only happens for a certain access token, or it only happens when you're using certain characters in the POST body or nonce -- then please bring it to our attention.
Scalability projects, among other things, have prevented our engineering team from rolling out a reimplementation of our OAuth back end that will fix aggravating issues like these, among other things.
Taylor
On Thu, Jul 29, 2010 at 12:43 AM, Mounir Regragui <reg.mou...@gmail.com>wrote:
> Yesterday I was exposing an issue I encoutered. > My code was working perfectly, and then I started having a 401 error > code with this error message : "<error>Invalid / used nonce</error>" > when I make API calls.
> I thought it was solved because yesterday I did some API calls that > made it through. However this issue is still here today.
> Actually, when I make API calls (POST, GET or OAuth requests), > sometimes everything works fine, sometimes i have the "Invalid / used > nonce" error.
> As I told Taylor yesterday, I am sure that that the system time is > correct (because when I change it, nothing works), and because as I > said, when i try to send a request with the exact same code running, > sometimes it fails, sometimes it does not.
I don't think the error has something to do with the access token,
because sometimes the error is thrown during my request to retrieve a
Request Token.
I'm afraid the error has something to do with encodings or something
similar.
Also, I would like to know if there is an "advised" way to generate
the nonce value.
I was using the formula of the OAuth library : it concatenates the
timestamp and a random integer value, and then it applies a MD5 hash
on it. Maybe you or someone else know another way that works to
generate this value.
Regards.
Mounir Regragui
On 29 juil, 18:15, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> In this case I'm fairly confident then that it's the Twitter API
> implementation of OAuth that's at fault here and these invalid nonce errors
> are spurious for you. While I hate to suggest working around bugs like this,
> it might be your best strategy -- if you encounter an invalid nonce error,
> pause for a few moments, regenerate the request with a different nonce and
> timestamp, and try again.
> If you find a case where it's repeatably throwing you this error, for
> example -- you notice that it only happens for a certain access token, or it
> only happens when you're using certain characters in the POST body or nonce
> -- then please bring it to our attention.
> Scalability projects, among other things, have prevented our engineering
> team from rolling out a reimplementation of our OAuth back end that will fix
> aggravating issues like these, among other things.
> Taylor
> On Thu, Jul 29, 2010 at 12:43 AM, Mounir Regragui <reg.mou...@gmail.com>wrote:
> > Hello everybody,
> > Yesterday I was exposing an issue I encoutered.
> > My code was working perfectly, and then I started having a 401 error
> > code with this error message : "<error>Invalid / used nonce</error>"
> > when I make API calls.
> > I thought it was solved because yesterday I did some API calls that
> > made it through. However this issue is still here today.
> > Actually, when I make API calls (POST, GET or OAuth requests),
> > sometimes everything works fine, sometimes i have the "Invalid / used
> > nonce" error.
> > As I told Taylor yesterday, I am sure that that the system time is
> > correct (because when I change it, nothing works), and because as I
> > said, when i try to send a request with the exact same code running,
> > sometimes it fails, sometimes it does not.
> I don't think the error has something to do with the access token,
> because sometimes the error is thrown during my request to retrieve a
> Request Token.
> I'm afraid the error has something to do with encodings or something
> similar.
> Also, I would like to know if there is an "advised" way to generate
> the nonce value.
> I was using the formula of the OAuth library : it concatenates the
> timestamp and a random integer value, and then it applies a MD5 hash
> on it. Maybe you or someone else know another way that works to
> generate this value.
> Regards.
> Mounir Regragui
> On 29 juil, 18:15, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
> > Hi Mounir,
> > In this case I'm fairly confident then that it's the Twitter API
> > implementation of OAuth that's at fault here and these invalid nonce errors
> > are spurious for you. While I hate to suggest working around bugs like this,
> > it might be your best strategy -- if you encounter an invalid nonce error,
> > pause for a few moments, regenerate the request with a different nonce and
> > timestamp, and try again.
> > If you find a case where it's repeatably throwing you this error, for
> > example -- you notice that it only happens for a certain access token, or it
> > only happens when you're using certain characters in the POST body or nonce
> > -- then please bring it to our attention.
> > Scalability projects, among other things, have prevented our engineering
> > team from rolling out a reimplementation of our OAuth back end that will fix
> > aggravating issues like these, among other things.
> > Taylor
> > On Thu, Jul 29, 2010 at 12:43 AM, Mounir Regragui <reg.mou...@gmail.com>wrote:
> > > Hello everybody,
> > > Yesterday I was exposing an issue I encoutered.
> > > My code was working perfectly, and then I started having a 401 error
> > > code with this error message : "<error>Invalid / used nonce</error>"
> > > when I make API calls.
> > > I thought it was solved because yesterday I did some API calls that
> > > made it through. However this issue is still here today.
> > > Actually, when I make API calls (POST, GET or OAuth requests),
> > > sometimes everything works fine, sometimes i have the "Invalid / used
> > > nonce" error.
> > > As I told Taylor yesterday, I am sure that that the system time is
> > > correct (because when I change it, nothing works), and because as I
> > > said, when i try to send a request with the exact same code running,
> > > sometimes it fails, sometimes it does not.
> > I don't think the error has something to do with the access token, > > because sometimes the error is thrown during my request to retrieve a > > Request Token. > > I'm afraid the error has something to do with encodings or something > > similar.
> > Also, I would like to know if there is an "advised" way to generate > > the nonce value. > > I was using the formula of the OAuth library : it concatenates the > > timestamp and a random integer value, and then it applies a MD5 hash > > on it. Maybe you or someone else know another way that works to > > generate this value.
> > Regards.
> > Mounir Regragui
> > On 29 juil, 18:15, Taylor Singletary <taylorsinglet...@twitter.com> > > wrote:
> > > Hi Mounir,
> > > In this case I'm fairly confident then that it's the Twitter API > > > implementation of OAuth that's at fault here and these invalid nonce > errors > > > are spurious for you. While I hate to suggest working around bugs like > this, > > > it might be your best strategy -- if you encounter an invalid nonce > error, > > > pause for a few moments, regenerate the request with a different nonce > and > > > timestamp, and try again.
> > > If you find a case where it's repeatably throwing you this error, for > > > example -- you notice that it only happens for a certain access token, > or it > > > only happens when you're using certain characters in the POST body or > nonce > > > -- then please bring it to our attention.
> > > Scalability projects, among other things, have prevented our > engineering > > > team from rolling out a reimplementation of our OAuth back end that > will fix > > > aggravating issues like these, among other things.
> > > Taylor
> > > On Thu, Jul 29, 2010 at 12:43 AM, Mounir Regragui < > reg.mou...@gmail.com>wrote:
> > > > Hello everybody,
> > > > Yesterday I was exposing an issue I encoutered. > > > > My code was working perfectly, and then I started having a 401 error > > > > code with this error message : "<error>Invalid / used nonce</error>" > > > > when I make API calls.
> > > > I thought it was solved because yesterday I did some API calls that > > > > made it through. However this issue is still here today.
> > > > Actually, when I make API calls (POST, GET or OAuth requests), > > > > sometimes everything works fine, sometimes i have the "Invalid / used > > > > nonce" error.
> > > > As I told Taylor yesterday, I am sure that that the system time is > > > > correct (because when I change it, nothing works), and because as I > > > > said, when i try to send a request with the exact same code running, > > > > sometimes it fails, sometimes it does not.
