How to generate an OAuth nonce


The OAuth nonce is something I’ve never fully understood. This is what the docs say:

“The oauth_nonce parameter is a unique token your application should generate for each unique request. Twitter will use this value to determine whether a request has been submitted multiple times. The value for this request was generated by base64 encoding 32 bytes of random data, and stripping out all non-word characters, but any approach which produces a relatively random alphanumeric string should be OK here.”

This implies to me that I should do the following to generate the OAuth nonce:

  • Generate a random alphanumeric string (like aAbBcC123 but longer) with 32 characters
  • Convert the string to UTF8 data
  • Base64 encode the UTF8 data

Is my understanding correct? Where exactly fits “stripping out all non-word characters” in the implementation above?


You just want to make sure you’re not sending characters like “!” “#” or “$” in your oauth_nonce. The process you’ve suggested sounds like it would work just fine.


Thanks, Taylor. It looks like any random alphanumeric string with 32 characters is OK.


Base64 includes ‘+’ and ‘/’. You may need to stripping out them since they are non-word characters.


hi all,
i want to know sometimes oauth_nonce is in numeric form is it correct?