I just started to work toward incorporating OAuth with my application BigTweet using Perl. I have been following the excellent documenation at http://oauth.net. Jesse Stay's article at
http://staynalive.com/articles/2009/05/19/social-coding-how-to-code-twitters-oauth-using-netoauth-and-perl/ was also very helpful. To the credit of the resources above, I was able to make a successful fetch of a Request Token on my first try. I began playing with the parameters to show that I could cause an error result. I discovered that I could keep the value of the nonce constant (I'm using "a") and still fetch new Request Tokens. According to the spec at oauth.net it seems that the intent of the nonce was to be a unique random string for each request to help prevent replay attacks. Did I discover a bug? Thanks, - Scott @scott_carter http://bigtweet.com